Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927

Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927


Log-Analyse und Auswertung: Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.10.2014, 12:54   #1
Matarice
 
Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927 - Standard

Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927


Hallo!

Wie der Titel schon sagt, kann ich KB2949927 (https://support.microsoft.com/kb/2949927) nicht installieren, nach dem Neustart von Windows kommt nach ca. 72% der Konfiguration des Updates der Fehler: "Fehler beim Konfigurieren von Windows-Updates. Änderungen werden rückgängig gemacht. Schalten Sie den Computer nicht aus." Da SHA-2 "pretty much essential" ist (warum kann Windows das eigentlich noch nicht...?) ist mir irgendwie viel daran gelegen das Update zu bekommen...
Zitat:
Error 0x80004005 denotes "Access denied"
Quelle: hxxp://www.windowsanswers.net/slimware/fix-0x80004005
Da es sich um ein verdammtes Windows-Update handelt und ich auch ein-zwei Stolpersteine in meiner Konfiguration überprüft habe, liegt der Gedanke nahe dass mein gutes Win7 einen Virus hat. Achja ich war vor ca. 2 Wochen auf einer LAN-Party von Freunden, kann gut sein dass ich mir da was eingefangen habe...
Zitat:
Common causes of Error 0x80004005...
  • Misconfiguration in system
  • The user is not logged in as an Administrator
  • The user mistakenly denied elevated privileges to the program's request.
  • The program is requesting access to an object that does not supply sufficient privileges for itself.
  • Virus/Malware infections
Normalerweise würde ich Windows einfach neu installieren, allerdings ist auf dem Laptop ein Dual-Boot mit Ubuntu welches ich für meine Bachelorarbeit brauche, und Windows sich bei nachträglicher Installation bekanntermaßen nicht so gut mit GRUB verträgt...

LG Mata*

PS.: Nach Überfliegen der Logs hab ich mal den Platz, den Windows für seine Wiederherstellungspunkte nutzen darf, von 600MB auf 1,2GB erhöht, und probier gleich nochmal das Update zu installieren. Denk eigentlich nicht dass es daran liegt, denn die derzeitige Belegung sind 265MB, aber wer weiß... Wegen:
Zitat:
Error: (10/15/2014 05:43:58 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
EDIT: Nein immer noch das gleiche Problem.
PPS.: Während der LAN-Party hat das Akku-Symbol in der Taskleiste sich plötzlich gemeldet mit: "Sie sollten den Akku austauschen" und das Symbol hat sich geändert in das Akku-Symbol, was angezeigt wird wenn man den Akku draußen hat. Wenn ich inzwischen den Akku drin habe, ist es auch das Kein-Akku-Symbol und wenn ich draufklicke sagt es mir, ich sollte den Akku austauschen und: "(i) Es ist ein Problem mit dem Akku aufgetreten. Dies führt möglicherweise dazu, dass der Computer plötzlich heruntergefahren wird." und einem Haken bei "Warnen, wenn die Batterie ausgetauscht werden muss", was vorher auch nicht da war. Der Laptop ist zwar schon ein wenig älter, mir ist aber nicht aufgefallen, dass die Akku-Kapazität stark abgenommen hätte. Ich betreibe ihn sowieso meistens mit Netzteil. Ubuntu hat sich nicht wegen dem Akku gemeldet, ich weiß aber auch nicht ob es das täte, wenn die Kapazität unter 40% des Anfangswertes fällt oder sowas.


defogger_diable.log:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:29 on 16/10/2014 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST.txt:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by Admin (administrator) on MATAS_LAPTOP_W on 16-10-2014 12:32:37
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ATK) C:\_Treiber\Power4Gear Hybrid\BatteryLife.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices Inc.) C:\_Treiber\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\_Treiber\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\_EIGENE_PROGRAMME\Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\_Treiber\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKU\S-1-5-21-3873913517-844248424-351874217-1000\...\MountPoints2: E - E:\RiskInstall.exe
HKU\S-1-5-21-3873913517-844248424-351874217-1000\...\MountPoints2: {7fbc2d5f-08d2-11e3-b0ff-806e6f6e6963} - J:\autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1533412DF39CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 212.202.215.1 212.202.215.2

