![]() |
|
Log-Analyse und Auswertung: Windows update Fehler 80070426Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Windows update Fehler 80070426 Hallo Leute, ich komme einfach nicht mehr weiter durch suchen und ausprobieren über google. Wenn ich versuche mein Windows Vista upzudaten erhalte ich seit ca. 4 Monaten den Fehlercode 80070426. Die Slsvc kann ich über Dienste auch garnicht starten. Ich nutze Windows über die VMWare auf meinem Mac. Ich habe jetzt den Hijack Test laufen lassen und würde mich über euere fachkundige Meinung sehr freuen. Falls ich nicht den Forenregelen entsprechend genug Infos gepostet habe bitte entschuldigt das--bin zum ersten mal angemeldet. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:13:07, on 21.03.2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19154) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\VMware\VMware Tools\VMwareTray.exe C:\Program Files\VMware\VMware Tools\VMwareUser.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Andreas \AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WUVEY3P\HiJackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\ssBarLcher.dll (file missing) O3 - Toolbar: StartSearchToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\ssBarLcher.dll (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [VMware Tools] "C:\Program Files\VMware\VMware Tools\VMwareTray.exe" O4 - HKLM\..\Run: [VMware User Process] "C:\Program Files\VMware\VMware Tools\VMwareUser.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andreas \AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll O13 - Gopher Prefix: O16 - DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} (GO-Global 4) - https://goglobal4lic.maklersoftware.com/goglobal/plugins/gg-activex.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing) O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing) O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - ThinPrint AG - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe O23 - Service: TP VC Gateway Service (TPVCGateway) - ThinPrint AG - C:\Program Files\VMware\VMware Tools\TPVCGateway.exe O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe O23 - Service: VMware-Upgrade-Hilfsprogramm (VMUpgradeHelper) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe ich habe jetzt noch gelesen, dass HijackThis nicht mehr sinnvoll ist, deshlab nun die Auswertungen wie in der Checkliste beschrieben. DDS Attach GMER DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19154 Run by Andreas at 12:58:16 on 2012-03-21 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.1023.426 [GMT 1:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Microsoft SQL Server\MSSQL10.BTSQLINSTANZ\MSSQL\Binn\sqlservr.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\VMware\VMware Tools\vmtoolsd.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe C:\Program Files\VMware\VMware Tools\VMwareTray.exe C:\Program Files\VMware\VMware Tools\VMwareUser.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe C:\Windows\system32\dllhost.exe C:\Windows\System32\msdtc.exe C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\wuauclt.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.fondsfinanz.de/ mStart Page = hxxp://startsear.ch/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - c:\program files\vshare.tv plugin\ssBarLcher.dll TB: StartSearchToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - c:\program files\vshare.tv plugin\ssBarLcher.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [VMware Tools] "c:\program files\vmware\vmware tools\VMwareTray.exe" mRun: [VMware User Process] "c:\program files\vmware\vmware tools\VMwareUser.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey StartupFolder: c:\users\andrea~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\codeme~1.lnk - c:\program files\codemeter\runtime\bin\CodeMeterCC.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Free YouTube to MP3 Converter - c:\users\andreas \appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} - hxxps://goglobal4lic.maklersoftware.com/goglobal/plugins/gg-activex.cab DPF: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.109.2 TCP: Interfaces\{16DA9B34-0EE4-4A52-9716-E2E232151574} : DhcpNameServer = 192.168.109.2 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\andreas \appdata\roaming\mozilla\firefox\profiles\pvsw9u8k.default\ FF - prefs.js: browser.startup.homepage - hxxp://vshare.toolbarhome.com/?hp=df FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q= FF - plugin: c:\program files\java\j2re1.4.2_10\bin\NPJPI142_10.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 MpKsl479cd8cd;MpKsl479cd8cd;c:\programdata\microsoft\microsoft antimalware\definition updates\{8dc5d129-5531-4db4-b39b-1f00de735054}\MpKsl479cd8cd.sys [2012-3-21 29904] R1 vmhgfs;vmhgfs;c:\windows\system32\drivers\vmhgfs.sys [2011-1-13 129392] R1 vmrawdsk;Hilfsdienst für physischen VMware Vista-Datenträger;c:\program files\vmware\vmware tools\vmrawdsk.sys [2010-11-30 37744] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-1 66616] R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2010-6-30 2067344] R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-1-16 21504] R2 MSSQL$BTSQLINSTANZ;SQL Server (BTSQLINSTANZ);c:\program files\microsoft sql server\mssql10.btsqlinstanz\mssql\binn\sqlservr.exe [2009-3-30 43010392] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992] R2 VMMEMCTL;Treiber für Speichersteuerung;c:\program files\vmware\vmware tools\drivers\memctl\vmmemctl.sys [2011-5-21 14448] R2 VMTools;VMware Tools Service;c:\program files\vmware\vmware tools\vmtoolsd.exe [2011-5-21 50288] R2 VMUpgradeHelper;VMware-Upgrade-Hilfsprogramm;c:\program files\vmware\vmware tools\VMUpgradeHelper.exe [2011-5-21 174704] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] R3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\vmware\vmware tools\TPAutoConnSvc.exe [2010-11-30 255304] R3 vm3dmp;vm3dmp;c:\windows\system32\drivers\vm3dmp.sys [2011-6-1 77824] R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2011-1-13 61872] R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2011-1-13 11440] S1 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\drivers\vmdebug.sys [2010-11-30 23152] S2 AntiVirSchedulerService;Avira AntiVir Planer;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?] S2 AntiVirService;Avira AntiVir Guard;"c:\program files\avira\antivir desktop\avguard.exe" --> c:\program files\avira\antivir desktop\avguard.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 TPVCGateway;TP VC Gateway Service;c:\program files\vmware\vmware tools\TPVCGateway.exe [2010-11-30 390432] S3 vmvss;VMware Snapshot Provider;c:\windows\system32\dllhost.exe [2006-11-2 7168] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-15 84072] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336] S4 SQLAgent$BTSQLINSTANZ;SQL Server Agent (BTSQLINSTANZ);c:\program files\microsoft sql server\mssql10.btsqlinstanz\mssql\binn\SQLAGENT.EXE [2009-3-30 366936] . =============== Created Last 30 ================ . 2012-03-21 11:08:56 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8dc5d129-5531-4db4-b39b-1f00de735054}\MpKsl479cd8cd.sys 2012-03-19 11:57:44 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-03-19 11:57:23 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8dc5d129-5531-4db4-b39b-1f00de735054}\mpengine.dll 2012-03-07 15:28:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-03-07 15:28:50 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-03-07 15:09:58 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll 2012-03-07 15:09:57 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{770fb0e5-4d49-4a1b-bb27-d14b0ced2018}\gapaengine.dll 2012-03-07 14:49:59 -------- d-----w- c:\program files\Microsoft Security Client 2012-03-07 14:49:45 221568 ----a-w- c:\windows\system32\drivers\netio.sys . ==================== Find3M ==================== . 2012-03-07 15:08:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 12:58:54,61 =============== --- --- --- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Business Boot Device: \Device\HarddiskVolume1 Install Date: 13.01.2011 20:45:56 System Uptime: 21.03.2012 12:07:28 (0 hours ago) . Motherboard: Intel Corporation | | 440BX Desktop Reference Platform Processor: Intel(R) Core(TM)2 Duo CPU L9400 @ 1.86GHz | CPU socket #0 | 1859/mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 40 GiB total, 13,162 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP176: 07.03.2012 15:09:45 - Geplanter Prüfpunkt RP177: 07.03.2012 15:49:33 - Windows Update RP178: 19.03.2012 15:20:53 - NÜRNBERGER Beratungstechnologie 01/2011 wurde entfernt. RP179: 19.03.2012 16:02:18 - NÜRNBERGER Beratungstechnologie 01/2011 wurde entfernt. . ==== Installed Programs ====================== . Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader X (10.0.1) - Deutsch BeratungsNavigator Rechen-Zusatzmodul Beratungsprogramme W&W-Konzern CodeMeter Runtime Kit v4.20a Finanzplaner Free YouTube to MP3 Converter version 3.10.11.923 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Java 2 Runtime Environment, SE v1.4.2_10 KV-WIN LV-WIN Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Antimalware Microsoft Antimalware Service DE-DE Language Pack Microsoft Application Error Reporting Microsoft Security Client Microsoft Security Client DE-DE Language Pack Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP1 (Deutsch) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox (3.6.16) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser und SDK PDFCreator Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Sentinel Protection Installer 7.5.0 Service Pack 1 for SQL Server 2008 (KB968369) Spybot - Search & Destroy Sql Server Customer Experience Improvement Program TAS Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Veetle TV 0.9.18 VideoLAN VLC media player 0.8.2 VMware Tools VOLKSWOHL BUND - Angebotsprogramm Komfort . ==== End Of File =========================== GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-03-21 13:58:30 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000059 VMware,_ rev.1.0_ Running: 6oyd5cu5.exe; Driver: C:\Users\ANDREA~1\AppData\Local\Temp\kftoyaow.sys ---- System - GMER 1.0.15 ---- SSDT 86B58FE6 ZwCreateSection SSDT 86B58FEB ZwSetContextThread SSDT 86B58F87 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 215 81CF3998 4 Bytes [E6, 8F, B5, 86] {OUT 0x8f, AL; MOV CH, 0x86} .text ntkrnlpa.exe!KeSetEvent + 56D 81CF3CF0 4 Bytes [EB, 8F, B5, 86] {JMP 0xffffffffffffff91; MOV CH, 0x86} .text ntkrnlpa.exe!KeSetEvent + 621 81CF3DA4 4 Bytes [87, 8F, B5, 86] ---- Files - GMER 1.0.15 ---- File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun-55-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock 0 bytes ---- EOF - GMER 1.0.15 ---- |
Themen zu Windows update Fehler 80070426 |
adobe, antivir, antivir guard, avg, avgnt, avira, bho, checkliste, desktop, fehler, fontcache, hijack, hijackthis, internet, internet explorer, microsoft, microsoft security, microsoft security essentials, mp3, object, pup.vshareredir, security, server, software, startsearch, suche, system, update fehler, vista, windows, windows update fehler, windows update fehler 80070426 |