Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Kann nicht booten - nur safe mode geht

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.01.2016, 23:31   #1
e4ch
 
Kann nicht booten - nur safe mode geht - Standard

Kann nicht booten - nur safe mode geht



Hallo, ich habe einen alten Notebook von einem Familienmitglied zum Reparieren bekommen. Enthält Windows 7 Professional und beim Starten gibt es nach dem automatischen Einloggen (kein Passwort gesetzt) einen Bluescreen (IRQL not less or equal oder sowas). Im Safe Mode funktioniert alles. Safe Mode mit Network geht auch nicht. Ich habe im Safe Mode in msconfig mal alles deaktiviert und nur Microsoft übrig gelassen. Auch das hat nichts geholfen. Via USB Stick habe ich mal Malwarebytes installiert und laufen lassen (Aktualisierung ging natürlich nicht) aber nichts wurde gefunden (nur ein paar PUP, jetzt entfernt). Ich habe auch einen neuen Benutzer angelegt und damit probiert; ohne Erfolg. Vielleicht ist ja auch was an der Hardware kaputt, aber wenn im Safe Mode alles läuft, scheint dies unwahrscheinlich. Was sollte ich tun um einen möglichst kompletten Check auf Malware durchzuführen? Es scheint eine Windows Installation vom Büro oder sowas vorzuliegen, d.h. alles neu Installieren ist wohl keine Option.

Ach ja, noch ein paar Zusatzinfos: Es ist Windows 32-bit. Farbar log FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016
Ran by newacct (administrator) on family-PC (28-01-2016 00:18:32)
Running from E:\
Loaded Profiles: newacct (Available Profiles: family & newacct)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [12118840 2015-03-28] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{71A9B5BB-67CD-4C4E-A214-A5A975300559}: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.6
Tcpip\..\Interfaces\{7FE26E94-8532-45C0-88F4-B901C05A5A56}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C63E33CD-7F42-481C-888F-2F8A95D97026}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1318077124662

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-07-19] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1589152 2011-09-28] (Microsoft Corp.)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S4 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [148840 2011-07-04] (Lenovo Group Limited)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\Windows\System32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [231640 2011-06-14] (Intel Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 MpKslae919e87; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BE4769EB-80FE-4CAA-956B-66C690F7A1D4}\MpKslae919e87.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-28 00:18 - 2016-01-28 00:18 - 00000000 ____D C:\FRST
2016-01-28 00:16 - 2016-01-28 00:17 - 00144744 _____ C:\Windows\Minidump\012816-23446-01.dmp
2016-01-28 00:15 - 2016-01-28 00:15 - 00001423 _____ C:\Users\newacct.family-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-28 00:15 - 2016-01-28 00:15 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Roaming\Adobe
2016-01-28 00:15 - 2016-01-28 00:15 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Local\VirtualStore
2016-01-27 21:28 - 2016-01-27 21:28 - 00144744 _____ C:\Windows\Minidump\012716-22838-01.dmp
2016-01-27 21:28 - 2016-01-27 21:28 - 00000020 ___SH C:\Users\newacct.family-PC\ntuser.ini
2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\My Documents
2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Videos
2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Pictures
2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Music
2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 ____D C:\Users\newacct.family-PC
2016-01-27 21:28 - 2011-10-08 15:19 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Local\Microsoft Help
2016-01-27 21:28 - 2011-04-12 03:24 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Roaming\Media Center Programs
2016-01-27 21:26 - 2016-01-27 21:26 - 00001423 _____ C:\Users\newacct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-27 21:26 - 2016-01-27 21:26 - 00000020 ___SH C:\Users\newacct\ntuser.ini
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\My Documents
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Videos
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Pictures
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Music
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct\AppData\Roaming\Adobe
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct\AppData\Local\VirtualStore
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct
2016-01-27 21:26 - 2011-10-08 15:19 - 00000000 ____D C:\Users\newacct\AppData\Local\Microsoft Help
2016-01-27 21:26 - 2011-04-12 03:24 - 00000000 ____D C:\Users\newacct\AppData\Roaming\Media Center Programs
2016-01-27 21:21 - 2016-01-27 21:21 - 00144744 _____ C:\Windows\Minidump\012716-25630-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-28 00:18 - 2015-06-29 22:40 - 03772346 _____ C:\Windows\ntbtlog.txt
2016-01-28 00:16 - 2015-06-29 22:34 - 00000000 ____D C:\Windows\Minidump
2016-01-28 00:16 - 2015-06-29 22:30 - 257937958 _____ C:\Windows\MEMORY.DMP
2016-01-28 00:15 - 2011-10-08 15:12 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-28 00:14 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-24 22:07

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---

--- --- ---


Addition.txt:
[CODE]Additional
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version:27-01-2016
Ran by newacct (2016-01-28 00:19:14)
Running from E:\
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2011-10-08 11:50:59)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-113424255-1033402217-2363257390-500 - Administrator - Disabled)
newacct (S-1-5-21-113424255-1033402217-2363257390-1004 - Administrator - Enabled) => C:\Users\newacct.family-PC
family (S-1-5-21-113424255-1033402217-2363257390-1000 - Administrator - Enabled) => C:\Users\family
Guest (S-1-5-21-113424255-1033402217-2363257390-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-113424255-1033402217-2363257390-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Brother MFL-Pro Suite MFC-240C (HKLM\...\{7E48AFD3-F28A-4E54-99A8-9F3A4A27DBC4}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
EasyTax 2011 BL 1.01 (HKLM\...\EasyTax 2011 BL 1.01) (Version:  - HWI Solutions AG)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4461 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{8A6BB58D-82A9-4FC7-B65F-A4EA87A4C138}) (Version: 7.250.4287.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.62 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4E523091-538B-4FBE-9F02-EE87FC1933FD} - System32\Tasks\Microsoft\Windows\MemDiag => C:\Windows\system32\mdres.exe [2009-07-14] (Microsoft Corporation)
Task: {5C0EFDD3-C42D-43D4-971C-617B456F5C47} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {62BDAC61-F98E-4741-8F3A-8AA5AEC32E08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {867EDA05-0E8B-4E63-97D2-668DB977DF3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {9F58D74E-A622-4E66-9D63-AAFBB1B052E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {B6AA52D9-934F-42C0-817F-6F6F57A46F39} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2011-07-04] (Lenovo Group Limited)
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AEADIFilters => 2
MSCONFIG\Services: Ati External Event Utility => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: DozeSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IBMPMSVC => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Power Manager DBC Service => 3
MSCONFIG\Services: PwmEWSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TpShocks => TpShocks.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A7C93AE7-0858-48A5-9930-A5874F595186}] => (Allow) C:\Program Files\Microsoft Lync\communicator.exe
FirewallRules: [{D7E509F5-231D-408E-AE10-E6CC7F77BABD}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi.exe
FirewallRules: [{1E8D97DA-478C-4A8E-B72F-2FEAF3310094}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BCC5C774-2870-4AA8-B773-F0164D7CBB39}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{09C724EB-4FBE-428E-95A7-2EFAE6449BC0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B64CD706-BA02-4B17-AADA-23AABF0959B7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8C529A0A-4E95-4ACB-A7E3-D14B08E45825}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{386AF724-31F3-4753-B72A-02D911C54F3E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

==================== Restore Points =========================

02-06-2015 14:45:09 Windows Update
05-06-2015 22:24:19 Windows Update
09-06-2015 09:10:28 Windows Update
11-06-2015 10:51:56 Windows Update
18-06-2015 16:32:27 Windows Update
24-06-2015 21:38:46 Windows Update
29-06-2015 21:29:22 Windows Update
29-06-2015 22:15:21 Windows Update
05-07-2015 16:32:06 Windows Update
05-07-2015 16:32:49 Windows Backup
05-07-2015 18:19:30 Windows Update
05-07-2015 18:44:23 restorepunkt-5JUL-15
05-07-2015 18:50:06 Windows Update

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2016 12:18:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2016 12:15:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2016 09:29:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2016 09:22:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2015 05:45:17 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (12/23/2015 05:44:18 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (12/23/2015 05:44:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (12/23/2015 05:44:02 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (12/23/2015 05:43:52 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (12/23/2015 05:43:38 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).