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cigv6vrs.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: HTTPS-Everywhere - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cigv6vrs.default\Extensions\https-everywhere@eff.org [2014-09-13]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cigv6vrs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-23]
FF StartMenuInternet: FIREFOX.EXE - C:\_EIGENE_PROGRAMME\Firefox\firefox.exe

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 12:32 - 2014-10-16 12:33 - 00005221 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-10-16 12:32 - 2014-10-16 12:32 - 00000000 ____D () C:\FRST
2014-10-16 12:31 - 2014-10-16 12:32 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-16 12:29 - 2014-10-16 12:29 - 02111488 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-10-16 12:29 - 2014-10-16 12:29 - 00000472 _____ () C:\Users\Admin\Desktop\defogger_disable.log
2014-10-16 12:29 - 2014-10-16 12:29 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-10-16 12:28 - 2014-10-16 12:28 - 00050477 _____ () C:\Users\Admin\Desktop\Defogger.exe
2014-10-15 17:01 - 2014-09-20 07:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 17:01 - 2014-09-20 07:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 17:01 - 2014-09-20 07:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 17:01 - 2014-09-20 07:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 17:01 - 2014-09-20 07:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 17:01 - 2014-09-20 07:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 17:01 - 2014-09-20 07:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 17:01 - 2014-09-20 07:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 17:01 - 2014-09-20 07:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 17:01 - 2014-09-20 07:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 17:01 - 2014-09-20 07:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 17:01 - 2014-09-20 07:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 17:01 - 2014-09-20 07:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-15 17:01 - 2014-09-20 07:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 17:01 - 2014-09-20 07:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 17:01 - 2014-09-20 07:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 17:01 - 2014-09-20 07:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 17:01 - 2014-09-20 07:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 17:01 - 2014-09-20 07:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 17:01 - 2014-09-20 07:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 17:01 - 2014-09-20 05:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 17:01 - 2014-09-20 05:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 17:01 - 2014-09-20 05:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 17:01 - 2014-09-20 05:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 17:01 - 2014-09-20 05:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 17:01 - 2014-09-20 05:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 17:01 - 2014-09-20 05:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 17:01 - 2014-09-20 05:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 17:01 - 2014-09-20 05:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 17:01 - 2014-09-20 05:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 17:01 - 2014-09-20 05:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 17:01 - 2014-09-20 05:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-15 17:01 - 2014-09-20 05:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 17:01 - 2014-09-20 05:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 17:01 - 2014-09-20 05:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 17:01 - 2014-09-20 05:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 17:01 - 2014-09-20 05:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 17:01 - 2014-09-20 05:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 17:01 - 2014-09-20 05:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 17:01 - 2014-09-20 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 17:01 - 2014-09-20 05:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 17:00 - 2014-09-05 04:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 17:00 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 17:00 - 2014-08-29 04:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 17:00 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 17:00 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 17:00 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 17:00 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 17:00 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 17:00 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 17:00 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 17:00 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 17:00 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 17:00 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 17:00 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 17:00 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 17:00 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 17:00 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 17:00 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 17:00 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 17:00 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 16:59 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 16:59 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 16:59 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 16:59 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 16:59 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 16:59 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 16:59 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-13 19:24 - 2014-10-13 19:24 - 00001297 _____ () C:\Users\Admin\Desktop\Age of Empires 2 Forgotten Empires.lnk
2014-10-11 11:56 - 2014-10-11 11:56 - 00275416 _____ () C:\Windows\Minidump\101114-19936-01.dmp
2014-10-09 13:38 - 2014-10-09 13:38 - 00275416 _____ () C:\Windows\Minidump\100914-17862-01.dmp
2014-10-09 13:21 - 2014-10-09 13:21 - 00275416 _____ () C:\Windows\Minidump\100914-22822-01.dmp
2014-10-09 13:19 - 2014-10-09 13:19 - 00000846 _____ () C:\Users\Public\Desktop\Civilization III starten.lnk
2014-10-09 13:15 - 2014-10-09 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames
2014-10-07 19:39 - 2014-10-07 19:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\NFS Underground 2
2014-10-07 19:34 - 2014-10-07 19:34 - 00000743 _____ () C:\Users\Public\Desktop\Need for Speed Underground 2.lnk
2014-10-07 19:34 - 2014-10-07 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NFS_U2
2014-10-07 05:12 - 2014-10-07 05:12 - 00000000 ____D () C:\ProgramData\Steam
2014-10-07 02:05 - 2014-10-07 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Editor
2014-10-07 02:05 - 2014-10-07 02:05 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2014-10-07 02:05 - 2014-10-07 02:05 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2014-10-06 21:34 - 2014-10-06 21:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
2014-10-06 21:32 - 2014-10-06 21:40 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-10-01 17:05 - 2014-10-01 17:05 - 00275416 _____ () C:\Windows\Minidump\100114-16879-01.dmp
2014-10-01 15:54 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 15:54 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-27 22:23 - 2014-09-27 22:23 - 00275416 _____ () C:\Windows\Minidump\092714-17004-01.dmp
2014-09-26 20:55 - 2014-09-26 20:55 - 00000000 ____D () C:\Windows\pss
2014-09-26 20:48 - 2014-09-26 20:48 - 00275416 _____ () C:\Windows\Minidump\092614-20311-01.dmp
2014-09-24 19:57 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 19:57 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 12:29 - 2013-08-19 15:34 - 00000000 ____D () C:\Users\Admin
2014-10-16 12:08 - 2013-08-19 15:26 - 01431111 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 12:08 - 2009-07-14 06:45 - 00020528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-16 12:08 - 2009-07-14 06:45 - 00020528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-16 12:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-16 12:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 12:02 - 2009-07-14 06:51 - 00178991 _____ () C:\Windows\setupact.log
2014-10-16 12:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 12:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 22:38 - 2011-04-12 09:43 - 00699134 _____ () C:\Windows\system32\perfh007.dat
2014-10-15 22:38 - 2011-04-12 09:43 - 00149242 _____ () C:\Windows\system32\perfc007.dat
2014-10-15 22:38 - 2009-07-14 07:13 - 01618440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-15 17:39 - 2009-07-14 06:45 - 00267816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 17:04 - 2013-08-19 18:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 17:02 - 2013-08-19 18:24 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 10:46 - 2014-08-16 13:59 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-10-15 10:46 - 2013-08-23 09:04 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-15 10:46 - 2013-08-23 09:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-14 08:04 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-11 11:56 - 2014-01-15 23:56 - 00000000 ____D () C:\Windows\Minidump
2014-10-09 13:20 - 2010-11-21 05:47 - 00008848 _____ () C:\Windows\PFRO.log
2014-10-09 13:15 - 2013-10-09 18:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-09 13:07 - 2013-08-19 19:23 - 00000000 ____D () C:\_EIGENE_PROGRAMME
2014-10-09 00:46 - 2013-09-16 15:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2014-10-07 19:38 - 2014-01-15 23:41 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-25 14:13 - 2014-08-19 18:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.minecraft
2014-09-25 00:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-22 08:42 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-19 18:00 - 2013-11-06 23:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\AutoRun.exe
C:\Users\Admin\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Admin\AppData\Local\Temp\bitool.dll
C:\Users\Admin\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Admin\AppData\Local\Temp\msvcr80.dll
C:\Users\Admin\AppData\Local\Temp\SimPack.exe
C:\Users\Admin\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Admin\AppData\Local\Temp\WZCPlugin_VISTA.exe
C:\Users\Admin\AppData\Local\Temp\zlib1.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 00:44

