|
Log-Analyse und Auswertung: Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows UpdateWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
04.02.2015, 15:22 | #1 |
| Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Hallo Trojanerboard Team, letztes Jahr hatte ich Probleme mit dem Start von Windows auf meinem Desktop-PC. Die Profile wurden nicht geladen. Erst nach mehrere Versuche klappte es. Für mich sah das nach Virus aus und ich setzte mein System zurück (mir Recovery CD). Mindestens seitdem funktioniert mein Windows Update nicht mehr (Manuel auch nicht). Nochmal zurücksetzen hat nicht geholfen. Ich habe ziemlich alles ausprobiert, was im Netz zu finden war. Erfolglos! Die Fehlermeldung lautet genau: Code 8008005 Unbekannte Fehler bei Windows Update Sonst ist alles normal mit meinem PC. Keine Meldungen von Viren und Malware. NUR wenn ich mich unter meinem Administrator Profil anmelde (sonst nicht), kommt beim Start eine DLL-Fehlemeldung. Screenshot davon habe ich gepostet (.pdf). sfc \scannow - hat auch nicht geholfen. http://www.trojaner-board.de/91139-s...x80080005.html Wenn mir jemand helfen kann, bevor ich das System Neuaufsetzen muss, wäre ich sehr dankbar VG |
04.02.2015, 17:48 | #2 |
/// the machine /// TB-Ausbilder | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
04.02.2015, 22:22 | #3 |
| Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Ok danke!
__________________Die Fehlermeldung beim Starten des Administratorsprofils lautet: "RunDLL Problem beim Starten von C:\Users\Admin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll Das angegebene Modul wurde nicht gefunden. " defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 14:23 on 04/02/2015 (Admin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015 Ran by Admin (administrator) on SILENT on 04-02-2015 14:33:31 Running from C:\Users\Admin\Desktop Loaded Profiles: Admin (Available profiles: User & Admin) Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Englisch (USA) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe (AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe (Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe () C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE () C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe () C:\Program Files\ShrewSoft\VPN Client\iked.exe () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe () C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU\LULnchr.exe (Logitech, Inc.) C:\Users\User\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe (Logitech, Inc.) C:\Users\User\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-25] (Advanced Micro Devices, Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-02-27] (Nero AG) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin) HKLM\...\Run: [] => [X] HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.) HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [BitComet] => C:\Program Files\BitComet\BitComet.exe /tray HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [BackgroundContainerV2] => "C:\Windows\system32\Rundll32.exe" "C:\Users\Admin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [Avast-Browser-Cleanup] => C:\Program Files\AVAST Software\Avast\BrowserCleanup.exe [1531528 2015-01-10] (AVAST Software) HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\RunOnce: [adawarebp] => reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\RunOnce: [adawarebp_XP] => reg.exe delete "HKCU\Software\adawarebp" /f HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe -update plugin HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-18\...\Run: [uTorrent] => "C:\Windows\TEMP\avast_ash\uTorrent (current user)\uTorrent.exe" /MINIMIZED <===== ATTENTION Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe () Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl URLSearchHook: HKLM - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> {53C81C2F-5834-42F2-8CAB-E09DC929E098} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=en_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=a22b8286-29db-4ccd-b6ec-18f216374e2b&apn_sauid=02D49FA5-8766-431C-9B5F-A48F2098793E SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - No Name - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search FF SearchEngineOrder.1: Yahoo! (Avast) FF SelectedSearchEngine: Yahoo! (Avast) FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl FF Keyword.URL: https://de.search.yahoo.com/yhs/search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\yahoo-avast.xml FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\zonealarm.xml FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-09] FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-27] FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-23] Chrome: ======= CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc [2012-08-18] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-23] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23] CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-08-06] CHR HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-08-06] StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ArcGIS License Manager; C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [1431440 2008-08-02] (Acresso Software Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-23] (Avast Software) R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed] R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.) R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [54544 2010-10-08] () S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-17] (Macrovision Europe Ltd.) [File not signed] R2 GEST Service; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [68136 2009-12-02] () R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [726288 2010-10-08] () R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [541968 2010-10-08] () R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed] R2 OS Selector; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-09-29] () R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-03-14] (SafeNet, Inc) S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-23] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-23] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-23] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-23] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-23] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-23] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-23] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-23] () S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin) [File not signed] S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed] R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG) R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [586752 2010-10-22] (AVM GmbH) R3 gdrv; C:\Windows\gdrv.sys [17488 2015-02-04] (Windows (R) 2000 DDK provider) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2014-02-08] (Duplex Secure Ltd.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-23] (Avast Software) R1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc) S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc) S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [179200 2012-05-30] (VIA Technologies, Inc.) [File not signed] S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [217600 2012-05-30] (VIA Technologies, Inc.) [File not signed] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-11-15] (Kaspersky Lab) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 14:34 - 2015-02-04 14:34 - 00380416 _____ () C:\Users\Admin\Desktop\Gmer-19357.exe 2015-02-04 14:33 - 2015-02-04 14:33 - 00021191 _____ () C:\Users\Admin\Desktop\FRST.txt 2015-02-04 14:33 - 2015-02-04 14:33 - 00000247 _____ () C:\Windows\system32\2015-02-04-13-33-27.087-aswFe.exe-5324.log 2015-02-04 14:33 - 2015-02-04 14:33 - 00000197 _____ () C:\Windows\system32\2015-02-04-13-33-21.032-AvastVBoxSVC.exe-3988.log 2015-02-04 14:33 - 2015-02-04 14:33 - 00000000 ____D () C:\FRST 2015-02-04 14:32 - 2015-02-04 14:32 - 01122304 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2015-02-04 14:23 - 2015-02-04 14:23 - 00000582 _____ () C:\Users\Admin\Desktop\defogger_disable.log 2015-02-04 14:23 - 2015-02-04 14:23 - 00000020 _____ () C:\Users\Admin\defogger_reenable 2015-02-04 14:22 - 2015-02-04 14:22 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe 2015-02-04 14:10 - 2015-02-04 14:10 - 00000000 ____D () C:\Users\Admin\Desktop\Neuer Ordner 2015-02-04 13:56 - 2015-02-04 13:56 - 02194432 _____ () C:\Users\Admin\Desktop\adwcleaner_4.109.exe 2015-02-04 13:52 - 2015-02-04 13:52 - 00001582 _____ () C:\Users\Public\Desktop\Logitech Webcam Software .lnk 2015-01-31 17:32 - 2015-01-31 17:32 - 00000206 _____ () C:\Users\User\Desktop\Untitled.URL 2015-01-30 20:36 - 2015-01-30 20:36 - 02460763 _____ () C:\Users\User\Desktop\sammeldownload_20150130_203618.zip 2015-01-29 07:16 - 2015-01-31 08:38 - 4028379289 _____ () C:\Users\User\Downloads\Fury.2014.720p.BRRip.x264.AC3-EVO.mkv 2015-01-28 19:47 - 2015-01-28 20:13 - 472306888 _____ () C:\Users\User\Downloads\20.000.Days.on.Earth.2014.LiMiTED.BDRiP.X264-TASTE.mkv 2015-01-27 07:58 - 2015-01-27 07:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-21 10:18 - 2015-01-21 10:18 - 00000000 ____D () C:\Users\User\Desktop\Zeugnis 2015-01-17 21:39 - 2015-01-17 21:42 - 00000000 ____D () C:\Users\TEMP.Silent.002 2015-01-13 11:58 - 2015-01-13 11:58 - 00000717 _____ () C:\Users\User\Desktop\DOKTORARBEIT - Verknüpfung.lnk 2015-01-12 07:22 - 2015-01-12 07:22 - 00001829 _____ () C:\Users\User\Downloads\Son.Of.A.Gun.2014.HDRiP.XVID.AC3-MAJESTIC - Verknüpfung.lnk 2015-01-11 20:57 - 2015-01-11 20:57 - 00916668 _____ () C:\Users\User\Desktop\lic-10.01.rar 2015-01-11 20:57 - 2015-01-11 20:57 - 00000000 ____D () C:\Users\User\Desktop\lic-10.01 2015-01-10 19:58 - 2015-01-10 19:58 - 00057387 _____ () C:\Users\User\Downloads\Son.Of.A.Gun.2014.HDRiP.XVID.AC3-MAJESTIC.srt 2015-01-10 15:09 - 2015-01-10 15:09 - 00311481 _____ () C:\Users\User\Downloads\Sing mit mir - Kinderlieder - YouTube.htm 2015-01-09 01:14 - 2015-01-09 01:14 - 00000000 ____D () C:\Program Files\ESET 2015-01-09 01:12 - 2015-01-09 01:13 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe 2015-01-09 00:46 - 2015-01-09 00:46 - 00001203 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-01-09 00:44 - 2015-01-09 00:46 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2015-01-09 00:44 - 2015-01-09 00:44 - 00000000 ____D () C:\Program Files\Free Codec Pack 2015-01-09 00:36 - 2015-01-09 00:36 - 03534368 _____ (DVDVideoSoft Ltd. ) C:\Users\Admin\Downloads\FreeStudio(1).exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 14:34 - 2014-03-18 18:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-04 14:32 - 2014-05-08 20:54 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cf6af75addec20.job 2015-02-04 14:32 - 2011-12-20 23:22 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001UA.job 2015-02-04 14:30 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-04 14:30 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-04 14:28 - 2013-07-07 16:59 - 00302240 _____ () C:\Windows\setupact.log 2015-02-04 14:28 - 2011-01-27 09:18 - 01355152 _____ () C:\Windows\WindowsUpdate.log 2015-02-04 14:25 - 2012-08-15 21:26 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2015-02-04 14:25 - 2011-02-13 20:48 - 00000211 _____ () C:\service.log 2015-02-04 14:25 - 2011-02-13 20:47 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys 2015-02-04 14:25 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-04 14:23 - 2011-04-22 10:02 - 00000000 ____D () C:\Users\Admin 2015-02-04 14:08 - 2013-12-30 15:37 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\EndNote 2015-02-04 14:00 - 2015-01-04 18:36 - 00000000 ____D () C:\ProgramData\TEMP 2015-02-04 13:57 - 2015-01-04 18:35 - 00000000 ____D () C:\Program Files\SpywareBlaster 2015-02-04 13:52 - 2012-08-07 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-02-04 13:52 - 2011-01-27 21:21 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd 2015-02-04 13:46 - 2015-01-04 18:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-04 13:36 - 2009-07-14 08:49 - 00000000 ____D () C:\Windows\CSC 2015-02-01 19:00 - 2009-07-14 08:48 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-02-01 18:55 - 2011-01-27 18:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2015-02-01 13:46 - 2011-01-27 00:34 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-31 08:29 - 2011-02-14 20:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\EndNote 2015-01-31 07:28 - 2009-07-14 05:53 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-30 20:01 - 2011-03-26 22:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc 2015-01-28 16:34 - 2012-05-14 06:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-25 09:34 - 2012-08-11 08:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-25 09:34 - 2011-12-04 16:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-25 08:15 - 2012-04-19 05:59 - 10121728 ___SH () C:\Users\User\Desktop\Thumbs.db 2015-01-22 19:09 - 2011-01-30 17:34 - 00004096 _____ () C:\Users\Public\Documents\000016E5.LCS 2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-15 20:44 - 2012-04-14 07:29 - 04097536 ___SH () C:\Users\User\Downloads\Thumbs.db 2015-01-15 15:32 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\Documents\DVDVideoSoft 2015-01-11 17:29 - 2012-09-30 06:45 - 00000000 ____D () C:\Users\User\Documents\MATLAB 2015-01-09 12:16 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft 2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DVDVideoSoft 2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Program Files\DVDVideoSoft 2015-01-09 00:46 - 2013-02-24 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-01-08 23:58 - 2013-07-08 06:51 - 00157928 _____ () C:\Windows\PFRO.log ==================== Files in the root of some directories ======= 2012-12-30 17:50 - 2012-12-30 17:50 - 0000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg 2011-01-27 18:58 - 2011-01-27 18:58 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2012-11-15 19:45 - 2012-11-18 12:12 - 0009365 _____ () C:\ProgramData\hpzinstall.log Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\avgnt.exe C:\Users\Admin\AppData\Local\Temp\BitAD12.tmp.exe C:\Users\Admin\AppData\Local\Temp\FreeStudio.exe C:\Users\Admin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Admin\AppData\Local\Temp\ose00000.exe C:\Users\Admin\AppData\Local\Temp\tmp910A.exe C:\Users\Admin\AppData\Local\Temp\Uninstall.exe C:\Users\User\AppData\Local\Temp\avgnt.exe C:\Users\User\AppData\Local\Temp\tmp41EF.exe C:\Users\User\AppData\Local\Temp\tmpD197.exe C:\Users\User\AppData\Local\Temp\utt5F59.