System errors:
=============
Error: (01/28/2016 12:17:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (01/28/2016 12:17:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (01/28/2016 12:17:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (01/28/2016 12:17:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (01/28/2016 12:17:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (01/28/2016 12:17:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (01/28/2016 12:17:46 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/28/2016 12:17:45 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/28/2016 12:17:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 0.0.0.0

	Update Source: %NT AUTHORITY51

	Update Stage: 4.8.0204.00

	Source Path: 4.8.0204.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\NETWORK SERVICE

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (01/28/2016 12:17:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.201.1018.0

	Update Source: %NT AUTHORITY51

	Update Stage: 4.8.0204.00

	Source Path: 4.8.0204.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\NETWORK SERVICE

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608


==================== Memory info =========================== 

Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz
Percentage of memory in use: 15%
Total physical RAM: 3070.43 MB
Available physical RAM: 2609.14 MB
Total Virtual: 6139.17 MB
Available Virtual: 5719.75 MB

==================== Drives ================================

Drive c: (Ge_W7_exNB) (Fixed) (Total:148.95 GB) (Free:103.36 GB) NTFS
Drive e: (PATRIOT) (Removable) (Total:7.19 GB) (Free:7.15 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 63179D80)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: 481EA962)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B)

==================== End of Addition.txt ============================
         
--- --- ---

--- --- ---

--- --- ---

Alt 28.01.2016, 16:22   #2
M-K-D-B
/// TB-Ausbilder
 
Kann nicht booten - nur safe mode geht - Standard

Kann nicht booten - nur safe mode geht






Ich sehe keine Schadsoftware.

Neuinstallation ist das einzig richtige bei so etwas.
__________________

__________________

Alt 28.01.2016, 22:29   #3
e4ch
 
Kann nicht booten - nur safe mode geht - Standard

Kann nicht booten - nur safe mode geht



Natürlich kann es auch ein Treiberproblem oder sowas sein. Aber was macht dich so sicher, dass da keine Malware drauf ist? Nur weil im Safe Mode mit obigem Scan nichts gefunden wurde?
__________________

Alt 29.01.2016, 20:02   #4
M-K-D-B
/// TB-Ausbilder
 
Kann nicht booten - nur safe mode geht - Standard

Kann nicht booten - nur safe mode geht



Servus,



wir machen mal folgendes:

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.


__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 31.01.2016, 20:22   #5
e4ch
 
Kann nicht booten - nur safe mode geht - Standard

Kann nicht booten - nur safe mode geht



Hallo, also es gibt Neuigkeiten.
Beim Versuch das Logfile zu erstellen, habe ich vor dem Bluescreen noch die Meldung erhalten, dass Windows nicht lizenziert sei "activation required". Das kam bisher nicht. Sobald ich dann etwas geklickt hatte (oder auch einfach warten) kam dann der Bluescreen wie bisher. Weiterhin nur Safe Mode ging.
Nun das hat mich auf die Idee gebracht, dass vielleicht doch etwas mit den Treibern nicht stimmt, insbesondere auch dein Kommentar "neu aufsetzen".
Zuerst habe ich festgestellt, dass ich msconfig vergessen hatte zurückzustellen auf "normal boot" (es war beim ersten Scan im Modus nur das nötigste starten). Das ist nun zurück auf normal.
Bezüglich Treiber habe ich als erstes mal beide Netzwerk-Treiber deaktiviert (WLAN und Ethernet). Seit dann kann ich im Normalmodus wieder booten ohne Bluescreen.
Beim genaueren Untersuchen konnte ich auch den Ethernet-Adapter wieder aktivieren. Es scheint der WLAN Adapter das Problem zu verursachen.
Nun ist also nur noch WLAN deaktiviert und das Gerät via Kabel am Netzwerk angeschlossen.
Jetzt konnte ich auch Windows aktivieren (scheint also keine Raubkopie zu sein, sondern war einfach 3 Monate nicht mehr am Netz).
Als erstes habe ich PDF Reader aktualisiert und das alte installierte Java entfernt.
Ich kann aber weder den Treiber aktualisieren, noch funktioniert sonst etwas vom Windows Update.
Mein neues Problem ist also Windows Update funktioniert nicht. Soll ich dafür einen separaten Thread eröffnen? Ich vermute immer noch Malware als Grund dafür. Vielleicht hat die Malware sogar etwas mit dem Treiber zu tun.
Unten poste ich noch die verlangten Logs (inkl. den ersten zwei nochmal).
Was passiert? Windows Update sucht nach Updates und hört nicht auf. Ich bin zwar etwas verwöhnt von SSD Notebooks, aber ich habe Windows Update über Nacht laufen lassen und es wird nicht fertig (scannt weiter). Ich komme also nicht zum Installieren. Letzter Update oder Scan war von Juli 2015. Ein paar mal konnte ich Windows Update öffnen ohne einen neuen Scan zu starten und da hat er 5 optionale Updates angezeigt. Ich habe sie ausgewählt, aber nur einer konnte installiert werden, die anderen sind fehlgeschlagen. Aber eigentlich sollte ich erst mal einen vollständigen Scan machen können.
Ich habe mal das Microsoft Repair Tool für Windows Update laufen lassen. Zwei Punkte konnten nicht gefixt werden, aber nach Reboot und neuen Versuch war es nur noch ein Punkt, der nicht ok war: "Windows Update error 0x80070005 - not fixed". Der Code bedeutet "access denied" und mit googlen finde ich diesen Fehler im Zusammenhang von Windows Update nur beim Installieren von Updates (so weit komme ich ja gar nicht), oder im Zusammenhang mit Malware. Malwarebytes habe ich nochmal laufen lassen und online aktualisiert, aber nichts wurde gefunden.
Antivirus ist Microsoft Security Essentials. Windows Defender ist dekativiert. Es war noch eine (vermutlich Trial) Version von McAfee drauf, die liess sich aber nicht mal starten und die habe ich nun auch deinstalliert.
Das hosts File ist leer (nur Kommentare).
Internet-Verbindung ist unser Guest Netzwerk (limitiert auf http/https/dns/mail auf Hardware Firewall) im IP Range 192.168.112.x.