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 02
Ran by Admin at 2014-10-16 12:33:45
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden
ASUS Power4Gear Hybrid (HKLM\...\{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}) (Version: 1.1.19 - ASUS)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Catalyst Pro Control Center (x32 Version: 2013.0429.2313.39747 - Ihr Firmenname) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Civilization III (HKLM-x32\...\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}) (Version:  - )
Civilization III v1.29f (HKLM-x32\...\{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}) (Version:  - )
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Fallout 2 (HKLM-x32\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.12 - GOG.com)
Fallout Tactics (HKLM-x32\...\GOGPACKFALLOUTTACTICS_is1) (Version: 2.0.0.8 - GOG.com)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
IZArc 4.1.8 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.8 - Ivan Zahariev)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Windows Journal Viewer (HKLM-x32\...\{43DCF766-6838-4F9A-8C91-D92DA586DFA8}) (Version: 1.5.2316.0 - Microsoft)
Minecraft (HKLM-x32\...\Minecraft) (Version: - )
Mozilla Firefox 23.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 de)) (Version: 23.0.1 - Mozilla)
Mozilla Firefox 32.0.3 (x86 de) (HKCU\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version:  - )
NewFreeScreensaver nfsWorldTime03 (HKLM-x32\...\nfsWorldTime03 New Free Screensaver_is1) (Version:  - )
Risk II (HKLM-x32\...\{0EE11800-A1BD-11D3-BFEB-005004AF2D32}) (Version:  - )
Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
SecureW2 EAP Suite 1.1.3 for Windows (HKLM-x32\...\SecureW2 EAP Suite) (Version:  - )
Shutdown Tool (HKLM-x32\...\Shutdown Tool_is1) (Version:  - Koma-Code)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VUPlayer (HKLM-x32\...\VUPlayer) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3873913517-844248424-351874217-1000_Classes\CLSID\{609a06df-2eca-4670-9ef1-33782ec29f1f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