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2011-10-23 13:19 ==================== End Of Log ============================ --- --- --- --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2015 Ran by Admin at 2015-02-04 14:34:34 Running from C:\Users\Admin\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) @BIOS Ver.2.01 (HKLM\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.01 - GIGABYTE) µTorrent (HKU\.DEFAULT\...\uTorrent) (Version: 3.4.2.36615 - BitTorrent Inc.) 7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - ) Acronis*Disk*Director*11*Home (HKLM\...\{06E34C00-0446-4176-81C8-A5DAFE53CA36}) (Version: 11.0.2121 - Acronis) Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems) Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Creative Suite 5 Design Standard (HKLM\...\{49DC7D87-B9F9-4782-9386-B7F13BC75E48}) (Version: 5.0 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Reader X (10.1.8) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated) Als HTML speichern (Version: 1.0.0.0 - Visio Corporation) Hidden Anmerkungen (Version: 1.0.0.0 - Visio Corporation) Hidden Anzeige von CAD-Zeichnungen (Version: 1.0.0.0 - Visio Corporation) Hidden ArcGIS Desktop (HKLM\...\ArcGIS Desktop) (Version: 9.3.1770 - Environmental Systems Research Institute, Inc.) ArcGIS Desktop (Version: 9.3.1770 - Environmental Systems Research Institute, Inc.) Hidden ArcGIS License Manager (HKLM\...\ArcGIS License Manager) (Version: - ) ATI AVIVO Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{CDEE9257-8FEB-7BAF-B28F-C4737036D674}) (Version: 3.0.804.0 - ATI Technologies, Inc.) ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Audiograbber MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG) Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software) AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: - AVM Berlin) Beispiele für den Konverter für CAD-Zeichnungen (Version: 1.0.0.0 - Visio Corporation) Hidden Benutzerdefinierte Muster (Version: 1.0.0.0 - Visio Corporation) Hidden Beschriftungen und Verbinder (Version: 1.0.0.0 - Visio Corporation) Hidden Blockdiagramm (Version: 1.0.0.0 - Visio Corporation) Hidden CameraHelperMsi (Version: 13.50.854.0 - Logitech) Hidden ccc-core-static (Version: 2010.1125.2148.39102 - Ihr Firmenname) Hidden CDDRV_Installer (Version: 4.60 - Logitech) Hidden Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.) Clipart und Symbole (Version: 1.0.0.0 - Visio Corporation) Hidden DAO (Version: 1.0.0.0 - Visio Corporation) Hidden Datenbankassistent (Version: 1.0.0.0 - Visio Corporation) Hidden Datenfeld-Berichts-Assistent (Version: 1.0.0.0 - Visio Corporation) Hidden Datenfeld-Editor (Version: 1.0.0.0 - Visio Corporation) Hidden dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM\...\dreamboxEDIT) (Version: - ) EndNote X2 (HKLM\...\{002B1E90-3241-4D45-8831-E89020F8E7E6}) (Version: 12.0.0.3252 - Thomson ResearchSoft) Energy Saver Advance B10.0309.1 (HKLM\...\{7ED169D4-5053-4166-93DF-53B12AE6C539}) (Version: 1.10.0000 - GIGABYTE) erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Flußdiagramme (Version: 1.0.0.0 - Visio Corporation) Hidden Formulare und Diagramme (Version: 1.0.0.0 - Visio Corporation) Hidden Free AVI Video Converter version 5.0.24.430 (HKLM\...\Free AVI Video Converter_is1) (Version: 5.0.24.430 - DVDVideoSoft Ltd.) Free Studio version 6.4.1.1215 (HKLM\...\Free Studio_is1) (Version: 6.4.1.1215 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.16.1028 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1028 - DVDVideoSoft Ltd.) G DATA Logox4 Speechengine (HKLM\...\lgx4.lgx.server) (Version: - G DATA Software AG) GPL Ghostscript (HKLM\...\GPL Ghostscript 9.02) (Version: 9.02 - Artifex Software Inc.) Grafikfilter (Version: 1.0.0.0 - Visio Corporation) Hidden GSview 4.9 (HKLM\...\GSview 4.9) (Version: - ) Help for Visio 2000 (HTML Help) (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zu Anmerkungen (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zu Beschriftungen und Verbindern (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zu Blockdiagrammen (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zu Clipart und Symbolen (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zu Developing Visio Solutions (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zu Flußdiagrammen (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zu Formularen und Diagrammen (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zu Gebäudeinstallationen (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zu Landkarten (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zu Netzwerkdiagrammen (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zu Organigrammen (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zu Programmdateien (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zu Projektplänen (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zu Rahmen und Hintergründen (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zu Raumplänen (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zum Facilities-Management (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zum Konverter für CAD-Zeichnungen (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zum Maschinenbau (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zur Elektrotechnik (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zur Gebäude- und Landschaftsarchitektur (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zur Pneumatik/Hydraulik (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe zur Verfahrenstechnik (Version: 1.0.0.0 - Visio Corporation) Hidden Hilfe_Technical (Version: 1.0.0.0 - Visio Corporation) Hidden HP Scanjet N8400 Document ISIS/TWAIN (HKLM\...\HP Scanjet N8400 Document ISIS/TWAIN) (Version: - ) ISI ResearchSoft - Export Helper (HKLM\...\ISI ResearchSoft - Export Helper) (Version: - ) IsoBuster 2.5 (HKLM\...\IsoBuster_is1) (Version: 2.5 - Smart Projects) Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle) Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024F0}) (Version: 6.0.240 - Oracle) Java(TM) SE Development Kit 6 Update 25 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160250}) (Version: 1.6.0.250 - Oracle) KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden Landkarten (Version: 1.0.0.0 - Visio Corporation) Hidden Lernwerkstatt 8 (HKLM\...\InstallShield_{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}) (Version: 8.00.0000 - Medienwerkstatt Mühlacker Verlagsgesellschaft mbH) Lernwerkstatt 8 (Version: 8.00.0000 - Medienwerkstatt Mühlacker Verlagsgesellschaft mbH) Hidden LightScribe System Software 1.12.29.2 (HKLM\...\{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}) (Version: 1.12.29.2 - hxxp://www.lightscribe.com) Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech) Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..) Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.) Lösungen (Version: 1.0.0.0 - Visio Corporation) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) MATLAB R2008a (HKLM\...\MatlabR2008a) (Version: 7.6 - The MathWorks, Inc.) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MosChip PCI Multi-IO Controller (HKLM\...\ASIX Electronics Corporation) (Version: - ) Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MV2Player (remove only) (HKLM\...\MV2Player) (Version: - ) Nero 7 Essentials (HKLM\...\{714ACFF3-B8A3-4AD6-937B-13C833D71033}) (Version: 7.03.1054 - Nero AG) Netzwerkdiagramme (Version: 1.0.0.0 - Visio Corporation) Hidden Organigramme (Version: 1.0.0.0 - Visio Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev) Platform (Version: 1.38 - VIA Technologies, Inc.) Hidden Programmdateien (Version: 06.00.0000 - Visio Corporation) Hidden Programmdateien für Technical (Version: 1.0.0.0 - Visio Corporation) Hidden Projektpläne (Version: 1.0.0.0 - Visio Corporation) Hidden Python 2.5 numpy-1.0.3 (HKLM\...\Python 2.5 numpy-1.0.3) (Version: - ) Python 2.5.1 (HKLM\...\Python 2.5.1) (Version: - ) Rahmen und Hintergründe (Version: 1.0.0.0 - Visio Corporation) Hidden Raumplan (Version: 1.0.0.0 - Visio Corporation) Hidden Rechtschreibung (Version: 1.0.0.0 - Visio Corporation) Hidden Seitenlayout-Assistent (Version: 1.0.0.0 - Visio Corporation) Hidden Sentinel Protection Installer 7.2.2 (HKLM\...\{6DC0632A-A838-4B34-AC19-0FA18E1C533C}) (Version: 7.2.2 - SafeNet, Inc.) Shape-Explorer (Version: 1.0.0.0 - Visio Corporation) Hidden Shape-Explorer-Hilfe (Version: 1.0.0.0 - Visio Corporation) Hidden Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - ) Skype Toolbars (HKLM\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Technische Grundlage (Version: 1.0.0.0 - Visio Corporation) Hidden TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) VBA (2816b) (Version: 6.01.00.1234 - Microsoft Corporation) Hidden Versionshinweise (Version: 1.0.0.0 - Visio Corporation) Hidden VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.38 - VIA Technologies, Inc.) VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes) Visio (Version: 1.0.0.0 - Visio Corporation) Hidden Visio 2000 (DE) (HKLM\...\{49D23765-6C69-11d3-A508-00C04F44A9DA}) (Version: 6.0.0.1 - Visio Corporation) Visio Core Files (Version: 06.00.0000 - Visio Corporation) Hidden Visio Technical Core Files (Version: 06.00.0000 - Visio Corporation) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows 7 Codec Pack 3.1.0 (HKLM\...\Windows 7 - Codec Pack) (Version: - Windows 7 Codec Pack) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\B81055EA372C9E3EA5000B4BD9585D992D51F1DE) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.) WinEdt (HKLM\...\WinEdt_is1) (Version: - WinEdt Team) WinRAR Archivierer (HKLM\...\WinRAR archiver) (Version: - ) WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2014 (HKLM\...\{B45E6B9B-8498-49A5-BDD7-2A049553DF05}) (Version: 21.00.8480 - Buhl Data Service GmbH) WMV9/VC-1 Video Playback (Version: 1.0.51125.2159 - ATI Technologies Inc.) Hidden ZoneAlarm Antivirus (Version: 12.0.118.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Firewall (Version: 12.0.118.000 - Check Point Software Technologies Ltd.) Hidden Zusatzprogramme (Version: 1.0.0.0 - Visio Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\Admin\AppData\Local\Conduit\Community Alerts\Alert.dll No File ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0D2068CA-98B7-46D2-90F4-EEC86AB36C29} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cf6af75addec20 => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.) Task: {0F8C498D-146D-4D1B-A80C-9B2F52760891} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cd91fd4699c637 => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.) Task: {17D04C56-59F8-418C-BD72-1FE3CBAF3995} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {2DAC72C0-DA6C-4FF7-9226-123CD5C054DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {2DED3E61-EB82-4B4B-960A-8DB9595408A1} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION Task: {3A0343E9-1088-4058-8A97-7EC2CC39BFFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.) Task: {4137C5EF-5C16-4135-AC1B-393D77ECFCB9} - System32\Tasks\Express FilesUpdate => C:\Program Files\ExpressFiles\EFUpdater.exe <==== ATTENTION Task: {49B488D5-ED25-49CD-83BC-82123A14F710} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cef5bf5acd6d4b => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.) Task: {5BFF9A07-C862-4DC0-B62B-6B99F4D64321} - System32\Tasks\{EA81775A-869C-4984-84FC-520C0597BC25} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {5CE1EB40-A527-47A7-8FC3-C68BEA0FC98D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {6177550B-0D66-4814-B8F3-262275873F33} - System32\Tasks\{52FEB432-4D96-44A6-B294-86F0028199AA} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {639E1E83-D257-4AFE-AF0D-DFDD66C3B90C} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: {862EC62B-EEB1-462C-B840-DEA8712F93F6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Silent-User Silent => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation) Task: {92A68DEC-BFF9-4E52-B133-C7CA4BFA0C21} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {AB70FD0A-04CF-4BA5-9633-439BF8ED035A} - System32\Tasks\{2FEF53D1-AE31-42E0-9855-1460C2351322} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.120&LastError=404 Task: {C11775A4-DF12-4B4A-BD80-710F594FEADF} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation) Task: {C75190C9-BD95-4518-ACFA-AE08595EE25C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {C9524F47-9034-4F1E-83C9-51C224901618} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.) Task: {D562A9F1-EB34-4614-967F-CCED43B07B21} - System32\Tasks\{B6192244-1970-4355-A564-BFEA7AC4B45F} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {EBC62328-373D-4F54-9A0C-3AE5D10034A9} - System32\Tasks\{9008979A-65BA-4E20-A15C-F8BC4EEC357C} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112/de/abandoninstall?source=lightinstaller&page=tsProblems&LastError=404&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered Task: {F396D518-C0A9-48E1-B4C4-DACC215E0130} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-23] (AVAST Software) Task: {F7463A04-3EAB-47F6-A998-76E8231C52D0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cf6af75addec20.