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016
Ran by family (administrator) on family-PC (31-01-2016 21:01:11)
Running from E:\
Loaded Profiles: family (Available Profiles: family & newacct)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [12118840 2015-03-28] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337256 2011-03-29] (Lenovo.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKU\S-1-5-21-113424255-1033402217-2363257390-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53282944 2015-06-16] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-10-08]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.6
Tcpip\..\Interfaces\{7FE26E94-8532-45C0-88F4-B901C05A5A56}: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.6
Tcpip\..\Interfaces\{C63E33CD-7F42-481C-888F-2F8A95D97026}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-113424255-1033402217-2363257390-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ch/
HKU\S-1-5-21-113424255-1033402217-2363257390-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-113424255-1033402217-2363257390-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-113424255-1033402217-2363257390-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1318077124662

FireFox:
========
FF ProfilePath: C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\gsb2kc81.default
FF DefaultSearchEngine: Wikipedia (de)
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxps://www.google.ch/
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-07-19] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.2\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.2\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Customizable Shortcuts - C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\gsb2kc81.default\Extensions\customizable-shortcuts@timtaubert.de.xpi [2015-07-05]

Chrome: 
=======
CHR Profile: C:\Users\family\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-27]
CHR Extension: (Google Search) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-27]
CHR Extension: (AdBlock) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-18]
CHR Extension: (Chrome In-App Payments service) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR Extension: (Gmail) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1589152 2011-09-28] (Microsoft Corp.)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [148840 2011-07-04] (Lenovo Group Limited)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\Windows\System32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [231640 2011-06-14] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-31 11:21 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2016-01-31 11:21 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-01-31 11:21 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-01-31 11:21 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2016-01-31 11:21 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2016-01-31 11:21 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-01-31 11:21 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2016-01-31 11:21 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-01-31 11:21 - 2013-10-02 00:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-01-31 11:21 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-01-31 11:21 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-01-31 11:21 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-01-31 10:55 - 2016-01-31 10:55 - 22908888 _____ (Malwarebytes ) C:\Users\family\Downloads\mbam-setup-org-2.2.0.1024.exe
2016-01-31 02:40 - 2016-01-31 02:40 - 00000000 ____D C:\Windows\system32\appmgmt
2016-01-31 02:38 - 2016-01-31 03:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-31 02:33 - 2016-01-31 02:33 - 00000000 ____D C:\Users\family\AppData\Local\CEF
2016-01-31 02:30 - 2016-01-31 02:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-31 02:30 - 2016-01-31 02:30 - 00002027 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-01-31 02:30 - 2016-01-31 02:30 - 00000000 ____D C:\Program Files\Adobe
2016-01-31 02:07 - 2016-01-31 02:07 - 00144744 _____ C:\Windows\Minidump\013116-21559-01.dmp
2016-01-31 02:05 - 2016-01-31 02:05 - 00144744 _____ C:\Windows\Minidump\013116-53305-01.dmp
2016-01-31 01:40 - 2016-01-31 01:41 - 00144744 _____ C:\Windows\Minidump\013116-24133-01.dmp
2016-01-31 01:29 - 2016-01-31 01:29 - 00144744 _____ C:\Windows\Minidump\013116-23306-01.dmp
2016-01-28 00:18 - 2016-01-31 21:01 - 00000000 ____D C:\FRST
2016-01-28 00:16 - 2016-01-28 00:17 - 00144744 _____ C:\Windows\Minidump\012816-23446-01.dmp
2016-01-28 00:15 - 2016-01-28 00:15 - 00001423 _____ C:\Users\newacct.family-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-28 00:15 - 2016-01-28 00:15 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Roaming\Adobe
2016-01-28 00:15 - 2016-01-28 00:15 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Local\VirtualStore
2016-01-27 21:28 - 2016-01-27 21:28 - 00144744 _____ C:\Windows\Minidump\012716-22838-01.dmp
2016-01-27 21:28 - 2016-01-27 21:28 - 00000020 ___SH C:\Users\newacct.family-PC\ntuser.ini
2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\My Documents
2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Videos
2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Pictures
2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Music
2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 ____D C:\Users\newacct.family-PC
2016-01-27 21:28 - 2011-10-08 15:19 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Local\Microsoft Help
2016-01-27 21:28 - 2011-04-12 03:24 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Roaming\Media Center Programs
2016-01-27 21:26 - 2016-01-27 21:26 - 00001423 _____ C:\Users\newacct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-27 21:26 - 2016-01-27 21:26 - 00000020 ___SH C:\Users\newacct\ntuser.ini
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\My Documents
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Videos
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Pictures
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Music
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct\AppData\Roaming\Adobe
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct\AppData\Local\VirtualStore
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct
2016-01-27 21:26 - 2011-10-08 15:19 - 00000000 ____D C:\Users\newacct\AppData\Local\Microsoft Help
2016-01-27 21:26 - 2011-04-12 03:24 - 00000000 ____D C:\Users\newacct\AppData\Roaming\Media Center Programs
2016-01-27 21:21 - 2016-01-27 21:21 - 00144744 _____ C:\Windows\Minidump\012716-25630-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-31 20:36 - 2009-07-14 05:34 - 00032016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-31 20:36 - 2009-07-14 05:34 - 00032016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-31 20:21 - 2011-10-08 15:12 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-31 18:04 - 2011-10-08 15:12 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-31 14:06 - 2010-11-20 22:01 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-31 14:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-01-31 14:02 - 2015-06-29 21:27 - 00000000 ____D C:\Users\family\AppData\Roaming\Skype
2016-01-31 14:01 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-31 12:12 - 2011-10-08 13:10 - 00000000 ____D C:\Users\family\AppData\Local\ElevatedDiagnostics
2016-01-31 03:05 - 2014-01-07 15:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-01-31 02:33 - 2011-10-08 17:30 - 00000000 ____D C:\Users\family\AppData\Local\Adobe
2016-01-31 02:30 - 2011-10-08 17:29 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-31 02:30 - 2011-10-08 17:23 - 00000000 ____D C:\ProgramData\Adobe
2016-01-31 02:08 - 2015-06-29 22:40 - 04612422 _____ C:\Windows\ntbtlog.txt
2016-01-31 02:07 - 2015-06-29 22:34 - 00000000 ____D C:\Windows\Minidump
2016-01-31 02:07 - 2015-06-29 22:30 - 246219302 _____ C:\Windows\MEMORY.DMP
2016-01-31 01:36 - 2015-12-23 14:18 - 00000000 ____D C:\Windows\pss

==================== Files in the root of some directories =======

2015-07-05 17:52 - 2015-07-05 17:52 - 0038482 _____ () C:\Users\family\AppData\Roaming\Comma Separated Values (DOS).ADR
2015-07-05 17:50 - 2015-07-05 17:50 - 0013014 _____ () C:\Users\family\AppData\Roaming\Comma Separated Values (DOS).CAL
2015-07-05 18:11 - 2015-07-05 18:11 - 0038490 _____ () C:\Users\family\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-12-23 15:35 - 2015-12-23 15:35 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1747.tmp
2015-12-23 14:45 - 2015-12-23 14:45 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1B4D.tmp
2015-12-23 15:25 - 2015-12-23 15:25 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1C57.tmp
2015-12-23 15:46 - 2015-12-23 15:46 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1DAE.tmp
2015-12-23 15:22 - 2015-12-23 15:22 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1E2A.tmp
2015-12-23 14:21 - 2015-12-23 14:21 - 0000000 ____H () C:\Users\family\AppData\Local\BIT79F.tmp
2011-11-06 20:11 - 2014-12-07 15:14 - 0010240 _____ () C:\Users\family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-27 21:57 - 2013-07-27 21:57 - 0000017 _____ () C:\Users\family\AppData\Local\resmon.resmoncfg
2015-12-23 15:35 - 2015-12-23 15:35 - 0000000 _____ () C:\Users\family\AppData\Local\{381C1583-DDFD-424B-910A-85ECE50625C9}
2015-12-23 14:45 - 2015-12-23 14:45 - 0000000 _____ () C:\Users\family\AppData\Local\{40D6B901-D390-44B9-B334-B4C71CD03E25}
2015-12-23 15:25 - 2015-12-23 15:25 - 0000000 _____ () C:\Users\family\AppData\Local\{4849D6C0-E749-4F5F-8163-6384D0CA36DD}
2015-12-23 15:22 - 2015-12-23 15:22 - 0000000 _____ () C:\Users\family\AppData\Local\{588B28F6-7606-4EAA-B527-343BFB5298E5}
2015-12-23 15:46 - 2015-12-23 15:46 - 0000000 _____ () C:\Users\family\AppData\Local\{92E61D16-8364-460F-9E13-2187CB2F59A2}
2015-12-23 14:21 - 2015-12-23 14:21 - 0000000 _____ () C:\Users\family\AppData\Local\{B018192C-7275-4C4F-8C98-ADC3F855C33B}