16-10-2014 09:52:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {BFD4BC14-6A5E-428A-A747-2E2B22A2A70C} - System32\Tasks\ASUS P4G => C:\_Treiber\Power4Gear Hybrid\BatteryLife.exe [2009-07-28] (ATK)

==================== Loaded Modules (whitelisted) =============

2009-05-05 11:00 - 2009-05-05 11:00 - 00041472 _____ () C:\_Treiber\Power4Gear Hybrid\DevMng.dll
2009-07-27 11:12 - 2009-07-27 11:12 - 00026624 _____ () C:\_Treiber\Power4Gear Hybrid\OvrClk.dll
2013-08-20 20:22 - 2012-07-20 14:39 - 02469888 _____ () C:\_EIGENE_PROGRAMME\IZArc\IZArcCM64.dll
2013-06-18 16:49 - 2013-06-18 16:49 - 00016384 _____ () C:\_Treiber\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-30 00:08 - 2013-04-30 00:08 - 00369152 _____ () C:\_Treiber\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-09-24 21:15 - 2014-09-24 21:15 - 03715184 _____ () C:\_EIGENE_PROGRAMME\Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: SpeedUpMyComputer => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as
MSCONFIG\startupreg: SpeedUpMyComputer.exe => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss

========================= Accounts: ==========================

Admin (S-1-5-21-3873913517-844248424-351874217-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3873913517-844248424-351874217-500 - Administrator - Disabled)
Gast (S-1-5-21-3873913517-844248424-351874217-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Intel(R) WiFi Link 5100 AGN
Description: Intel(R) WiFi Link 5100 AGN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETw5s64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2014 00:04:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2014 11:53:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: ASR Writer
   Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Generatorname: ASR Writer
   Generatorinstanz-ID: {2bcf20ce-738d-4c3c-a6d5-8cd07a697e29}

Error: (10/16/2014 11:46:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2014 09:37:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2014 05:42:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2014 05:23:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2014 05:16:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2014 05:01:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsrWriterBackup::GetDiskComponents" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070057, Falscher Parameter.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: ASR Writer
   Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Generatorname: ASR Writer
   Generatorinstanz-ID: {b17b9ab3-dc77-410e-98ae-897c29dbf156}

Error: (10/15/2014 04:52:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2014 10:46:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/16/2014 00:08:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2949927)

Error: (10/15/2014 05:43:58 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/15/2014 05:42:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2949927)

Error: (10/15/2014 05:29:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (10/15/2014 05:27:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Search" wurde nicht richtig gestartet.

Error: (10/15/2014 11:24:32 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom1.

Error: (10/15/2014 10:46:33 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (10/13/2014 06:39:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (10/11/2014 00:05:55 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom1.