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2015-02-04 13:37 - 2015-02-04 13:37 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020400\algo.dll 2010-09-27 11:03 - 2010-09-27 11:03 - 00201512 _____ () C:\Windows\system32\vpnapi.dll 2010-10-08 06:18 - 2010-10-08 06:18 - 00054544 _____ () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe 2010-09-02 08:24 - 2010-09-02 08:24 - 00015360 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll 2010-09-02 08:24 - 2010-09-02 08:24 - 00016384 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll 2010-09-02 08:24 - 2010-09-02 08:24 - 00019968 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll 2010-09-02 08:24 - 2010-09-02 08:24 - 00011264 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll 2010-09-02 08:24 - 2010-09-02 08:24 - 00026624 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll 2010-09-02 08:24 - 2010-09-02 08:24 - 00102400 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll 2011-10-27 17:59 - 2008-08-02 09:57 - 01757184 _____ () C:\Program Files\ESRI\License\arcgis9x\ARCGIS.exe 2011-02-13 20:48 - 2009-12-02 19:40 - 00068136 _____ () C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe 2011-02-13 20:48 - 2009-03-13 11:30 - 00109096 _____ () C:\Program Files\GIGABYTE\EnergySaver\ycc.dll 2010-10-08 06:18 - 2010-10-08 06:18 - 00726288 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe 2010-09-02 08:24 - 2010-09-02 08:24 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll 2010-09-02 08:25 - 2010-09-02 08:25 - 00030208 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll 2010-09-02 08:24 - 2010-09-02 08:24 - 00025600 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll 2010-10-08 06:18 - 2010-10-08 06:18 - 00541968 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe 2010-09-29 18:30 - 2010-09-29 18:30 - 02139400 _____ () C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe 2014-11-23 15:58 - 2014-11-23 15:58 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll 2014-11-23 15:58 - 2014-11-23 15:58 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll 2014-11-23 15:58 - 2014-11-23 15:58 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll 2014-11-23 15:58 - 2014-11-23 15:58 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll 2011-04-10 16:40 - 2006-09-16 21:19 - 00126976 _____ () C:\Program Files\WinRAR\rarext.dll 2011-10-07 10:41 - 2011-10-07 10:41 - 00879896 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll 2011-11-11 13:08 - 2011-11-11 13:08 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll 2011-11-11 13:08 - 2011-11-11 13:08 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll 2011-11-11 13:08 - 2011-11-11 13:08 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll 2011-11-11 13:08 - 2011-11-11 13:08 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2011-11-11 13:08 - 2011-11-11 13:08 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2014-11-23 15:58 - 2014-11-23 15:58 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2009-04-10 00:04 - 2009-04-10 00:04 - 02141008 _____ () C:\Program Files\Logitech\Vid HD\QtCore4.dll 2009-03-03 23:17 - 2009-03-03 23:17 - 07704400 _____ () C:\Program Files\Logitech\Vid HD\QtGui4.dll 2009-04-22 22:53 - 2009-04-22 22:53 - 00969040 _____ () C:\Program Files\Logitech\Vid HD\QtNetwork4.dll 2009-03-03 23:17 - 2009-03-03 23:17 - 00475472 _____ () C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll 2009-03-03 23:17 - 2009-03-03 23:17 - 00363856 _____ () C:\Program Files\Logitech\Vid HD\QtXml4.dll 2009-03-03 23:17 - 2009-03-03 23:17 - 00200016 _____ () C:\Program Files\Logitech\Vid HD\QtSql4.dll 2010-10-29 21:01 - 2010-10-29 21:01 - 00027472 _____ () C:\Program Files\Logitech\Vid HD\SDL.dll 2009-03-03 23:17 - 2009-03-03 23:17 - 11311952 _____ () C:\Program Files\Logitech\Vid HD\QtWebKit4.dll 2009-03-03 23:17 - 2009-03-03 23:17 - 00291664 _____ () C:\Program Files\Logitech\Vid HD\phonon4.dll 2010-10-29 21:02 - 2010-10-29 21:02 - 00751616 _____ () C:\Program Files\Logitech\Vid HD\vpxmd.dll 2009-03-03 23:18 - 2009-03-03 23:18 - 00029008 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll 2009-03-03 23:18 - 2009-03-03 23:18 - 00035152 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll 2009-03-03 23:18 - 2009-03-03 23:18 - 00138064 _____ () C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll 2012-01-18 07:43 - 2012-01-18 07:43 - 00183320 _____ () C:\Program Files\Common Files\logishrd\SharedBin\LVAPI11.dll 2010-11-25 21:46 - 2010-11-25 21:46 - 00243712 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2015-01-27 07:58 - 2015-01-27 07:58 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-11-23 15:58 - 2014-11-23 15:58 - 00028712 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxSharedClipboard.DLL 2014-11-23 15:58 - 2014-11-23 15:58 - 00042616 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDragAndDropSvc.DLL 2014-11-23 15:58 - 2014-11-23 15:58 - 00040056 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxGuestControlSvc.DLL 2014-11-23 15:58 - 2014-11-23 15:58 - 01129784 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM64.DLL 2014-11-23 15:58 - 2014-11-23 15:58 - 01274448 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDD.DLL 2014-11-23 15:58 - 2014-11-23 15:58 - 00198152 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDD2.dll 2014-11-23 15:58 - 2014-11-23 15:58 - 00037984 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxSharedFolders.DLL ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 AlternateDataStreams: C:\Users\User\Downloads\Baby-Besuch.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Admin (S-1-5-21-1086903118-4148874774-2401624160-1004 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-1086903118-4148874774-2401624160-500 - Administrator - Disabled) Guest (S-1-5-21-1086903118-4148874774-2401624160-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1086903118-4148874774-2401624160-1002 - Limited - Enabled) User (S-1-5-21-1086903118-4148874774-2401624160-1001 - Limited - Enabled) => C:\Users\User ==================== Faulty Device Manager Devices ============= Name: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) #2 Description: Realtek RTL8168C(P)/8111C(P)-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Shrew Soft Virtual Adapter Description: Shrew Soft Virtual Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Shrew Soft Service: vnet Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Realtek RTL8168C(P)/8111C(P)-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20) Description: Realtek RTL8168C(P)/8111C(P)-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Cisco Systems VPN Adapter Description: Cisco Systems VPN Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/04/2015 01:52:58 PM) (Source: MsiInstaller) (EventID: 11605) (User: Silent) Description: Product: LWS Pictures And Video -- Disk full: There is not enough disk space on the volume 'C:' to continue the install with recovery enabled. 13.436 KB are required, but only 6.400 KB are available. Click Ignore to continue the install without saving recovery information, click Retry to check for available space again, or click Cancel to quit the installation. Error: (02/04/2015 01:46:20 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418225 Error: (02/01/2015 10:28:14 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/01/2015 10:28:12 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/01/2015 10:28:08 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/01/2015 10:27:54 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/01/2015 07:42:31 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418225 Error: (01/31/2015 00:36:42 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (01/31/2015 00:36:39 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (01/31/2015 00:36:34 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (02/04/2015 02:26:06 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY) Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus. Error: (02/04/2015 02:26:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY) Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005 Error: (02/04/2015 02:26:05 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (02/04/2015 02:25:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: %%1450 Error: (02/04/2015 01:39:40 PM) (Source: Microsoft-Windows-Application-Experience) (EventID: 205) (User: NT AUTHORITY) Description: Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren. Error: (02/04/2015 01:39:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: %%1450 Error: (02/04/2015 01:37:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY) Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus. Error: (02/04/2015 01:37:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY) Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005 Error: (02/04/2015 01:37:05 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (02/04/2015 01:36:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: %%1450 Microsoft Office Sessions: ========================= Error: (01/14/2015 10:03:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/12/2015 07:25:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (12/25/2014 09:23:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error: (12/09/2014 06:42:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error: (12/03/2014 09:45:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (12/01/2014 09:40:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (11/27/2014 09:03:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/08/2014 07:35:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/07/2014 08:53:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (04/29/2014 07:11:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Percentage of memory in use: 42% Total physical RAM: 3582.3 MB Available physical RAM: 2065.41 MB Total Pagefile: 23024.58 MB Available Pagefile: 20757.43 MB Total Virtual: 2047.88 MB Available Virtual: 1877.92 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:69.99 GB) (Free:9.25 GB) NTFS Drive d: () (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive i: (bie786) (CDROM) (Total:2.23 GB) (Free:0 GB) CDFS Drive j: () (Fixed) (Total:228 GB) (Free:3.96 GB) NTFS Drive w: (S******) (Fixed) (Total:400 GB) (Free:77.72 GB) NTFS Drive x: (M******) (Fixed) (Total:1137.66 GB) (Free:66.04 GB) NTFS Drive z: (Z******) (Fixed) (Total:325.23 GB) (Free:282.54 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: F2BCDD92) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=70 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=228 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 1863 GB) (Disk ID: 624F7BFE) Partition: GPT Partition Type. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 2. ==================== End Of Log ============================ Code:
ATTFilter GMER Logfile: |
05.02.2015, 10:19 | #4 |
/// the machine /// TB-Ausbilder | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
05.02.2015, 11:01 | #5 |
| Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Voilà ! Code:
ATTFilter Combofix Logfile: |
05.02.2015, 13:11 | #6 |
/// the machine /// TB-Ausbilder | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update |
05.02.2015, 14:15 | #7 |
| Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Hi, die Malwarebztes hatte ich schon und benutze es ab und zu. Die RunDLL.Meldung ist weg nachdem Combofix. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 05.02.2015 Suchlauf-Zeit: 13:37:02 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.05.05 Rootkit Datenbank: v2015.02.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 CPU: x86 Dateisystem: NTFS Benutzer: Admin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 518923 Verstrichene Zeit: 10 Min, 17 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.109 - Report created 05/02/2015 at 13:49:25 # Updated 24/01/2015 by Xplode # Database : 2015-02-04.1 [Live] # Operating System : Windows 7 Ultimate (32 bits) # Username : Admin - SILENT # Running from : C:\Users\Admin\Desktop\adwcleaner_4.109.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\zonealarm.xml File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o82t1tj2.default\invalidprefs.js File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o82t1tj2.default\user.js Folder Found : C:\Program Files\Tbccint Folder Found : C:\Program Files\Toolbar Cleaner Folder Found : C:\Program Files\vGrabber-software Folder Found : C:\ProgramData\DownloadManager Folder Found : C:\Users\Admin\AppData\Local\Conduit Folder Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc Folder Found : C:\Users\Admin\AppData\Local\PackageAware Folder Found : C:\Users\Admin\AppData\Local\Rich Media Player Folder Found : C:\Users\Admin\AppData\LocalLow\Check Point Software Technologies LTD Folder Found : C:\Users\Admin\AppData\LocalLow\Conduit Folder Found : C:\Users\Admin\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar Folder Found : C:\Users\Admin\AppData\Roaming\dvdvideosoftiehelpers Folder Found : C:\Users\Admin\AppData\Roaming\ExpressFiles Folder Found : C:\Users\Admin\AppData\Roaming\goforfiles Folder Found : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader Folder Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Folder Found : C:\Users\User\AppData\Local\PackageAware Folder Found : C:\Users\User\AppData\LocalLow\adawaretb Folder Found : C:\Users\User\AppData\LocalLow\Check Point Software Technologies LTD Folder Found : C:\Users\User\AppData\LocalLow\Conduit Folder Found : C:\Users\User\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar Folder Found : C:\Users\User\AppData\Roaming\ExpressFiles Folder Found : C:\Users\User\AppData\Roaming\goforfiles Folder Found : C:\Users\User\AppData\Roaming\Uniblue Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe} ***** [ Scheduled Tasks ] ***** Task Found : Express FilesUpdate Task Found : GoforFilesUpdate ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\APN Key Found : HKCU\Software\AppDataLow\Software\adawarebp Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\ExpressFiles Key Found : HKCU\Software\GoforFiles Key Found : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{53C81C2F-5834-42F2-8CAB-E09DC929E098} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com Key Found : HKCU\Software\OCS Key Found : HKCU\Software\Tbccint_HKLM Key Found : HKLM\SOFTWARE\APN Key Found : HKLM\SOFTWARE\AskToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Key Found : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Key Found : HKLM\SOFTWARE\ExpressFiles Key Found : HKLM\SOFTWARE\GoforFiles Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Key Found : HKLM\SOFTWARE\Toolbar Cleaner Key Found : HKLM\SOFTWARE\Uniblue Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.7600.16869 -\\ Mozilla Firefox v35.0.1 (x86 de) [rnb4l7cw.default] - Line Found : user_pref("CT2851647.isPerformedSmartBarTransition", "true"); [rnb4l7cw.default] - Line Found : user_pref("CT2851647.smartbar.CTID", "CT2851647"); [rnb4l7cw.default] - Line Found : user_pref("CT2851647.smartbar.Uninstall", "0"); [rnb4l7cw.default] - Line Found : user_pref("CT2851647.smartbar.toolbarName", "uTorrentBar_DE "); [rnb4l7cw.default] - Line Found : user_pref("extensions.asktb.ff-original-keyword-url", ""); [rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&"); [rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&&q="); [rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.lastB", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&"); [rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&"); [rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&&q="); [rnb4l7cw.default] - Line Found : user_pref("extensions.zonealarm.tlbrsrchurl", "hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN20702554821441-1001&toolbarId=base&affiliateId=1025&Lan={dfltLng}&utid=6a5edad3000000000000b[...] [rnb4l7cw.default] - Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2); [rnb4l7cw.default] - Line Found : user_pref("smartbar.machineId", "INUZWR/BGID3PA0N7+YDIVNE5LWLL2WOOUDP+MBS5/8A/G+AHQVKFM9ZC0PG91OMAMVNCZM1JXUHMZKVCJ3KDW"); -\\ Google Chrome v [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.facemoods.com/?a=irst&f=4&q={searchTerms} [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://de.yhs4.search.yahoo.com/yhs/errorhandler;_ylt=A7x9UnSPssJSuz8A6UK04IlQ?p={searchTerms}&fr2=sb-top&hspart=visicom&hsimp=yhse-lavasoft&type=lavasoft__adaware__0_9__yhse__antiphishing_dn__rp&rd=r1 ************************* AdwCleaner[R0].txt - [9679 octets] - [05/02/2015 13:49:25] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9739 octets] ########## [/CODE] Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 7 Ultimate x86 Ran by Admin on 05.02.2015 at 13:58:22,30 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT2851647 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2851647 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup (1)_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup (1)_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_spywareblaster_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_spywareblaster_RASMANCS Successfully deleted: [Registry Key] "hkey_current_user\software\apn" Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_local_machine\software\apn" Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\interface\{ac71b60e-94c9-4ede-ba46-e146747bb67e}" Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{53C81C2F-5834-42F2-8CAB-E09DC929E098} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} ~~~ Files Successfully deleted: [File] "C:\Windows\System32\Tasks\goforfilesupdate" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\downloadmanager" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\dvdvideosoftiehelpers" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\goforfiles" Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Admin\Local Settings\Application Data\adawarebp" Successfully deleted: [Folder] "C:\Users\Admin\Local Settings\Application Data\conduit" Successfully deleted: [Folder] "C:\Users\Admin\Local Settings\Application Data\cre" Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner" Successfully deleted: [Folder] "C:\Program Files\toolbar cleaner" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\microsoft\windows\start menu\programs\free registry cleaner" Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}" ~~~ FireFox Successfully deleted: [File] C:\user.js Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rnb4l7cw.default\smartbar Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c} Successfully deleted the following from C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rnb4l7cw.default\prefs.js user_pref("CT2851647.1000234.TWC_TMP_city", "BERLIN"); user_pref("CT2851647.1000234.TWC_TMP_country", "DE"); user_pref("CT2851647.1000234.TWC_locId", "GMXX0007"); user_pref("CT2851647.1000234.TWC_location", "Berlin, Deutschland"); user_pref("CT2851647.1000234.TWC_region", "DE"); user_pref("CT2851647.1000234.TWC_temp_dis", "c"); user_pref("CT2851647.1000234.TWC_wind_dis", "kmh"); user_pref("CT2851647.CBOpenMAMSettings", "0"); user_pref("CT2851647.FirstTime", "true"); user_pref("CT2851647.FirstTimeFF3", "true"); user_pref("CT2851647.LoginRevertSettingsEnabled", true); user_pref("CT2851647.RestartDialogFirstTime", "false"); user_pref("CT2851647.RestartDialogShouldDisplay", "false"); user_pref("CT2851647.RevertSettingsEnabled", true); user_pref("CT2851647.UserID", "UN08223856081246883"); user_pref("CT2851647.addressBarTakeOverEnabledInHidden", "true"); user_pref("CT2851647.autoDisableScopes", -1); user_pref("CT2851647.cbcountry_001", "DE"); user_pref("CT2851647.cbfirsttime.enc", "U2F0IEF1ZyAxOCAyMDEyIDE5OjEwOjM4IEdNVCswMjAw"); user_pref("CT2851647.countryCode", "DE"); user_pref("CT2851647.defaultSearch", "FALSE"); user_pref("CT2851647.enableAlerts", "always"); user_pref("CT2851647.enableFix404ByUser", "FALSE"); user_pref("CT2851647.enableSearchFromAddressBar", "FALSE"); user_pref("CT2851647.firstTimeDialogOpened", "true"); user_pref("CT2851647.fixPageNotFoundError", "true"); user_pref("CT2851647.fixPageNotFoundErrorByUser", "true"); user_pref("CT2851647.fixPageNotFoundErrorInHidden", "true"); user_pref("CT2851647.fixUrls", true); user_pref("CT2851647.fullUserID", "UN08223856081246883.UP.2136"); user_pref("CT2851647.homepageuserchanged", true); user_pref("CT2851647.installId", "fftD807.tmp.exe"); user_pref("CT2851647.installType", "XPE"); user_pref("CT2851647.isCheckedStartAsHidden", true); user_pref("CT2851647.isFirstTimeToolbarLoading", "false"); user_pref("CT2851647.isNewTabEnabled", true); user_pref("CT2851647.isPerformedSmartBarTransition", "true"); user_pref("CT2851647.lastVersion", "10.35.0.503"); user_pref("CT2851647.migrateAppsAndComponents", true); user_pref("CT2851647.openThankYouPage", "true"); user_pref("CT2851647.openUninstallPage", "FALSE"); user_pref("CT2851647.performedDomainChangesMigration", "true"); user_pref("CT2851647.scriptSource", "hxxp://127.0.0.1:10000/gui/"); user_pref("CT2851647.search.searchAppId", "129351532245275780"); user_pref("CT2851647.search.searchCount", "0"); user_pref("CT2851647.searchInNewTabEnabledByUser", "true"); user_pref("CT2851647.searchInNewTabEnabledInHidden", "true"); user_pref("CT2851647.searchSuggestEnabledByUser", "false"); user_pref("CT2851647.serviceLayer_services_Configuration_lastUpdate", "1416753100930"); user_pref("CT2851647.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1360423452690"); user_pref("CT2851647.serviceLayer_services_appTracking_lastUpdate", "1360423333832"); user_pref("CT2851647.serviceLayer_services_appsMetadata_lastUpdate", "1360616294201"); user_pref("CT2851647.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1360423333382"); user_pref("CT2851647.serviceLayer_services_login_10.10.20.14_lastUpdate", "1356886149326"); user_pref("CT2851647.serviceLayer_services_login_10.13.40.15_lastUpdate", "1360423333559"); user_pref("CT2851647.serviceLayer_services_login_10.14.42.7_lastUpdate", "1387015741893"); user_pref("CT2851647.serviceLayer_services_login_10.22.3.518_lastUpdate", "1388411826896"); user_pref("CT2851647.serviceLayer_services_login_10.23.0.822_lastUpdate", "1400745526687"); user_pref("CT2851647.serviceLayer_services_login_10.31.0.526_lastUpdate", "1401446087072"); user_pref("CT2851647.serviceLayer_services_login_10.31.2.501_lastUpdate", "1416753100715"); user_pref("CT2851647.serviceLayer_services_login_10.35.0.503_lastUpdate", "1416755256193"); user_pref("CT2851647.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1360423333163"); user_pref("CT2851647.serviceLayer_services_searchAPI_lastUpdate", "1416753100880"); user_pref("CT2851647.serviceLayer_services_serviceMap_lastUpdate", "1416753100774"); user_pref("CT2851647.serviceLayer_services_toolbarContextMenu_lastUpdate", "1360423333305"); user_pref("CT2851647.serviceLayer_services_toolbarSettings_lastUpdate", "1416753100203"); user_pref("CT2851647.serviceLayer_services_translation_lastUpdate", "1416753100403"); user_pref("CT2851647.settingsINI", true); user_pref("CT2851647.shouldFirstTimeDialog", "false"); user_pref("CT2851647.showToolbarPermission", "false"); user_pref("CT2851647.smartbar.CTID", "CT2851647"); user_pref("CT2851647.smartbar.Uninstall", "0"); user_pref("CT2851647.smartbar.toolbarName", "uTorrentBar_DE "); user_pref("CT2851647.toolbarBornServerTime", "18-8-2012"); user_pref("CT2851647.toolbarCurrentServerTime", "23-11-2014"); user_pref("CT2851647.toolbarLoginClientTime", "Sat Dec 14 2013 11:35:53 GMT+0100"); user_pref("CT2851647.upgradeFromClearSBVersion", true); user_pref("CT2851647.url_history0001", "hxxp://www.zalando.de/taschen-accessoires-taschen-damen/:::clickhandler:::1353844820448,,,hxxp://www.zalando.de/taschen-accessoires-tas user_pref("extensions.asktb.ff-original-keyword-url", ""); user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&"); user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&& user_pref("extensions.zonealarm.lastB", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&"); user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=de&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&tstsId=&ver=&"); user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=fdc68ed15ebf4c46bd412c2a0b870789&tu=10GXz00CJ2C01u0&sku=&ts user_pref("extensions.zonealarm.tlbrsrchurl", "hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN20702554821441-1001&toolbarId=base&affiliateId=1025&Lan={dfltLng}&u user_pref("plugin.state.npconduitfirefoxplugin", 2); user_pref("smartbar.machineId", "INUZWR/BGID3PA0N7+YDIVNE5LWLL2WOOUDP+MBS5/8A/G+AHQVKFM9ZC0PG91OMAMVNCZM1JXUHMZKVCJ3KDW"); user_pref("valueApps.CT2851647.mam_gk_currentVersion", "312E31332E302E3137"); user_pref("valueApps.CT2851647.mam_gk_currentVersion.storedInFile", false); user_pref("valueApps.CT2851647.mam_gk_migrated_from_ls", "31"); user_pref("valueApps.CT2851647.mam_gk_migrated_from_ls.storedInFile", false); user_pref("valueApps.CT2851647.mam_gk_userBornDate", "4E2F41"); user_pref("valueApps.CT2851647.mam_gk_userBornDate.storedInFile", false); user_pref("valueApps.storage.mam_gk_userId", "35363335333135642D653266662D343135302D396165372D326436613736303765646331"); Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rnb4l7cw.default\minidumps [6 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 05.02.2015 at 14:00:17,36 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015 01 Ran by Admin (administrator) on SILENT on 05-02-2015 14:12:51 Running from C:\Users\Admin\Desktop Loaded Profiles: Admin (Available profiles: User & Admin) Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Englisch (USA) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe (Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe (AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe () C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe () C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe () C:\Program Files\ShrewSoft\VPN Client\iked.exe () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Logitech, Inc.) C:\Users\Admin\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe (Logitech, Inc.) C:\Users\Admin\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-25] (Advanced Micro Devices, Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-02-27] (Nero AG) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.) HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe () Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl URLSearchHook: HKLM - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search FF SearchEngineOrder.1: Yahoo! (Avast) FF SelectedSearchEngine: Yahoo! (Avast) FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl FF Keyword.URL: https://de.search.yahoo.com/yhs/search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\yahoo-avast.xml FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\zonealarm.xml FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-09] FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-27] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-23] Chrome: ======= CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc [2012-08-18] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-23] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23] CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [Not Found] CHR HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [Not Found] StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ArcGIS License Manager; C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [1431440 2008-08-02] (Acresso Software Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-23] (Avast Software) R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed] R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.) R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [54544 2010-10-08] () S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-17] (Macrovision Europe Ltd.) [File not signed] R2 GEST Service; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [68136 2009-12-02] () R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [726288 2010-10-08] () R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [541968 2010-10-08] () R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed] S2 OS Selector; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-09-29] () R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-03-14] (SafeNet, Inc) S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-23] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-23] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-23] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-23] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-23] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-23] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-23] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-23] () S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin) [File not signed] S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed] R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG) R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [586752 2010-10-22] (AVM GmbH) R3 gdrv; C:\Windows\gdrv.sys [17488 2015-02-05] (Windows (R) 2000 DDK provider) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2014-02-08] (Duplex Secure Ltd.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-23] (Avast Software) R1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc) S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc) S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [179200 2012-05-30] (VIA Technologies, Inc.) [File not signed] S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [217600 2012-05-30] (VIA Technologies, Inc.) [File not signed] S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-11-15] (Kaspersky Lab) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 14:12 - 2015-02-05 14:12 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion 2015-02-05 14:00 - 2015-02-05 14:00 - 00011823 _____ () C:\Users\Admin\Desktop\JRT.txt 2015-02-05 13:56 - 2015-02-05 13:56 - 01388274 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe 2015-02-05 13:49 - 2015-02-05 13:55 - 00000000 ____D () C:\AdwCleaner 2015-02-05 13:49 - 2015-02-05 13:51 - 00009819 _____ () C:\Users\Admin\Desktop\AdwCleaner[R0].txt 2015-02-05 13:48 - 2015-02-05 13:48 - 00001186 _____ () C:\Users\Admin\Desktop\mbam.txt 2015-02-05 10:51 - 2015-02-05 10:51 - 00014422 _____ () C:\ComboFix.txt 2015-02-05 10:28 - 2015-02-05 10:51 - 00000000 ____D () C:\Qoobox 2015-02-05 10:28 - 2015-02-05 10:50 - 00000000 ____D () C:\Windows\erdnt 2015-02-05 10:28 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-05 10:28 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-05 10:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-05 10:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-05 10:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-05 10:28 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-05 10:28 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-05 10:28 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-05 10:26 - 2015-02-05 10:26 - 05611380 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe 2015-02-05 06:48 - 2015-02-05 06:48 - 00000197 _____ () C:\Windows\system32\2015-02-05-05-48-14.009-AvastVBoxSVC.exe-3008.log 2015-02-04 22:29 - 2015-02-04 22:56 - 00000000 ____D () C:\Users\TEMP.Silent.004 2015-02-04 16:22 - 2015-02-04 22:09 - 00000000 ____D () C:\Users\TEMP.Silent.003 2015-02-04 14:52 - 2015-02-04 14:52 - 00012861 _____ () C:\Users\Admin\Desktop\Gmer.log 2015-02-04 14:38 - 2015-02-04 14:38 - 00000247 _____ () C:\Windows\system32\2015-02-04-13-38-58.084-aswFe.exe-2724.log 2015-02-04 14:34 - 2015-02-04 14:58 - 00040197 _____ () C:\Users\Admin\Desktop\Addition.txt 2015-02-04 14:34 - 2015-02-04 14:34 - 00380416 _____ () C:\Users\Admin\Desktop\Gmer-19357.exe 2015-02-04 14:33 - 2015-02-05 14:12 - 00018551 _____ () C:\Users\Admin\Desktop\FRST.txt 2015-02-04 14:33 - 2015-02-05 14:12 - 00000000 ____D () C:\FRST 2015-02-04 14:33 - 2015-02-04 14:38 - 00000247 _____ () C:\Windows\system32\2015-02-04-13-33-27.087-aswFe.exe-5324.log 2015-02-04 14:33 - 2015-02-04 14:33 - 00000197 _____ () C:\Windows\system32\2015-02-04-13-33-21.032-AvastVBoxSVC.exe-3988.log 2015-02-04 14:32 - 2015-02-05 14:12 - 01123328 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2015-02-04 14:23 - 2015-02-04 14:23 - 00000582 _____ () C:\Users\Admin\Desktop\defogger_disable.log 2015-02-04 14:23 - 2015-02-04 14:23 - 00000020 _____ () C:\Users\Admin\defogger_reenable 2015-02-04 14:22 - 2015-02-04 14:22 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe 2015-02-04 14:10 - 2015-02-04 14:10 - 00000000 ____D () C:\Users\Admin\Desktop\Neuer Ordner 2015-02-04 13:56 - 2015-02-04 13:56 - 02194432 _____ () C:\Users\Admin\Desktop\adwcleaner_4.109.exe 2015-02-04 13:52 - 2015-02-04 13:52 - 00001582 _____ () C:\Users\Public\Desktop\Logitech Webcam Software .lnk 2015-01-27 07:58 - 2015-01-27 07:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-17 21:39 - 2015-01-17 21:42 - 00000000 ____D () C:\Users\TEMP.Silent.002 2015-01-13 11:58 - 2015-01-13 11:58 - 00000717 _____ () C:\Users\User\Desktop\DOKTORARBEIT - Verknüpfung.lnk 2015-01-09 01:14 - 2015-01-09 01:14 - 00000000 ____D () C:\Program Files\ESET 2015-01-09 01:12 - 2015-01-09 01:13 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe 2015-01-09 00:46 - 2015-01-09 00:46 - 00001203 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-01-09 00:44 - 2015-01-09 00:46 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2015-01-09 00:44 - 2015-01-09 00:44 - 00000000 ____D () C:\Program Files\Free Codec Pack 2015-01-09 00:36 - 2015-01-09 00:36 - 03534368 _____ (DVDVideoSoft Ltd. ) C:\Users\Admin\Downloads\FreeStudio(1).exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 13:39 - 2011-01-27 09:18 - 01394166 _____ () C:\Windows\WindowsUpdate.log 2015-02-05 13:37 - 2015-01-04 18:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-05 13:34 - 2014-03-18 18:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-05 13:33 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-05 13:33 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-05 13:32 - 2011-12-20 23:22 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001UA.job 2015-02-05 13:29 - 2011-02-13 20:48 - 00000211 _____ () C:\service.log 2015-02-05 13:28 - 2013-07-07 16:59 - 00303752 _____ () C:\Windows\setupact.log 2015-02-05 13:28 - 2012-08-15 21:26 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2015-02-05 13:28 - 2011-02-13 20:47 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys 2015-02-05 13:28 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-05 12:53 - 2011-03-26 22:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc 2015-02-05 11:31 - 2011-01-27 00:34 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-05 10:51 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2015-02-05 10:51 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2015-02-05 10:47 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2015-02-05 10:46 - 2013-07-08 06:51 - 00158474 _____ () C:\Windows\PFRO.log 2015-02-05 10:39 - 2015-01-04 18:36 - 00000000 ____D () C:\ProgramData\TEMP 2015-02-04 22:24 - 2012-04-19 05:59 - 10121728 ___SH () C:\Users\User\Desktop\Thumbs.db 2015-02-04 22:08 - 2011-01-27 21:22 - 00000000 ____D () C:\ProgramData\Logitech 2015-02-04 22:07 - 2011-01-27 18:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2015-02-04 16:00 - 2012-04-14 07:29 - 04125696 ___SH () C:\Users\User\Downloads\Thumbs.db 2015-02-04 15:59 - 2011-05-30 18:34 - 00185344 ___SH () C:\Users\User\Thumbs.db 2015-02-04 14:32 - 2014-05-08 20:54 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cf6af75addec20.job 2015-02-04 14:23 - 2011-04-22 10:02 - 00000000 ____D () C:\Users\Admin 2015-02-04 14:08 - 2013-12-30 15:37 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\EndNote 2015-02-04 13:57 - 2015-01-04 18:35 - 00000000 ____D () C:\Program Files\SpywareBlaster 2015-02-04 13:52 - 2012-08-07 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-02-04 13:52 - 2011-01-27 21:21 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd 2015-02-04 13:36 - 2009-07-14 08:49 - 00000000 ____D () C:\Windows\CSC 2015-02-01 19:00 - 2009-07-14 08:48 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-01-31 08:29 - 2011-02-14 20:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\EndNote 2015-01-31 07:28 - 2009-07-14 05:53 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-28 16:34 - 2012-05-14 06:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-25 09:34 - 2012-08-11 08:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-25 09:34 - 2011-12-04 16:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-22 19:09 - 2011-01-30 17:34 - 00004096 _____ () C:\Users\Public\Documents\000016E5.LCS 2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-15 15:32 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\Documents\DVDVideoSoft 2015-01-11 17:29 - 2012-09-30 06:45 - 00000000 ____D () C:\Users\User\Documents\MATLAB 2015-01-09 12:16 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft 2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DVDVideoSoft 2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Program Files\DVDVideoSoft 2015-01-09 00:46 - 2013-02-24 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft ==================== Files in the root of some directories ======= 2012-12-30 17:50 - 2012-12-30 17:50 - 0000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg 2011-01-27 18:58 - 2011-01-27 18:58 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2012-11-15 19:45 - 2012-11-18 12:12 - 0009365 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2011-10-23 13:19 ==================== End Of Log ============================ --- --- --- --- --- --- |
05.02.2015, 15:00 | #8 |
/// the machine /// TB-Ausbilder | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows UpdateESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
05.02.2015, 23:28 | #9 |
| Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update ESET hat Sachen gefunden. Wurden diese bei den gewählten Einstellungen gelöscht? Windows Update geht nach wie vor nicht!!!!! Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=89ceb5887ed0f5488be2624916e1def7 # engine=22323 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-05 06:01:23 # local_time=2015-02-05 07:01:23 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7600 NT # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 71 94 735856 7788494 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 711975 174790474 0 0 # scanned=850512 # found=22 # cleaned=0 # scan_time=13233 sh=F5EE1489F5BD5427F1EA65441E5DCCA924E31336 ft=1 fh=eae9470eeeee5c10 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll" sh=0AE6F44A6D15BF13DF19BE1EC38D021D6960BE55 ft=1 fh=69709f074978429f vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\ProgramData\KbrokvVK\dat\rwvMMna.dll" sh=72179DBF2A4CEBFDD86C2CF4F93F132901EF58AE ft=1 fh=248b5c7f1207a7c2 vn="Win32/JoyDownloader.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\AppData\Roaming\rmi\offer_downloader.exe" sh=CB93BAD66A2CF65E904BE0DEEBFA9F6280DC9438 ft=1 fh=8a6e1371ef6c32ff vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Desktop\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe" sh=0E09656165324C583CA0B8436FF33ACEB4C5AFE6 ft=1 fh=b7026f1f27c2fa03 vn="Win32/JoyDownloader.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Downloads\daemon-tools-4.48.1.exe" sh=0AE6F44A6D15BF13DF19BE1EC38D021D6960BE55 ft=1 fh=69709f074978429f vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\Users\All Users\KbrokvVK\dat\rwvMMna.dll" sh=5D8336F26518B2369F8980E0423535C0070327E5 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1TEU09C1\update22011[1].zip" sh=FF28E21E32CAD198B64852130ACA1C19A05067DC ft=1 fh=cd51d5272c5878fb vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\LocalLow\adawaretb\adawareDx.dll" sh=32D60DAEFF549FDAD23B2F9D5D311708B130C322 ft=1 fh=1b9f47df6137f750 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\LocalLow\adawaretb\adawaretb.dll" sh=13140FCCCBAA29328B0A85FA4025587A41592E86 ft=1 fh=35424f93784fbad1 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\LocalLow\adawaretb\dtUser.exe" sh=A6E6CA8CEE1D4714B47C4DC569AF8EB32AED3FC0 ft=1 fh=879b9ffe556ed83c vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Anwendungsdaten\Mozilla\Firefox\Profiles\0aqafp9k.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe" sh=AF2859B7659FC1B492BA982FC340D8C68C6F25BA ft=1 fh=b93f72d73566c42b vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Eigene Dateien\Downloads\zafwSetupWeb_102_078_000.exe" sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon0.dll" sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon2.dll" sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon0.dll" sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon2.dll" sh=395BF6FD62990AE6A4ACDC49D71880938D9459A2 ft=1 fh=6c8501d774790c5f vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R42FSIE5\tbedrs[1].dll" sh=6994FC133F3D99F1B1257370C9BC01BD54AF5D30 ft=1 fh=d1eb868415c0b931 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="W:\SOFTWARE\Downloads\zaSetup_92_058_000_de.exe" sh=C6A703254761706EEF729C20EC9F0CA922A212C5 ft=0 fh=0000000000000000 vn="Variante von MSIL/RiskWare.TBKeylogger.A Anwendung" ac=I fn="W:\SOFTWARE\INTERNET&PC\The.Best.Keylogger.3.53.Build.1009.incl.crack\SetupInstall.msi" sh=40160FD00021E404D942C3CD038B8427F8A6A46F ft=1 fh=f4431d4f501bfec8 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="W:\SOFTWARE\OFFICE&JOB\NERO 8 Ultra Edition 8.3.2.1b + KEYGEN\Setup\Nero-8.3.2.1b_eng.exe" sh=F31EDC46C709BCFEDA3C36B7394167553923F5C3 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\ag-3535a.zip" sh=07DEB2D82D3738C4915DEC4BFE232826FFD84910 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\AGAiN.rar" Code:
ATTFilter Results of screen317's Security Check version 0.99.95 Windows 7 x86 (UAC is enabled) Out of date service pack!! ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 Java 7 Update 71 Java(TM) 6 Update 24 Java(TM) SE Development Kit 6 Update 25 Java DB 10.6.2.1 Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (35.0.1) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015 01 Ran by Admin (administrator) on SILENT on 05-02-2015 23:00:00 Running from C:\Users\Admin\Desktop Loaded Profiles: Admin (Available profiles: User & Admin) Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Englisch (USA) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe (AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe (Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe () C:\Program Files\ESRI\License\arcgis9x\ARCGIS.EXE () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe () C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe () C:\Program Files\ShrewSoft\VPN Client\iked.exe () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe () C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AVM Berlin) C:\Program Files\avmwlanstick\WLanGUI.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Logitech Inc.) C:\Program Files\Logitech\Vid HD\Vid.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU\LULnchr.exe (Logitech, Inc.) C:\Users\User\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe (Logitech, Inc.) C:\Users\User\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-25] (Advanced Micro Devices, Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-02-27] (Nero AG) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.) HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe () Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl URLSearchHook: HKLM - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Toolbar: HKU\S-1-5-21-1086903118-4148874774-2401624160-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search FF SearchEngineOrder.1: Yahoo! (Avast) FF SelectedSearchEngine: Yahoo! (Avast) FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl FF Keyword.URL: https://de.search.yahoo.com/yhs/search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\yahoo-avast.xml FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\searchplugins\zonealarm.xml FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rnb4l7cw.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-09] FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-27] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-23] Chrome: ======= CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc [2012-08-18] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-23] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23] CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [Not Found] CHR HKU\S-1-5-21-1086903118-4148874774-2401624160-1004\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Admin\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [Not Found] StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ArcGIS License Manager; C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [1431440 2008-08-02] (Acresso Software Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-23] (Avast Software) R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed] R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.) R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [54544 2010-10-08] () S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-17] (Macrovision Europe Ltd.) [File not signed] R2 GEST Service; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [68136 2009-12-02] () R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [726288 2010-10-08] () R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [541968 2010-10-08] () R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed] R2 OS Selector; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-09-29] () R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-03-14] (SafeNet, Inc) S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-23] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-23] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-23] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-23] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-23] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-23] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-23] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-23] () S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-22] (AVM Berlin) [File not signed] S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed] R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG) R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [586752 2010-10-22] (AVM GmbH) R3 gdrv; C:\Windows\gdrv.sys [17488 2015-02-05] (Windows (R) 2000 DDK provider) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [324096 2014-02-08] (Duplex Secure Ltd.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-23] (Avast Software) R1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc) S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc) S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [179200 2012-05-30] (VIA Technologies, Inc.) [File not signed] S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [217600 2012-05-30] (VIA Technologies, Inc.) [File not signed] S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [75096 2012-11-15] (Kaspersky Lab) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 23:00 - 2015-02-05 23:00 - 00018948 _____ () C:\Users\Admin\Desktop\FRST.txt 2015-02-05 22:58 - 2015-02-05 22:59 - 00000000 ____D () C:\Users\Admin\Desktop\Trojaner 2015-02-05 22:58 - 2015-02-05 22:58 - 00001128 _____ () C:\Users\Admin\Desktop\checkup.txt 2015-02-05 22:42 - 2015-02-05 22:42 - 00852573 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe 2015-02-05 19:09 - 2015-02-05 19:09 - 00000197 _____ () C:\Windows\system32\2015-02-05-18-09-59.049-AvastVBoxSVC.exe-3408.log 2015-02-05 15:05 - 2015-02-05 15:05 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_deu.exe 2015-02-05 14:12 - 2015-02-05 14:12 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion 2015-02-05 13:56 - 2015-02-05 13:56 - 01388274 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe 2015-02-05 13:49 - 2015-02-05 13:55 - 00000000 ____D () C:\AdwCleaner 2015-02-05 10:51 - 2015-02-05 10:51 - 00014422 _____ () C:\ComboFix.txt 2015-02-05 10:28 - 2015-02-05 10:51 - 00000000 ____D () C:\Qoobox 2015-02-05 10:28 - 2015-02-05 10:50 - 00000000 ____D () C:\Windows\erdnt 2015-02-05 10:28 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-05 10:28 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-05 10:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-05 10:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-05 10:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-05 10:28 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-05 10:28 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-05 10:28 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-05 10:26 - 2015-02-05 10:26 - 05611380 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe 2015-02-05 06:48 - 2015-02-05 06:48 - 00000197 _____ () C:\Windows\system32\2015-02-05-05-48-14.009-AvastVBoxSVC.exe-3008.log 2015-02-04 22:29 - 2015-02-04 22:56 - 00000000 ____D () C:\Users\TEMP.Silent.004 2015-02-04 16:22 - 2015-02-04 22:09 - 00000000 ____D () C:\Users\TEMP.Silent.003 2015-02-04 14:38 - 2015-02-04 14:38 - 00000247 _____ () C:\Windows\system32\2015-02-04-13-38-58.084-aswFe.exe-2724.log 2015-02-04 14:33 - 2015-02-05 23:00 - 00000000 ____D () C:\FRST 2015-02-04 14:33 - 2015-02-04 14:38 - 00000247 _____ () C:\Windows\system32\2015-02-04-13-33-27.087-aswFe.exe-5324.log 2015-02-04 14:33 - 2015-02-04 14:33 - 00000197 _____ () C:\Windows\system32\2015-02-04-13-33-21.032-AvastVBoxSVC.exe-3988.log 2015-02-04 14:32 - 2015-02-05 14:12 - 01123328 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2015-02-04 14:23 - 2015-02-04 14:23 - 00000020 _____ () C:\Users\Admin\defogger_reenable 2015-02-04 14:22 - 2015-02-04 14:22 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe 2015-02-04 14:10 - 2015-02-04 14:10 - 00000000 ____D () C:\Users\Admin\Desktop\Neuer Ordner 2015-02-04 13:56 - 2015-02-04 13:56 - 02194432 _____ () C:\Users\Admin\Desktop\adwcleaner_4.109.exe 2015-02-04 13:52 - 2015-02-04 13:52 - 00001582 _____ () C:\Users\Public\Desktop\Logitech Webcam Software .lnk 2015-01-27 07:58 - 2015-01-27 07:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-17 21:39 - 2015-01-17 21:42 - 00000000 ____D () C:\Users\TEMP.Silent.002 2015-01-13 11:58 - 2015-01-13 11:58 - 00000717 _____ () C:\Users\User\Desktop\DOKTORARBEIT - Verknüpfung.lnk 2015-01-09 01:12 - 2015-01-09 01:13 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe 2015-01-09 00:46 - 2015-01-09 00:46 - 00001203 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-01-09 00:44 - 2015-01-09 00:46 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2015-01-09 00:44 - 2015-01-09 00:44 - 00000000 ____D () C:\Program Files\Free Codec Pack 2015-01-09 00:36 - 2015-01-09 00:36 - 03534368 _____ (DVDVideoSoft Ltd. ) C:\Users\Admin\Downloads\FreeStudio(1).exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 22:57 - 2013-07-07 16:59 - 00304872 _____ () C:\Windows\setupact.log 2015-02-05 22:42 - 2011-01-27 09:18 - 01414633 _____ () C:\Windows\WindowsUpdate.log 2015-02-05 22:34 - 2014-03-18 18:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-05 22:32 - 2011-12-20 23:22 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001UA.job 2015-02-05 22:30 - 2011-01-27 18:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2015-02-05 21:33 - 2011-02-14 20:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\EndNote 2015-02-05 19:13 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-05 19:13 