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-24 22:07

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---


[CODE]Additional
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version:27-01-2016
Ran by family (2016-01-31 21:02:26)
Running from E:\
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2011-10-08 11:50:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-113424255-1033402217-2363257390-500 - Administrator - Disabled)
newacct (S-1-5-21-113424255-1033402217-2363257390-1004 - Administrator - Enabled) => C:\Users\newacct.family-PC
family (S-1-5-21-113424255-1033402217-2363257390-1000 - Administrator - Enabled) => C:\Users\family
Guest (S-1-5-21-113424255-1033402217-2363257390-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-113424255-1033402217-2363257390-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Brother MFL-Pro Suite MFC-240C (HKLM\...\{7E48AFD3-F28A-4E54-99A8-9F3A4A27DBC4}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
EasyTax 2011 BL 1.01 (HKLM\...\EasyTax 2011 BL 1.01) (Version:  - HWI Solutions AG)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4461 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{8A6BB58D-82A9-4FC7-B65F-A4EA87A4C138}) (Version: 7.250.4287.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 44.0 (x86 de) (HKLM\...\Mozilla Firefox 44.0 (x86 de)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.62 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2C6DB199-3EE0-4805-A344-49D4CF389359} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {62BDAC61-F98E-4741-8F3A-8AA5AEC32E08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {867EDA05-0E8B-4E63-97D2-668DB977DF3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {9F58D74E-A622-4E66-9D63-AAFBB1B052E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
Task: {B6AA52D9-934F-42C0-817F-6F6F57A46F39} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2011-07-04] (Lenovo Group Limited)
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-10-08 13:03 - 2011-07-04 02:02 - 00044544 ____N () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
2011-01-24 11:35 - 2011-01-24 11:35 - 00132384 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2011-11-06 11:36 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-113424255-1033402217-2363257390-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 62.2.17.61 - 62.2.24.158
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A7C93AE7-0858-48A5-9930-A5874F595186}] => (Allow) C:\Program Files\Microsoft Lync\communicator.exe
FirewallRules: [{D7E509F5-231D-408E-AE10-E6CC7F77BABD}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi.exe
FirewallRules: [{1E8D97DA-478C-4A8E-B72F-2FEAF3310094}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BCC5C774-2870-4AA8-B773-F0164D7CBB39}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{09C724EB-4FBE-428E-95A7-2EFAE6449BC0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B64CD706-BA02-4B17-AADA-23AABF0959B7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8C529A0A-4E95-4ACB-A7E3-D14B08E45825}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{386AF724-31F3-4753-B72A-02D911C54F3E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

==================== Restore Points =========================

09-06-2015 09:10:28 Windows Update
11-06-2015 10:51:56 Windows Update
18-06-2015 16:32:27 Windows Update
24-06-2015 21:38:46 Windows Update
29-06-2015 21:29:22 Windows Update
29-06-2015 22:15:21 Windows Update
05-07-2015 16:32:06 Windows Update
05-07-2015 16:32:49 Windows Backup
05-07-2015 18:19:30 Windows Update
05-07-2015 18:44:23 restorepunkt-5JUL-15
05-07-2015 18:50:06 Windows Update
31-01-2016 02:39:54 Removed Java 8 Update 31
31-01-2016 03:12:42 Windows Update
31-01-2016 11:19:54 Windows Update

==================== Faulty Device Manager Devices =============

Name: 11a/b/g Wireless LAN Mini PCI Express Adapter
Description: 11a/b/g Wireless LAN Mini PCI Express Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2016 02:03:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2016 01:44:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2016 12:28:17 PM) (Source: ESENT) (EventID: 490) (User: )
Description: wuaueng.dll (1160) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/31/2016 12:07:58 PM) (Source: ESENT) (EventID: 490) (User: )
Description: wuaueng.dll (1160) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/31/2016 11:26:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2016 10:50:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2016 03:07:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2016 02:11:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2016 02:09:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2016 01:56:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/31/2016 12:07:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error: (01/31/2016 11:23:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 (KB2592687).

Error: (01/31/2016 11:23:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 (KB3048761).

Error: (01/31/2016 11:23:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 (KB2574819).

Error: (01/31/2016 11:23:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 (KB3050265).

Error: (01/31/2016 03:04:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.201.1018.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.8.0204.00

	Source Path: 4.8.0204.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (01/31/2016 02:10:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 115.3.0.0

	Update Source: %NT AUTHORITY51

	Update Stage: 4.8.0204.00

	Source Path: 4.8.0204.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\NETWORK SERVICE

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (01/31/2016 02:10:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.201.1018.0

	Update Source: %NT AUTHORITY51

	Update Stage: 4.8.0204.00

	Source Path: 4.8.0204.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\NETWORK SERVICE

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (01/31/2016 02:10:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.201.1018.0

	Update Source: %NT AUTHORITY51

	Update Stage: 4.8.0204.00

	Source Path: 4.8.0204.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\NETWORK SERVICE

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (01/31/2016 02:10:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.201.1018.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.8.0204.00

	Source Path: 4.8.0204.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608


==================== Memory info =========================== 

Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz
Percentage of memory in use: 58%
Total physical RAM: 3070.43 MB
Available physical RAM: 1287.63 MB
Total Virtual: 6139.17 MB
Available Virtual: 4411.91 MB

==================== Drives ================================

Drive c: (Ge_W7_exNB) (Fixed) (Total:148.95 GB) (Free:102.93 GB) NTFS
Drive e: (PATRIOT) (Removable) (Total:7.19 GB) (Free:7.15 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 63179D80)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: 481EA962)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B)

==================== End of Addition.txt ============================
         
--- --- ---

--- --- ---


und finally hier der neue Scan:

Code:
ATTFilter
Farbar Service Scanner Version: 27-01-2016
Ran by family (administrator) on 31-01-2016 at 21:10:37
Running from "E:\"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****
         
Ich weiss nicht wieso dort im Log steht "Google IP is unreachable" und "Yahoo.com is unreachable". Diese Seiten funktionieren einwandfrei.
Ohne Windows Update werde ich früher oder später sicher Malware haben, daher wäre ich froh um Ratschläge.
Ich habe auch mal WindowsUpdate.log angeschaut und dort sind noch mehr Fehlercodes und Warnungen vorhanden, aber irgendwie nix vernünftiges.
Die nächsten 5 Tage werde ich keinen Zugang zu besagtem Problem-Rechner haben, es kann daher etwas dauern, bis ich dann wieder antworte.


Alt 01.02.2016, 13:29   #6
M-K-D-B
/// TB-Ausbilder
 
Kann nicht booten - nur safe mode geht - Standard

Kann nicht booten - nur safe mode geht



Servus,


vielen Dank für die Informationen und die Logdateien.


Was wir tun können bzw. wobei ich evtl. helfen kann:


Möglichkeit 1:
Da du immer noch von Malware als Ursache ausgehst, könnten wir zuerst noch ein paar Tools über den Rechner jagen und anschließend die Tools ausführen, die ich kenne, um Windows- bzw. Update-Probleme zu beheben.

Möglichkeit 2:
Wir führen gleich die Tools aus und versuchen so die Update-Probleme zu beheben.