Error: (10/11/2014 11:56:42 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff88002dc72ce, 0xfffff88008f57c80, 0x0000000000000000)C:\Windows\MEMORY.DMP101114-19936-01


Microsoft Office Sessions:
=========================
Error: (10/16/2014 00:04:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2014 11:53:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: ASR Writer
   Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Generatorname: ASR Writer
   Generatorinstanz-ID: {2bcf20ce-738d-4c3c-a6d5-8cd07a697e29}

Error: (10/16/2014 11:46:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2014 09:37:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2014 05:42:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2014 05:23:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2014 05:16:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2014 05:01:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, Falscher Parameter.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: ASR Writer
   Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Generatorname: ASR Writer
   Generatorinstanz-ID: {b17b9ab3-dc77-410e-98ae-897c29dbf156}

Error: (10/15/2014 04:52:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2014 10:46:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 39%
Total physical RAM: 4095.11 MB
Available physical RAM: 2475.85 MB
Total Pagefile: 8188.41 MB
Available Pagefile: 6253.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:60.06 GB) (Free:8.77 GB) NTFS
Drive d: (DATA) (Fixed) (Total:200.29 GB) (Free:2.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 6900098F)
Partition 1: (Active) - (Size=37.6 GB) - (Type=05)
Partition 2: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=60.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=200.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Gmer.log:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-16 13:39:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C 298,09GB
Running: gl3vk77w.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kwtyipob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 712                               fffff80002fb40b8 12 bytes [10, BE, 5B, 0F, A0, F8, FF, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 727                               fffff80002fb40c7 8 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243beaace                      
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243beaace (not active ControlSet)  

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                            unknown MBR code

---- EOF - GMER 2.1 ----
MBAM-Log (Hat wohl irgendwelche Adware gefunden, hab sie in Quarantäne geschoben):
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 16.10.2014
Scan Time: 13:07:26
Logfile: mbam_scan_log_2014-10-16_13h20m.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.16.03
Rootkit Database: v2014.10.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 299610
Time Elapsed: 12 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3873913517-844248424-351874217-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [590ad045aad26dc90d82b9aed0347c84], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.Somoto, C:\Users\Admin\AppData\Local\Temp\bitool.dll, , [b2b13dd87309c96da02a2c40bb4734cc], 
PUP.Optional.Somoto.A, C:\Users\Admin\AppData\Local\Temp\nsg8D25.tmp, , [69fadf364339a78f75d38ca043becd33], 
PUP.Optional.Somoto.A, C:\Users\Admin\AppData\Local\Temp\nsfC026.tmp, , [d78cf2236b113ef8c088f13ba55cb848], 

Physical Sectors: 0
(No malicious items detected)


(end)
Hab leider keine älteren MBAM-Logs da ich es mir gerade erst installiert habe...
Miniaturansicht angehängter Grafiken
Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927-akku.jpg  
Geändert von Matarice (16.10.2014 um 13:17 Uhr) Grund: PPS wegen Akku eingefügt. PS editiert.

Alt 16.10.2014, 13:08   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927 - Standard

Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927


Hi,

Malware ist da keine.
__________________

__________________
Alt 16.10.2014, 18:12   #3
Matarice
 
Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927 - Standard

Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927


Zitat:
Zitat von schrauber Beitrag anzeigen
Hi,

Malware ist da keine.
Hmm ok danke, könnte ein Mod dann vielleicht den Thread ins Windows-Forum verschieben? Vielleicht finde ich dort Hilfe.

LG Mata*
__________________
Geändert von Matarice (16.10.2014 um 18:12 Uhr) Grund: Typo

Alt 17.10.2014, 08:37   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927 - Standard

Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927


schon gelesen?

https://social.technet.microsoft.com...w7itproinstall
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.10.2014, 12:09   #5
Matarice
 
Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927 - Standard

Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927


Zitat:
Zitat von schrauber Beitrag anzeigen
schon gelesen?

https://social.technet.microsoft.com/Forums/en-US/bc191121-94ab-483f-ae9f-d5056ca3aae5/kb2949927-fails-to-install-if-bitlocker-fvevol-service-is-disabled?forum=w7itproinstall
Ja habe ich, der Dienst läuft bei mir und steht auch in der Registry. Ich hab natürlich Google bemüht vorher... wahrscheinlich muss ich mal nächste Woche ein Ticket beim Microsoft-Support aufgeben falls die sowas haben. Danke trotzdem, und schönes Wochenende noch. ;-)