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-05 19:07 - 2012-08-15 21:26 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2015-02-05 19:07 - 2011-02-13 20:48 - 00000211 _____ () C:\service.log 2015-02-05 19:07 - 2011-02-13 20:47 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys 2015-02-05 19:07 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-05 19:01 - 2013-12-30 15:37 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\EndNote 2015-02-05 16:34 - 2012-08-11 08:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-05 16:34 - 2011-12-04 16:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-02-05 14:32 - 2014-05-08 20:54 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086903118-4148874774-2401624160-1001Core1cf6af75addec20.job 2015-02-05 13:37 - 2015-01-04 18:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-05 12:53 - 2011-03-26 22:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc 2015-02-05 11:31 - 2011-01-27 00:34 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-05 10:51 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2015-02-05 10:51 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2015-02-05 10:47 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2015-02-05 10:46 - 2013-07-08 06:51 - 00158474 _____ () C:\Windows\PFRO.log 2015-02-05 10:39 - 2015-01-04 18:36 - 00000000 ____D () C:\ProgramData\TEMP 2015-02-04 22:24 - 2012-04-19 05:59 - 10121728 ___SH () C:\Users\User\Desktop\Thumbs.db 2015-02-04 22:08 - 2011-01-27 21:22 - 00000000 ____D () C:\ProgramData\Logitech 2015-02-04 16:00 - 2012-04-14 07:29 - 04125696 ___SH () C:\Users\User\Downloads\Thumbs.db 2015-02-04 15:59 - 2011-05-30 18:34 - 00185344 ___SH () C:\Users\User\Thumbs.db 2015-02-04 14:23 - 2011-04-22 10:02 - 00000000 ____D () C:\Users\Admin 2015-02-04 13:57 - 2015-01-04 18:35 - 00000000 ____D () C:\Program Files\SpywareBlaster 2015-02-04 13:52 - 2012-08-07 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-02-04 13:52 - 2011-01-27 21:21 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd 2015-02-04 13:36 - 2009-07-14 08:49 - 00000000 ____D () C:\Windows\CSC 2015-02-01 19:00 - 2009-07-14 08:48 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-01-31 07:28 - 2009-07-14 05:53 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-28 16:34 - 2012-05-14 06:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-22 19:09 - 2011-01-30 17:34 - 00004096 _____ () C:\Users\Public\Documents\000016E5.LCS 2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-17 21:46 - 2011-10-10 11:31 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-15 15:32 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\Documents\DVDVideoSoft 2015-01-11 17:29 - 2012-09-30 06:45 - 00000000 ____D () C:\Users\User\Documents\MATLAB 2015-01-09 12:16 - 2013-02-24 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft 2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DVDVideoSoft 2015-01-09 00:46 - 2013-05-19 14:18 - 00000000 ____D () C:\Program Files\DVDVideoSoft 2015-01-09 00:46 - 2013-02-24 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft ==================== Files in the root of some directories ======= 2012-12-30 17:50 - 2012-12-30 17:50 - 0000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg 2011-01-27 18:58 - 2011-01-27 18:58 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2012-11-15 19:45 - 2012-11-18 12:12 - 0009365 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2011-10-23 13:19 ==================== End Of Log ============================ --- --- --- --- --- --- Kann e sein, dass es am fehlenden SirvicePAck liegt _!!!! |
06.02.2015, 10:35 | #10 |
/// the machine /// TB-Ausbilder | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Ich würde ja mal mit dem keygen und Crack Scheiss aufhören..... Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\KbrokvVK C:\Users\Admin\AppData\Roaming\rmi C:\Users\Admin\Desktop\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe C:\Users\Admin\Downloads\daemon-tools-4.48.1.exe C:\Users\All Users\KbrokvVK\dat\rwvMMna.dll C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1TEU09C1\update22011[1].zip C:\Users\User\AppData\LocalLow\adawaretb\adawareDx.dll C:\Users\User\AppData\LocalLow\adawaretb\adawaretb.dll C:\Users\User\AppData\LocalLow\adawaretb\dtUser.exe W:\DELL\Dokumente und Einstellungen\krassimir\Anwendungsdaten\Mozilla\Firefox\Profiles\0aqafp9k.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe W:\DELL\Dokumente und Einstellungen\krassimir\Eigene Dateien\Downloads\zafwSetupWeb_102_078_000.exe W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon0.dll W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon2.dll W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon0.dll W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon2.dll W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R42FSIE5\tbedrs[1].dll W:\SOFTWARE\Downloads\zaSetup_92_058_000_de.exe W:\SOFTWARE\INTERNET&PC\The.Best.Keylogger.3.53.Build.1009.incl.crack\SetupInstall.msi W:\SOFTWARE\OFFICE&JOB\NERO 8 Ultra Edition 8.3.2.1b + KEYGEN\Setup\Nero-8.3.2.1b_eng.exe W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\ag-3535a.zip W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\AGAiN.rar Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Servicepack 1 als Offline Installer laden, installieren. Wenn das klappt die 265 FolgeUPdates laden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.02.2015, 13:25 | #11 |
| Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Grundsätzlich habe ich lange aufgehört. Aber anscheined gibt es noch alte Sünden... W:\DELL... könnte ich komplet löschen, da es alte Kopie eines Laptop ist, das nicht mehr existiert. Ich hätte nicht gedacht, dass das ein Problem sein kann. Gestern Abend vor deiner Antwort habe ich noch mal mit der Windows CD probiert und diesmal sah gut aus. Nur es war wenig Speicherplatz auf C. Ich konnte nicht genug bereinigen und deswegen dachte ich mir schnell mal die Partion vergrößern. Leider gab es Meldung über Fehlerhafte sektoren und die Vergrößerung wurde nicht zu Ende gemacht. Jetzt zeigt mit die Datenträgerverwaltug, dass C: 95GB groß ist und und im Expolrerfenster nur 70GB (alter Zustand). Fehlerüberprüfung sagt alles ok. Ich habe mir den Tool Seatools heruntergeladen uund er sagt auch alles ok. C: lässt sich aber nicht wieder verkleinern (wegen Fehler). Ist ComboFIX passend dafür? Wegen Update bin ich jetzt opimistisch. Nur was ist besser ertsmal Updaten oder Partion in Ordnung bringen? Herzlichen Dank für deine Hilfe und ich mache am WE weiter Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-02-2015 01 Ran by Admin at 2015-02-06 12:52:44 Run:1 Running from C:\Users\Admin\Desktop Loaded Profiles: Admin (Available profiles: User & Admin) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\ProgramData\KbrokvVK C:\Users\Admin\AppData\Roaming\rmi C:\Users\Admin\Desktop\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe C:\Users\Admin\Downloads\daemon-tools-4.48.1.exe C:\Users\All Users\KbrokvVK\dat\rwvMMna.dll C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1TEU09C1\update22011[1].zip C:\Users\User\AppData\LocalLow\adawaretb\adawareDx.dll C:\Users\User\AppData\LocalLow\adawaretb\adawaretb.dll C:\Users\User\AppData\LocalLow\adawaretb\dtUser.exe W:\DELL\Dokumente und Einstellungen\krassimir\Anwendungsdaten\Mozilla\Firefox\Profiles\0aqafp9k.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe W:\DELL\Dokumente und Einstellungen\krassimir\Eigene Dateien\Downloads\zafwSetupWeb_102_078_000.exe W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon0.dll W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon2.dll W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon0.dll W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon2.dll W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R42FSIE5\tbedrs[1].dll W:\SOFTWARE\Downloads\zaSetup_92_058_000_de.exe W:\SOFTWARE\INTERNET&PC\The.Best.Keylogger.3.53.Build.1009.incl.crack\SetupInstall.msi W:\SOFTWARE\OFFICE&JOB\NERO 8 Ultra Edition 8.3.2.1b + KEYGEN\Setup\Nero-8.3.2.1b_eng.exe W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\ag-3535a.zip W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\AGAiN.rar Emptytemp: ***************** C:\ProgramData\KbrokvVK => Moved successfully. C:\Users\Admin\AppData\Roaming\rmi => Moved successfully. C:\Users\Admin\Desktop\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe => Moved successfully. "C:\Users\Admin\Downloads\daemon-tools-4.48.1.exe" => File/Directory not found. "C:\Users\All Users\KbrokvVK\dat\rwvMMna.dll" => File/Directory not found. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1TEU09C1\update22011[1].zip => Moved successfully. C:\Users\User\AppData\LocalLow\adawaretb\adawareDx.dll => Moved successfully. C:\Users\User\AppData\LocalLow\adawaretb\adawaretb.dll => Moved successfully. C:\Users\User\AppData\LocalLow\adawaretb\dtUser.exe => Moved successfully. W:\DELL\Dokumente und Einstellungen\krassimir\Anwendungsdaten\Mozilla\Firefox\Profiles\0aqafp9k.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe => Moved successfully. W:\DELL\Dokumente und Einstellungen\krassimir\Eigene Dateien\Downloads\zafwSetupWeb_102_078_000.exe => Moved successfully. W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon0.dll => Moved successfully. W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\ldrtbZon2.dll => Moved successfully. W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon0.dll => Moved successfully. W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit\tbZon2.dll => Moved successfully. W:\DELL\Dokumente und Einstellungen\krassimir\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R42FSIE5\tbedrs[1].dll => Moved successfully. W:\SOFTWARE\Downloads\zaSetup_92_058_000_de.exe => Moved successfully. W:\SOFTWARE\INTERNET&PC\The.Best.Keylogger.3.53.Build.1009.incl.crack\SetupInstall.msi => Moved successfully. W:\SOFTWARE\OFFICE&JOB\NERO 8 Ultra Edition 8.3.2.1b + KEYGEN\Setup\Nero-8.3.2.1b_eng.exe => Moved successfully. W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\ag-3535a.zip => Moved successfully. W:\SOFTWARE\OFFICE&JOB\Smart.Projects.IsoBuster.Pro.v2.5.0.0.Multilingual.Incl.Keymaker-AGAiN\AGAiN.rar => Moved successfully. EmptyTemp: => Removed 688.8 MB temporary data. The system needed a reboot. ==== End of Fixlog 12:53:25 ==== |
06.02.2015, 19:19 | #12 |
/// the machine /// TB-Ausbilder | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Wenn fehlerhafte Sektoren angezeogt werden sollte man die mal reparieren, bzw mal die Platte prüfen. Fehler im Dateisystem beheben - so geht's - Anleitungen Zustand der Festplatte herausfinden - so gehts - Anleitungen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.02.2015, 23:29 | #13 |
| Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Das hatte ich schon vorher zwei mal ausprobiert - "Datenträger-Überprüfung – aus laufendem Betrieb" Jetzt habe ich es über die Eingabeaufforderung. Die Fehler werden nicht korregiert. CrystalDisk sagt "Aktuell schwebende Sektoren". Soweit ich mich reingelesen habe, wenn Chkdsk nicht hilft, bleibt nur neufromatieren als Alternative. Ist das richtig? Ich tendiere schon zum Neuaufsetzen. VG Code:
ATTFilter 7952628 KB auf dem Datenträger verfügbar 4096 Bytes in jeder Zuordnungseinheit 18347519 Zuordnungseinheiten auf dem Datenträger insgesamt 1988157 Zuordnungseinheiten auf dem Datenträger verfügbar Ereignis-XML: <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Chkdsk" /> <EventID Qualifiers="0">26212</EventID> <Level>4</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2015-02-06T01:31:32.000000000Z" /> <EventRecordID>97988</EventRecordID> <Channel>Application</Channel> <Computer>Silent</Computer> <Security /> </System> <EventData> <Data> Dateisystem auf \\?\Volume{8e613d86-29ed-11e0-b338-806e6f6e6963} wird überprüft. Der Typ des Dateisystems ist NTFS. WARNUNG! Der Parameter F wurde nicht angegeben. CHKDSK wird im schreibgeschützten Modus ausgeführt. CHKDSK überprüft Dateien (Phase 1 von 3)... 575488 Datensätze verarbeitet. Dateiüberprüfung beendet. 316 große Datensätze verarbeitet. 0 ungültige Datensätze verarbeitet. 2 E/A-Datensätze verarbeitet. 59 Analysedatensätze verarbeitet. CHKDSK überprüft Indizes (Phase 2 von 3)... 669174 Indexeinträge verarbeitet. Indexüberprüfung beendet. 0 nicht indizierte Dateien überprüft. 0 nicht indizierte Dateien wiederhergestellt. CHKDSK überprüft Sicherheitsbeschreibungen (Phase 3 von 3)... 575488 SDs/SIDs verarbeitet. 1502 nicht verwendete Indexeinträge aus Index $SII der Datei 0x9 werden aufgeräumt. 1502 nicht verwendete Indexeinträge aus Index $SDH der Datei 0x9 werden aufgeräumt. 1502 nicht verwendete Sicherheitsbeschreibungen werden aufgeräumt. Überprüfung der Sicherheitsbeschreibungen beendet. 46844 Datendateien verarbeitet. CHKDSK überprüft USN-Journal... 35412880 USN-Bytes verarbeitet. Die Überprüfung von USN-Journal ist abgeschlossen. Das Dateisystem wurde überprüft. Es wurden keine Probleme festgestellt. 73390076 KB Speicherplatz auf dem Datenträger insgesamt 64548204 KB in 399901 Dateien 174376 KB in 46845 Indizes 4 KB in fehlerhaften Sektoren 714864 KB vom System benutzt 65536 KB von der Protokolldatei belegt 7952628 KB auf dem Datenträger verfügbar 4096 Bytes in jeder Zuordnungseinheit 18347519 Zuordnungseinheiten auf dem Datenträger insgesamt 1988157 Zuordnungseinheiten auf dem Datenträger verfügbar </Data> <Binary>00C8080024D106004C6D0B0000000000BC0200003B0000000000000000000000</Binary> </EventData> </Event> Code:
ATTFilter ---------------------------------------------------------------------------- CrystalDiskInfo 6.3.0 (C) 2008-2015 hiyohiyo Crystal Dew World : hxxp://crystalmark.info/ ---------------------------------------------------------------------------- OS : Windows 7 Ultimate [6.1 Build 7600] (x86) Date : 2015/02/06 22:40:22 -- Controller Map ---------------------------------------------------------- + Intel(R) ICH10 Family 2 port Serial ATA Storage Controller 2 - 3A26 [ATA] - ATA Channel 0 (0) + ATA Channel 1 (1) - ST2000DL004 HD204UI ATA Device + Standard-Zweikanal-PCI-IDE-Controller [ATA] + ATA Channel 0 (0) - SAMSUNG HD322GJ ATA Device + ATA Channel 1 (1) - HL-DT-ST DVD-RAM GH22LS30 ATA Device + Intel(R) ICH10 Family 4 port Serial ATA Storage Controller 1 - 3A20 [ATA] - ATA Channel 0 (0) - ATA Channel 1 (1) + Virtual CloneDrive [SCSI] - ELBY CLONEDRIVE SCSI CdRom Device -- Disk List --------------------------------------------------------------- (1) SAMSUNG HD322GJ : 320,0 GB [0/2/0, pd1] (2) ST2000DL004 HD204UI : 2000,3 GB [1/5/0, pd1] - st ---------------------------------------------------------------------------- (1) SAMSUNG HD322GJ ---------------------------------------------------------------------------- Model : SAMSUNG HD322GJ Firmware : 1AR10001 Serial Number : S2BJJ90Z918796 Disk Size : 320,0 GB (8,4/137,4/320,0/320,0) Buffer Size : 16384 KB Queue Depth : 32 # of Sectors : 625140335 Rotation Rate : 7200 RPM Interface : Serial ATA Major Version : ATA8-ACS Minor Version : ATA8-ACS version 6 Transfer Mode : ---- | SATA/300 Power On Hours : 16541 Std. Power On Count : 4787 mal Temperature : 34 C (93 F) Health Status : Vorsicht Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ APM Level : 0000h [OFF] AAM Level : FE00h [OFF] -- S.M.A.R.T. -------------------------------------------------------------- ID Cur Wor Thr RawValues(6) Attribute Name 01 100 100 _51 0000000001E9 Lesefehlerrate 02 _55 _55 __0 000000000AB8 Datendurchsatz-Leistung 03 _84 _75 _25 000000001373 Mittl. Anlaufzeit 04 _96 _96 __0 0000000012FF Start/Stopp-Zyklen d. Spindel 05 252 252 _10 000000000000 Anz. wiederzugewiesener Sektoren 07 252 252 _51 000000000000 Anz. Suchfehler 08 252 252 _15 000000000000 Güte der Suchoperationen 09 100 100 __0 00000000409D Betriebsstunden 0A 252 252 _51 000000000000 Anz. misslungener Spindelanläufe 0B 252 252 __0 000000000000 Anz. notwendiger Rekalibrierungen 0C _96 _96 __0 0000000012B3 Anz. Geräte-Einschaltvorgänge BF _91 _91 __0 000000018066 G-Sensor-Fehlerrate C0 252 252 __0 000000000000 Ausschaltungsabbrüche C2 _64 _59 __0 0029000B0022 Temperatur C3 100 100 __0 000000000000 Hardware-ECC wiederhergestellt C4 252 252 __0 000000000000 Wiederzuweisungsereignisse C5 100 100 __0 000000000001 Aktuell schwebende Sektoren C6 252 252 __0 000000000000 Nicht korrigierbare Sektoren C7 200 200 __0 000000000000 UltraDMA-CRC-Fehler C8 100 100 __0 000000000936 Schreibfehlerrate DF 252 252 __0 000000000000 Laden/Entladen-Wiederholungen E1 100 100 __0 000000001317 Laden/Entladen-Zyklen -- IDENTIFY_DEVICE --------------------------------------------------------- 0 1 2 3 4 5 6 7 8 9 000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000 010: 5332 424A 4A39 305A 3931 3837 3936 2020 2020 2020 020: 0000 8000 0004 3141 5231 3030 3031 5341 4D53 554E 030: 4720 4844 3332 3247 4A20 2020 2020 2020 2020 2020 040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00 050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110 060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000 070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0040 080: 01FF 0028 746B 7F69 4123 7469 BC41 4123 207F 0018 090: 0018 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000 100: E26F 2542 0000 0000 0000 0000 4000 0000 5002 4E92 110: 0350 AC93 0000 0000 0000 0000 0000 0000 0000 401C 120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000 130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000 170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000 210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000 220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000 230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000 240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 250: 0000 0000 0000 0000 0000 C7A5 -- SMART_READ_DATA --------------------------------------------------------- +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F 000: 10 00 01 2F 00 64 64 E9 01 00 00 00 00 00 02 26 010: 00 37 37 B8 0A 00 00 00 00 00 03 23 00 54 4B 73 020: 13 00 00 00 00 00 04 32 00 60 60 FF 12 00 00 00 030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E 040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00 050: 00 00 00 00 00 00 09 32 00 64 64 9D 40 00 00 00 060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32 070: 00 FC FC 00 00 00 00 00 00 00 0C 32 00 60 60 B3 080: 12 00 00 00 00 00 BF 22 00 5B 5B 66 80 01 00 00 090: 00 00 C0 22 00 FC FC 00 00 00 00 00 00 00 C2 02 0A0: 00 40 3B 22 00 0B 00 29 00 00 C3 3A 00 64 64 00 0B0: 00 00 00 00 00 00 C4 32 00 FC FC 00 00 00 00 00 0C0: 00 00 C5 32 00 64 64 01 00 00 00 00 00 00 C6 30 0D0: 00 FC FC 00 00 00 00 00 00 00 C7 36 00 C8 C8 00 0E0: 00 00 00 00 00 00 C8 2A 00 64 64 36 09 00 00 00 0F0: 00 00 DF 32 00 FC FC 00 00 00 00 00 00 00 E1 32 100: 00 64 64 17 13 00 00 00 00 00 00 00 00 00 00 00 110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 160: 00 00 00 00 00 00 00 00 00 00 00 00 B8 0B 00 5B 170: 03 00 01 00 02 32 00 00 00 00 00 00 00 00 00 00 180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9F -- SMART_READ_THRESHOLD ---------------------------------------------------- +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F 000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00 010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00 020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33 040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00 050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00 060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00 070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00 080: 00 00 00 00 00 00 BF 00 00 00 00 00 00 00 00 00 090: 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 C2 00 0A0: 00 00 00 00 00 00 00 00 00 00 C3 00 00 00 00 00 0B0: 00 00 00 00 00 00 C4 00 00 00 00 00 00 00 00 00 0C0: 00 00 C5 00 00 00 00 00 00 00 00 00 00 00 C6 00 0D0: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00 0E0: 00 00 00 00 00 00 C8 00 00 00 00 00 00 00 00 00 0F0: 00 00 DF 00 00 00 00 00 00 00 00 00 00 00 E1 00 100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3B ---------------------------------------------------------------------------- (2) ST2000DL004 HD204UI ---------------------------------------------------------------------------- Model : ST2000DL004 HD204UI Firmware : 1AQ10001 Serial Number : S2H7J90C507820 Disk Size : 2000,3 GB (8,4/137,4/2000,3/2000,3) Buffer Size : 32767 KB Queue Depth : 32 # of Sectors : 3907029168 Rotation Rate : 5400 RPM Interface : Serial ATA Major Version : ATA8-ACS Minor Version : ATA8-ACS version 6 Transfer Mode : ---- | SATA/300 Power On Hours : 9877 Std. Power On Count : 2609 mal Temperature : 34 C (93 F) Health Status : Gut Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ APM Level : 0000h [OFF] AAM Level : FE00h [OFF] -- S.M.A.R.T. -------------------------------------------------------------- ID Cur Wor Thr RawValues(6) Attribute Name 01 100 100 _51 000000000000 Lesefehlerrate 02 252 252 __0 000000000000 Datendurchsatz-Leistung 03 _67 _66 _25 000000002716 Mittl. Anlaufzeit 04 _84 _84 __0 000000004238 Start/Stopp-Zyklen d. Spindel 05 252 252 _10 000000000000 Anz. wiederzugewiesener Sektoren 07 252 252 _51 000000000000 Anz. Suchfehler 08 252 252 _15 000000000000 Güte der Suchoperationen 09 100 100 __0 000000002695 Betriebsstunden 0A 252 252 _51 000000000000 Anz. misslungener Spindelanläufe 0B 252 252 __0 000000000000 Anz. notwendiger Rekalibrierungen 0C _98 _98 __0 000000000A31 Anz. Geräte-Einschaltvorgänge B5 100 100 __0 000000C21A4E Herstellerspezifisch BF 100 100 __0 000000000022 G-Sensor-Fehlerrate C0 252 252 __0 000000000000 Ausschaltungsabbrüche C2 _64 _59 __0 0029000F0022 Temperatur C3 100 100 __0 000000000000 Hardware-ECC wiederhergestellt C4 252 252 __0 000000000000 Wiederzuweisungsereignisse C5 252 252 __0 000000000000 Aktuell schwebende Sektoren C6 252 252 __0 000000000000 Nicht korrigierbare Sektoren C7 200 200 __0 000000000000 UltraDMA-CRC-Fehler C8 100 100 __0 000000000000 Schreibfehlerrate DF 252 252 __0 000000000000 Laden/Entladen-Wiederholungen E1 _99 _99 __0 000000004240 Laden/Entladen-Zyklen -- IDENTIFY_DEVICE --------------------------------------------------------- 0 1 2 3 4 5 6 7 8 9 000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000 010: 5332 4837 4A39 3043 3530 3738 3230 2020 2020 2020 020: 0000 FFFF 0004 3141 5131 3030 3031 5354 3230 3030 030: 444C 3030 3420 4844 3230 3455 4920 2020 2020 2020 040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00 050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110 060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000 070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0040 080: 01FF 0028 746B 7F69 4123 7469 BC41 4123 207F 00A2 090: 00A2 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000 100: 88B0 E8E0 0000 0000 0000 0000 4000 0000 5000 4CF2 110: 0779 37AE 0000 0000 0000 0000 0000 0000 0000 401C 120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000 130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000 170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000 210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000 220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000 230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000 240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 250: 0000 0000 0000 0000 0000 09A5 -- SMART_READ_DATA --------------------------------------------------------- +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F 000: 10 00 01 2F 00 64 64 00 00 00 00 00 00 00 02 26 010: 00 FC FC 00 00 00 00 00 00 00 03 23 00 43 42 16 020: 27 00 00 00 00 00 04 32 00 54 54 38 42 00 00 00 030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E 040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00 050: 00 00 00 00 00 00 09 32 00 64 64 95 26 00 00 00 060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32 070: 00 FC FC 00 00 00 00 00 00 00 0C 32 00 62 62 31 080: 0A 00 00 00 00 00 B5 22 00 64 64 4E 1A C2 00 00 090: 00 00 BF 22 00 64 64 22 00 00 00 00 00 00 C0 22 0A0: 00 FC FC 00 00 00 00 00 00 00 C2 02 00 40 3B 22 0B0: 00 0F 00 29 00 00 C3 3A 00 64 64 00 00 00 00 00 0C0: 00 00 C4 32 00 FC FC 00 00 00 00 00 00 00 C5 32 0D0: 00 FC FC 00 00 00 00 00 00 00 C6 30 00 FC FC 00 0E0: 00 00 00 00 00 00 C7 36 00 C8 C8 00 00 00 00 00 0F0: 00 00 C8 2A 00 64 64 00 00 00 00 00 00 00 DF 32 100: 00 FC FC 00 00 00 00 00 00 00 E1 32 00 63 63 40 110: 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 160: 00 00 00 00 00 00 00 00 00 00 00 00 FC 4E 00 5B 170: 03 00 01 00 02 FF 00 51 01 00 00 00 00 00 00 00 180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 75 -- SMART_READ_THRESHOLD ---------------------------------------------------- +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F 000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00 010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00 020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33 040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00 050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00 060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00 070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00 080: 00 00 00 00 00 00 B5 00 00 00 00 00 00 00 00 00 090: 00 00 BF 00 00 00 00 00 00 00 00 00 00 00 C0 00 0A0: 00 00 00 00 00 00 00 00 00 00 C2 00 00 00 00 00 0B0: 00 00 00 00 00 00 C3 00 00 00 00 00 00 00 00 00 0C0: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00 0D0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00 0E0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00 0F0: 00 00 C8 00 00 00 00 00 00 00 00 00 00 00 DF 00 100: 00 00 00 00 00 00 00 00 00 00 E1 00 00 00 00 00 110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 86 |
07.02.2015, 12:45 | #14 | |
/// the machine /// TB-Ausbilder | Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows UpdateZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.02.2015, 20:41 | #15 |
| Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update Ja, ich habe auch daran gedacht. Eine SSD werde ich der alten Kiste gönnen. Aber erstmal muss ich mir eine Gute aussuchen Ich bedanke mich vielmals. Und wenn du willst kannst du das Thema abschließen. |
Themen zu Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update |
8008005, administrator, code, fehler, fehlermeldung, funktioniert, gepostet, manuel, meldungen, nicht mehr, probleme, recovery, recovery cd, scan, screenshot, start, start von windows, system, trojanerboard, unbekannte, update, viren, virus, windows, windows 7, windows update, zurücksetzen |