Lass es mich einfach wissen.
__________________
--> Kann nicht booten - nur safe mode geht

Alt 04.02.2016, 15:38   #7
M-K-D-B
/// TB-Ausbilder
 
Kann nicht booten - nur safe mode geht - Standard

Kann nicht booten - nur safe mode geht



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 11.02.2016, 20:47   #8
e4ch
 
Kann nicht booten - nur safe mode geht - Standard

Kann nicht booten - nur safe mode geht



Hmm. Was ist genau der Unterschied zwischen den zwei Varianten? Ich meine, das Update Problem muss auf jeden Fall behoben werden. Wenn du dazu Ideen hast können wir das gerne machen. Im Fall 1 würden wir nur erst sicherstellen (mit weiteren Tools/Scans) dass keine Malware drauf ist, korrekt? Aber auch im Fall 2 müssten wir ja einen neuen Check machen, oder? Ist also eigentlich egal. Wir können also gut Variante 2 nehmen, da die schneller zu gehen scheint.

Und sorry für die späte Antwort - ich sagte ja ich habe keinen PC Zugriff für über eine Woche.

Alt 11.02.2016, 20:59   #9
M-K-D-B
/// TB-Ausbilder
 
Kann nicht booten - nur safe mode geht - Standard

Kann nicht booten - nur safe mode geht



Servus,




bitte alle Tools vom Desktop ausführen.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 11.02.2016, 23:51   #10
e4ch
 
Kann nicht booten - nur safe mode geht - Standard

Kann nicht booten - nur safe mode geht



Hier ist der Scan:

Code:
ATTFilter
ComboFix 16-02-09.01 - family 12.02.2016   0:28.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.41.1033.18.3070.1815 [GMT 1:00]
ausgeführt von:: c:\users\family\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2016-01-11 bis 2016-02-11  ))))))))))))))))))))))))))))))
.
.
2016-02-11 23:36 . 2016-02-11 23:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2016-02-11 23:30 . 2016-02-11 23:30	62576	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5023C329-DC29-4164-AF31-D27121857102}\offreg.888.dll
2016-01-31 10:33 . 2016-01-31 10:33	62576	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5023C329-DC29-4164-AF31-D27121857102}\offreg.904.dll
2016-01-31 10:21 . 2013-10-01 23:45	32256	----a-w-	c:\windows\system32\TsUsbGDCoInstaller.dll
2016-01-31 10:21 . 2013-10-02 00:32	12800	----a-w-	c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-01-31 10:21 . 2013-10-02 00:42	49152	----a-w-	c:\windows\system32\drivers\TsUsbFlt.sys
2016-01-31 10:21 . 2013-10-02 00:30	14336	----a-w-	c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-01-31 10:21 . 2013-10-02 00:14	50176	----a-w-	c:\windows\system32\MsRdpWebAccess.dll
2016-01-31 10:21 . 2013-10-02 00:14	17920	----a-w-	c:\windows\system32\wksprtPS.dll
2016-01-31 10:21 . 2013-10-01 23:58	53248	----a-w-	c:\windows\system32\tsgqec.dll
2016-01-31 10:21 . 2013-10-01 23:08	855552	----a-w-	c:\windows\system32\rdvidcrl.dll
2016-01-31 10:21 . 2013-10-01 23:00	76288	----a-w-	c:\windows\system32\TSWbPrxy.exe
2016-01-31 10:21 . 2013-10-01 22:53	350208	----a-w-	c:\windows\system32\wksprt.exe
2016-01-31 10:21 . 2013-10-01 22:34	1068544	----a-w-	c:\windows\system32\mstsc.exe
2016-01-31 10:21 . 2013-10-01 20:55	5698048	----a-w-	c:\windows\system32\mstscax.dll
2016-01-31 02:14 . 2015-07-05 15:32	912000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{076A2453-070A-4494-8F69-A15254D28B71}\gapaengine.dll
2016-01-31 02:13 . 2015-11-25 01:43	9014120	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5023C329-DC29-4164-AF31-D27121857102}\mpengine.dll
2016-01-31 01:33 . 2016-01-31 01:33	--------	d-----w-	c:\users\family\AppData\Local\CEF
2016-01-27 23:18 . 2016-01-31 20:03	--------	d-----w-	C:\FRST
2016-01-27 20:26 . 2016-01-27 20:26	--------	d-----w-	c:\users\newacct
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bnewacctht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-23 14:46 . 2015-12-23 14:46	0	---ha-w-	c:\users\family\AppData\Local\BIT1DAE.tmp
2015-12-23 14:35 . 2015-12-23 14:35	0	---ha-w-	c:\users\family\AppData\Local\BIT1747.tmp
2015-12-23 14:25 . 2015-12-23 14:25	0	---ha-w-	c:\users\family\AppData\Local\BIT1C57.tmp
2015-12-23 14:22 . 2015-12-23 14:22	0	---ha-w-	c:\users\family\AppData\Local\BIT1E2A.tmp
2015-12-23 13:45 . 2015-12-23 13:45	0	---ha-w-	c:\users\family\AppData\Local\BIT1B4D.tmp
2015-12-23 13:21 . 2015-12-23 13:21	0	---ha-w-	c:\users\family\AppData\Local\BIT79F.tmp
2015-12-09 03:39 . 2011-10-08 12:05	247976	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-06-16 53282944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2015-03-28 12118840]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 981688]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-07-04 1299816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 804128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-06-03 327296]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-08 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-05-23 102912]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 95408]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2015-04-29 284504]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-07-04 83304]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Gennewacct USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-07-19 1343400]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-07-04 25968]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-03-29 20592]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-09-28 1589152]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-07-04 148840]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-07-04 292200]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc	REG_MULTI_SZ   	DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-12-18 15:42	286904	----a-w-	c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2016-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-08 16:59]
.
2016-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-08 16:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.ch/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.6
FF - ProfilePath - c:\users\family\AppData\Roaming\Mozilla\Firefox\Profiles\gsb2kc81.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ch/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5516)
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
Zeit der Fertigstellung: 2016-02-12  00:39:31
ComboFix-quarantined-files.txt  2016-02-11 23:39
.
Vor Suchlauf: 110'344'994'816 bytes free
Nach Suchlauf: 110'354'870'272 bytes free
.
- - End Of File - - 77D6881207D8667B698E58A8D97D94BC
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 12.02.2016, 20:57   #11
M-K-D-B
/// TB-Ausbilder
 
Kann nicht booten - nur safe mode geht - Standard

Kann nicht booten - nur safe mode geht



Servus,




Schritt 1
Schließe alle offenen Programme.
Downloade dir WinUpdateFix auf den Desktop.
Starte das Tool, es öffnet sich ein Fenster.
Wähle unter Selection erst Tous und dann Executer aus.
Bestätige auftretende Meldungen mit Ok.
Dein Rechner wird neu gestartet.

Öffne nach dem Neustart WinUpdateFix nochmal und vergewissere dich, dass unter Services überall Demarre und Automatique steht.
Sollte dies nicht so sein, so drücke die entsprechenden Buttons.

Überprüfe nun, ob Windows Update wieder funktioniert.






Schritt 2
Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.


__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 13.02.2016, 16:24   #12
e4ch
 
Kann nicht booten - nur safe mode geht - Standard

Kann nicht booten - nur safe mode geht



Schritt 1: Hat nicht funktioniert. Das Tool ist erfolgreich durchgelaufen (alle Optionen aktiviert wie beschrieben), hat rebooted und beim zweiten Start habe ich kontrolliert, ob "Automatisch" gesetzt ist (ist korrekt). Beim Öffnen von Windows Update erhalte ich ein rotes Kreuz mit der Meldung dass noch nie ein Scan gelaufen wäre. Wenn ich auf "Check for Updates" clicke sucht er mehrere Minuten, bis ich dann die Fehlermeldung mit Code 8007000E erhalte.