Alt 18.10.2014, 20:43   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927 - Standard

Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927


Ja mach das mal. Windows Update Fehler sind ne Welt für sich. Ein fehler - zig tausend Möglichkeiten.
__________________
--> Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927

Alt 12.11.2014, 20:58   #7
Matarice
 
Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927 - Standard

Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927


Ich hatte das zwischendurch ganz vergessen, aber als ich heute Updates installiert habe fiel es mir wieder ein...
Das Problem hat sich insofern "gelöst", als dass das Update von Windows Update nicht mehr angeboten wird. Es befindet sich auch nicht bei den ausgeblendeten Updates... Ich lass es jetzt einfach so. Ich könnte versuchen es manuell zu installieren aber das ist mir den ganzen fuss gerade nicht wert. System läuft ja noch stabil...

Alt 13.11.2014, 17:01   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927 - Standard

Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927


Ja genau, weg lassen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927
0x80004005, 2949927, 4d36e972-e325-11ce-bfc1-08002be10318, access denied, adware, bluescreen 0x0000003b, branding, error 0x80004005, fehlercode 22, fehlercode 28, flash player, homepage, installation, kb2949927, memory.dmp, mozilla, pup.optional.1clickdownload.a, pup.optional.somoto, pup.optional.somoto.a, security, services.exe, svchost.exe, this device is disabled. (code 22), warum


« Commerzbank TAN-Abfrade Trojaner…. | Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen. »


Ähnliche Themen: Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927


  1. win7 Update.exe Fehler seit letztem Update
    Alles rund um Windows - 22.08.2015 (2)
  2. Windows 8.1 Start durch Update Installation scheinbar eingefroren
    Log-Analyse und Auswertung - 29.06.2015 (3)
  3. Kernal Data Inpage Error unter Win7 Home Premium
    Alles rund um Windows - 02.03.2015 (4)
  4. Windows 8: Werbung im Browser/ unerwünschte Installation: Continue Live Installation
    Log-Analyse und Auswertung - 20.02.2015 (24)
  5. Windows 7: Avira - Probleme bei Update und Installation
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (30)
  6. Win7 Umbenennung Chrome Browser, Installation Continue Live Installation
    Log-Analyse und Auswertung - 01.01.2015 (11)
  7. Notebook fährt nach Installation von Win7 Nichtmehr hoch
    Alles rund um Windows - 30.11.2014 (16)
  8. Win7 64bit "Windows Version installer, Continue VuuPC Installation, MyPC Backup, Advanced System Protector,..."
    Log-Analyse und Auswertung - 03.07.2014 (21)
  9. Dauer-Lüfterlauf nach win7-Installation plus Zubehör........
    Log-Analyse und Auswertung - 15.05.2014 (15)
  10. Win7: ShopperPro, Quone8, BonanzaDeals etc, ein Haufen hartnäckiger Mist und Windows-Update blockiert
    Log-Analyse und Auswertung - 09.05.2014 (9)
  11. Update Problem Error Meldung
    Alles rund um Windows - 28.03.2014 (5)
  12. Div. Bluescreens bei Win7 und Win7-Installation nach durchgeb. Netzteil
    Alles rund um Windows - 24.11.2013 (8)
  13. Windows update / net framework 4 installation / viren
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (26)
  14. Win7 FireFox Googlesearch HTTP Error 302 - Moved
    Log-Analyse und Auswertung - 21.08.2013 (11)
  15. Java Installation bei Win 7 wird abgebrochen mit Fehlermeldung: browser launch error:87
    Alles rund um Windows - 25.04.2013 (12)
  16. Windows Update - Installation fehlgeschlagen!
    Alles rund um Windows - 28.09.2012 (6)
  17. Skype error - nvidia nForce v2 treiber installation fehlgeschlagen
    Alles rund um Windows - 14.06.2004 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927 - Hallo! Wie der Titel schon sagt, kann ich KB2949927 (https://support.microsoft.com/kb/2949927) nicht installieren, nach dem Neustart von Windows kommt nach ca. 72% der Konfiguration des Updates der Fehler: "Fehler beim Konfigurieren - Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927...
Archiv
Du betrachtest: Win7: Error 0x80004005 bei Installation von Windows-Update KB2949927 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131