Schritt 2:
Code:
ATTFilter
Farbar Service Scanner Version: 27-01-2016
Ran by family (administrator) on 13-02-2016 at 11:53:19
Running from "C:\Users\family\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****
         
Hinweis: Der Rechner ist am Gäste-Netzwerk angeschlossen. Dort ist nur HTTP (Ports 80 und 443) sowie Email und DNS freigeschaltet. Braucht Windows Update vielleicht noch etwas anderes?

Inzwischen habe ich mal nach dem Fehlercode gegoogelt.
Dabei bin ich auf diesen Artikel gestossen: Henk's blog: Some clients not updating, reporting 8007000E error in WindowsUpdate.log
Im Update zuunterst steht, dass KB3102810 (https://support.microsoft.com/en-us/kb/3102810) den Hotfix ersetzt.
In der Beschreibung zum KB steht, dass Windows Update sehr lange laufen kann oder 100% CPU braucht und dies ein optionales Update für Windows ist. Ich habe diese dann manuell installiert (d.h. nicht mit Windows Update, sondern als Einzel-Download). Installation war erfolgreich.
Nach dem Reboot habe ich nochmal probiert, aber keine Verbeserung - Windows Update habe ich nach vier Stunden "Checking for updates" dann abgebrochen, d.h. diesmal dann keine Fehlermeldung.
Ich habe gedacht, dass ich nach der Installation nochmal dein Repair-Tool laufen lasse und dann ist mir aufgefallen, dass (nach dem Reboot) im Tool die zweite Box nicht auf "automatisch" stand. Entweder habe ich das beim letzten Post nicht gesehen, oder ich hatte nur die linke Box angeschaut. Ich habe also nun das auch auf "automatisch" gestellt (zweite Box ist übrigens BITS, also der wichtige Service) und gerebootet. Nach dem Reboot habe als erstes nochmal WinUpdateFix laufen lassen (ohne Repair, nur Anzeige) und nun stehen alle drei auf grün und automatisch. Es wird also nicht immer wieder ausgeschaltet.
Aber immer noch gleiches Problem - Windows Update sucht ewigs nach Updates.
Im Eventlog sehe ich auch keine Fehler, die auf Probleme schliessen lassen (1 WMI Fehler und 2 Warnungen vom Druckertreiber über veraltetes Flash bei jedem Boot).

Alt 13.02.2016, 21:13   #13
M-K-D-B
/// TB-Ausbilder
 
Kann nicht booten - nur safe mode geht - Standard

Kann nicht booten - nur safe mode geht



Servus,


ich weiß nicht, welche Ports Windows 7 für ein Update benötigt. Die Dienste scheinen aber an sich jetzt zu laufen. Hhmm...


Kannst du den Rechner nicht an einen Ort bringen, an dem es keinen Einschränkungen gibt?



Schon das hier probiert wegen der Fehlermeldung?
1)
Windows Update-Fehler 80070008 oder 8007000e

2)
Windows Update troubleshooter





Nochmal FRST bitte:
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 14.02.2016, 16:24   #14
e4ch
 
Kann nicht booten - nur safe mode geht - Standard

Kann nicht booten - nur safe mode geht



Laut meiner Google-Recherche müsste Port 80 und 443 für Windows Update ausreichen. In Ergänzung zum Originalpost, ist auch noch NTP erlaubt. Einen anderen Internet-Anschluss habe ich gerade nicht zur Verfügung, aber ich habe mir mal die Firewall Logs angeschaut. Keine blockierten Zugriffe, ausser einen mit Port 67 (Zugriff auf Firewall) beim Reboot der Firewall mitten in der letzten Nacht, vermutlich DHCP oder sowas. Ich sehe da keinen Zusammenhang.

Das Tool 1 habe ich schon mehrfach laufen lassen. Bei jedem Run erhalte ich verschiedene Meldungen. Ich habe es gerade zwe Mal laufen lassen. Jedes Mal erscheinen 1-4 Meldungen mit "gefixed" und 1-2 Meldungen mit "not fixed". Beim zweiten Lauf zum Beispiel habe ich folgende drei Zeilen:
Windows Update error 0x8024402C(2016-02-14-T-04_51_21P) - not fixed
Problems installing recent updates - not fixed
Service registration is missing or corrupt - fixed
Wenn ich jedoch die "Details" aufrufe erhalte ich folgendes:
Service registration is missing or corrupt - fixed
Windows Update error 0x8024402C(...) - fixed
Problems installing recent updates - fixed
6x Potential issues - issue not present
Service registration is missing or corrupt - fixed
Windows Update error 0x8024402C(...) - fixed
Problems installing recent updates - fixed
Potential issues that were checked (6x issue not present)

Das Tool 2 habe ich erfolgreich durchlaufen lassen (kannte ich nicht, aber scheint nur für Installationen zu sein).

Beides hat nichts gebracht.

FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-02-2016
Ran by family (administrator) on family-PC (14-02-2016 17:09:08)
Running from C:\Users\family\Desktop
Loaded Profiles: family (Available Profiles: family & newacct)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [12118840 2015-03-28] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337256 2011-03-29] (Lenovo.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKU\S-1-5-21-113424255-1033402217-2363257390-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53282944 2015-06-16] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-10-08]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.6
Tcpip\..\Interfaces\{7FE26E94-8532-45C0-88F4-B901C05A5A56}: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.6
Tcpip\..\Interfaces\{C63E33CD-7F42-481C-888F-2F8A95D97026}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-113424255-1033402217-2363257390-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-113424255-1033402217-2363257390-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-113424255-1033402217-2363257390-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ch/
HKU\S-1-5-21-113424255-1033402217-2363257390-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-113424255-1033402217-2363257390-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1318077124662

FireFox:
========
FF ProfilePath: C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\gsb2kc81.default
FF DefaultSearchEngine: Wikipedia (de)
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxps://www.google.ch/
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-07-19] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-12] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Customizable Shortcuts - C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\gsb2kc81.default\Extensions\customizable-shortcuts@timtaubert.de.xpi [2015-07-05]

Chrome: 
=======
CHR Profile: C:\Users\family\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-27]
CHR Extension: (Google Search) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-27]
CHR Extension: (AdBlock) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-18]
CHR Extension: (Chrome In-App Payments service) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR Extension: (Gmail) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1589152 2011-09-28] (Microsoft Corp.)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [148840 2011-07-04] (Lenovo Group Limited)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\Windows\System32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [231640 2011-06-14] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 catchme; \??\C:\Users\family\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-14 17:09 - 2016-02-14 17:09 - 00011067 _____ C:\Users\family\Desktop\FRST.txt
2016-02-14 17:08 - 2016-02-14 17:08 - 01721344 _____ (Farbar) C:\Users\family\Desktop\FRST.exe
2016-02-13 12:10 - 2015-10-20 18:46 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-13 12:10 - 2015-10-20 18:46 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-13 12:10 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-13 12:10 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-13 12:10 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-13 12:10 - 2015-10-20 18:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-13 12:10 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-13 12:10 - 2015-10-20 18:45 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-13 12:10 - 2015-10-20 18:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-13 12:10 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-13 12:10 - 2015-10-20 18:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-13 12:09 - 2016-02-13 12:09 - 02751664 _____ C:\Users\family\Desktop\Windows6.1-KB3102810-x86.msu
2016-02-13 11:40 - 2016-02-13 11:40 - 00548774 _____ C:\Users\family\Desktop\winupdatefix_1.3.exe
2016-02-12 00:26 - 2016-02-12 00:39 - 00000000 ____D C:\Qoobox
2016-02-12 00:26 - 2016-02-12 00:37 - 00000000 ____D C:\Windows\erdnt
2016-02-12 00:26 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-02-12 00:26 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-02-12 00:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-02-12 00:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-02-12 00:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-02-12 00:26 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-02-12 00:26 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-02-12 00:26 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-31 11:21 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2016-01-31 11:21 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-01-31 11:21 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-01-31 11:21 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2016-01-31 11:21 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2016-01-31 11:21 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-01-31 11:21 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2016-01-31 11:21 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-01-31 11:21 - 2013-10-02 00:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-01-31 11:21 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-01-31 11:21 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-01-31 11:21 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-01-31 10:55 - 2016-01-31 10:55 - 22908888 _____ (Malwarebytes ) C:\Users\family\Downloads\mbam-setup-org-2.2.0.1024.exe
2016-01-31 02:40 - 2016-01-31 02:40 - 00000000 ____D C:\Windows\system32\appmgmt
2016-01-31 02:38 - 2016-01-31 03:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-31 02:33 - 2016-01-31 02:33 - 00000000 ____D C:\Users\family\AppData\Local\CEF
2016-01-31 02:30 - 2016-01-31 02:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-31 02:30 - 2016-01-31 02:30 - 00002027 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-01-31 02:30 - 2016-01-31 02:30 - 00000000 ____D C:\Program Files\Adobe
2016-01-31 02:07 - 2016-01-31 02:07 - 00144744 _____ C:\Windows\Minidump\013116-21559-01.dmp
2016-01-31 02:05 - 2016-01-31 02:05 - 00144744 _____ C:\Windows\Minidump\013116-53305-01.dmp
2016-01-31 01:40 - 2016-01-31 01:41 - 00144744 _____ C:\Windows\Minidump\013116-24133-01.dmp
2016-01-31 01:29 - 2016-01-31 01:29 - 00144744 _____ C:\Windows\Minidump\013116-23306-01.dmp
2016-01-28 00:18 - 2016-02-14 17:09 - 00000000 ____D C:\FRST
2016-01-28 00:16 - 2016-01-28 00:17 - 00144744 _____ C:\Windows\Minidump\012816-23446-01.dmp
2016-01-28 00:15 - 2016-01-28 00:15 - 00001423 _____ C:\Users\newacct.family-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-28 00:15 - 2016-01-28 00:15 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Roaming\Adobe
2016-01-28 00:15 - 2016-01-28 00:15 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Local\VirtualStore
2016-01-27 21:28 - 2016-01-27 21:28 - 00144744 _____ C:\Windows\Minidump\012716-22838-01.dmp
2016-01-27 21:28 - 2016-01-27 21:28 - 00000020 ___SH C:\Users\newacct.family-PC\ntuser.ini
2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\My Documents
2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Videos
2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Pictures
2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Music
2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 ____D C:\Users\newacct.family-PC
2016-01-27 21:28 - 2011-10-08 15:19 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Local\Microsoft Help
2016-01-27 21:28 - 2011-04-12 03:24 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Roaming\Media Center Programs
2016-01-27 21:26 - 2016-01-27 21:26 - 00001423 _____ C:\Users\newacct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-27 21:26 - 2016-01-27 21:26 - 00000020 ___SH C:\Users\newacct\ntuser.ini
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\My Documents
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Videos
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Pictures
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Music
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct\AppData\Roaming\Adobe
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct\AppData\Local\VirtualStore
2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct
2016-01-27 21:26 - 2011-10-08 15:19 - 00000000 ____D C:\Users\newacct\AppData\Local\Microsoft Help
2016-01-27 21:26 - 2011-04-12 03:24 - 00000000 ____D C:\Users\newacct\AppData\Roaming\Media Center Programs
2016-01-27 21:21 - 2016-01-27 21:21 - 00144744 _____ C:\Windows\Minidump\012716-25630-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-14 17:09 - 2011-10-08 15:12 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-14 17:01 - 2009-07-14 05:34 - 00032016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-14 17:01 - 2009-07-14 05:34 - 00032016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-14 01:19 - 2011-10-08 15:12 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-13 16:09 - 2010-11-20 22:01 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-13 16:09 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-02-13 16:06 - 2015-06-29 21:27 - 00000000 ____D C:\Users\family\AppData\Roaming\Skype
2016-02-13 16:05 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-13 12:11 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-12 00:36 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2016-01-31 12:12 - 2011-10-08 13:10 - 00000000 ____D C:\Users\family\AppData\Local\ElevatedDiagnostics
2016-01-31 03:05 - 2014-01-07 15:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-01-31 02:33 - 2011-10-08 17:30 - 00000000 ____D C:\Users\family\AppData\Local\Adobe
2016-01-31 02:30 - 2011-10-08 17:29 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-31 02:30 - 2011-10-08 17:23 - 00000000 ____D C:\ProgramData\Adobe
2016-01-31 02:08 - 2015-06-29 22:40 - 04612422 _____ C:\Windows\ntbtlog.txt
2016-01-31 02:07 - 2015-06-29 22:34 - 00000000 ____D C:\Windows\Minidump
2016-01-31 02:07 - 2015-06-29 22:30 - 246219302 _____ C:\Windows\MEMORY.DMP
2016-01-31 01:36 - 2015-12-23 14:18 - 00000000 ____D C:\Windows\pss

==================== Files in the root of some directories =======

2015-07-05 17:52 - 2015-07-05 17:52 - 0038482 _____ () C:\Users\family\AppData\Roaming\Comma Separated Values (DOS).ADR
2015-07-05 17:50 - 2015-07-05 17:50 - 0013014 _____ () C:\Users\family\AppData\Roaming\Comma Separated Values (DOS).CAL
2015-07-05 18:11 - 2015-07-05 18:11 - 0038490 _____ () C:\Users\family\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-12-23 15:35 - 2015-12-23 15:35 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1747.tmp
2015-12-23 14:45 - 2015-12-23 14:45 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1B4D.tmp
2015-12-23 15:25 - 2015-12-23 15:25 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1C57.tmp
2015-12-23 15:46 - 2015-12-23 15:46 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1DAE.tmp
2015-12-23 15:22 - 2015-12-23 15:22 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1E2A.tmp
2015-12-23 14:21 - 2015-12-23 14:21 - 0000000 ____H () C:\Users\family\AppData\Local\BIT79F.tmp
2011-11-06 20:11 - 2014-12-07 15:14 - 0010240 _____ () C:\Users\family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-27 21:57 - 2013-07-27 21:57 - 0000017 _____ () C:\Users\family\AppData\Local\resmon.resmoncfg
2015-12-23 15:35 - 2015-12-23 15:35 - 0000000 _____ () C:\Users\family\AppData\Local\{381C1583-DDFD-424B-910A-85ECE50625C9}
2015-12-23 14:45 - 2015-12-23 14:45 - 0000000 _____ () C:\Users\family\AppData\Local\{40D6B901-D390-44B9-B334-B4C71CD03E25}
2015-12-23 15:25 - 2015-12-23 15:25 - 0000000 _____ () C:\Users\family\AppData\Local\{4849D6C0-E749-4F5F-8163-6384D0CA36DD}
2015-12-23 15:22 - 2015-12-23 15:22 - 0000000 _____ () C:\Users\family\AppData\Local\{588B28F6-7606-4EAA-B527-343BFB5298E5}
2015-12-23 15:46 - 2015-12-23 15:46 - 0000000 _____ () C:\Users\family\AppData\Local\{92E61D16-8364-460F-9E13-2187CB2F59A2}
2015-12-23 14:21 - 2015-12-23 14:21 - 0000000 _____ () C:\Users\family\AppData\Local\{B018192C-7275-4C4F-8C98-ADC3F855C33B}

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-24 22:07

==================== End of FRST.txt ============================
         
--- --- ---


[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by family (2016-02-14 17:10:02)
Running from C:\Users\family\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2011-10-08 11:50:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-113424255-1033402217-2363257390-500 - Administrator - Disabled)
newacct (S-1-5-21-113424255-1033402217-2363257390-1004 - Administrator - Enabled) => C:\Users\newacct.family-PC
family (S-1-5-21-113424255-1033402217-2363257390-1000 - Administrator - Enabled) => C:\Users\family
Guest (S-1-5-21-113424255-1033402217-2363257390-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-113424255-1033402217-2363257390-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Brother MFL-Pro Suite MFC-240C (HKLM\...\{7E48AFD3-F28A-4E54-99A8-9F3A4A27DBC4}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
EasyTax 2011 BL 1.01 (HKLM\...\EasyTax 2011 BL 1.01) (Version:  - HWI Solutions AG)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4461 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{8A6BB58D-82A9-4FC7-B65F-A4EA87A4C138}) (Version: 7.250.4287.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 44.0 (x86 de) (HKLM\...\Mozilla Firefox 44.0 (x86 de)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.62 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2C6DB199-3EE0-4805-A344-49D4CF389359} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {62BDAC61-F98E-4741-8F3A-8AA5AEC32E08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
Task: {867EDA05-0E8B-4E63-97D2-668DB977DF3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {9F58D74E-A622-4E66-9D63-AAFBB1B052E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
Task: {B6AA52D9-934F-42C0-817F-6F6F57A46F39} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2011-07-04] (Lenovo Group Limited)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-10-08 13:03 - 2011-07-04 02:02 - 00044544 ____N () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
2011-01-24 11:35 - 2011-01-24 11:35 - 00132384 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2011-11-06 11:36 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-113424255-1033402217-2363257390-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 62.2.17.61 - 62.2.24.158
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A7C93AE7-0858-48A5-9930-A5874F595186}] => (Allow) C:\Program Files\Microsoft Lync\communicator.exe
FirewallRules: [{D7E509F5-231D-408E-AE10-E6CC7F77BABD}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi.exe
FirewallRules: [{1E8D97DA-478C-4A8E-B72F-2FEAF3310094}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BCC5C774-2870-4AA8-B773-F0164D7CBB39}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{09C724EB-4FBE-428E-95A7-2EFAE6449BC0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B64CD706-BA02-4B17-AADA-23AABF0959B7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8C529A0A-4E95-4ACB-A7E3-D14B08E45825}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{386AF724-31F3-4753-B72A-02D911C54F3E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

==================== Restore Points =========================

18-06-2015 16:32:27 Windows Update
24-06-2015 21:38:46 Windows Update
29-06-2015 21:29:22 Windows Update
29-06-2015 22:15:21 Windows Update
05-07-2015 16:32:06 Windows Update
05-07-2015 16:32:49 Windows Backup
05-07-2015 18:19:30 Windows Update
05-07-2015 18:44:23 restorepunkt-5JUL-15
05-07-2015 18:50:06 Windows Update
31-01-2016 02:39:54 Removed Java 8 Update 31
31-01-2016 03:12:42 Windows Update
31-01-2016 11:19:54 Windows Update
12-02-2016 00:26:48 ComboFix created restore point
13-02-2016 11:54:18 Windows Update
13-02-2016 12:09:59 Windows Update
14-02-2016 16:19:09 Installed Microsoft Fix it 50123

==================== Faulty Device Manager Devices =============

Name: 11a/b/g Wireless LAN Mini PCI Express Adapter
Description: 11a/b/g Wireless LAN Mini PCI Express Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2016 04:06:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2016 12:14:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2016 11:45:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2016 11:38:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2016 12:21:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2016 02:03:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2016 01:44:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2016 12:28:17 PM) (Source: ESENT) (EventID: 490) (User: )
Description: wuaueng.dll (1160) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/31/2016 12:07:58 PM) (Source: ESENT) (EventID: 490) (User: )
Description: wuaueng.dll (1160) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/31/2016 11:26:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/14/2016 04:51:27 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.213.6097.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.8.0204.00

	Source Path: 4.8.0204.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (02/12/2016 07:59:19 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.213.5966.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.8.0204.00

	Source Path: 4.8.0204.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (02/12/2016 07:58:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

Error: (02/12/2016 12:36:40 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (02/12/2016 12:32:58 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (02/12/2016 12:28:22 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (02/12/2016 12:19:44 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 115.32.0.0

	Update Source: %NT AUTHORITY51

	Update Stage: 4.8.0204.00

	Source Path: 4.8.0204.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\NETWORK SERVICE

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (02/12/2016 12:19:44 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.213.5004.0

	Update Source: %NT AUTHORITY51

	Update Stage: 4.8.0204.00

	Source Path: 4.8.0204.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\NETWORK SERVICE

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (02/12/2016 12:19:44 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.213.5004.0

	Update Source: %NT AUTHORITY51

	Update Stage: 4.8.0204.00

	Source Path: 4.8.0204.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\NETWORK SERVICE

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (02/12/2016 12:19:44 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.213.5004.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.8.0204.00

	Source Path: 4.8.0204.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608


==================== Memory info =========================== 

Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz
Percentage of memory in use: 37%
Total physical RAM: 3070.43 MB
Available physical RAM: 1922.77 MB
Total Virtual: 6139.17 MB
Available Virtual: 4909.59 MB

==================== Drives ================================

Drive c: (Ge_W7_exNB) (Fixed) (Total:148.95 GB) (Free:103.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 63179D80)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
--- --- ---


Ich habe mir die beiden Files oben mal angesehen. Kommentare:
192.168.1.1 ist NICHT die IP Adresse des Routers, aber bei Tcpip\..\Interfaces aufgelistet
Chrome ist nicht installiert, aber es werden ein paar Sachen dazu aufgelistet
Keine Ahnung was C:\Qoobox ist
SteelWerX ist mir auch unbekannt
Die zwei Einträge im Eventlog mit wuaueng.dll scheinen interessant, sind aber schon vom 31. Januar.

Alt 14.02.2016, 20:05   #15
M-K-D-B
/// TB-Ausbilder
 
Kann nicht booten - nur safe mode geht - Standard

Kann nicht booten - nur safe mode geht



Servus,


schade, dass die Programme nicht geholfen haben.



Zitat:
2016-02-12 00:26 - 2016-02-12 00:39 - 00000000 ____D C:\Qoobox
2016-02-12 00:26 - 2016-02-12 00:37 - 00000000 ____D C:\Windows\erdnt
2016-02-12 00:26 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-02-12 00:26 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-02-12 00:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-02-12 00:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-02-12 00:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-02-12 00:26 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-02-12 00:26 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-02-12 00:26 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
Das gehört alles zu ComboFix, haben wir schon ausgeführt.






Lade dir die Datei Analyse1.bat auf den Rechner.
Starte Sie als Admin und poste mir bitte die Logdatei.
Rechner neu starten.







Zitat:
Error: (01/31/2016 12:28:17 PM) (Source: ESENT) (EventID: 490) (User: )
Description: wuaueng.dll (1160) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/31/2016 12:07:58 PM) (Source: ESENT) (EventID: 490) (User: )
Description: wuaueng.dll (1160) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Wenn ich das richtig lese, hat die wuaueng.dll keinen Zugriff auf den Ordner SoftwareDistribution.
Du könntest mal folgendes versuchen:
1. Windows Update Dienste beenden (net stop wuauserv, net stop cryptsvc, net stop bits, net stop msiserver)
2. Ordner C:\Windows\SoftwareDistribution in C:\Windows\SoftwareDistribution_old umbenennen.
3. Ordner C:\Windows\System32\catroot2 in C:\Windows\System32\catroot2_old umbenennen
4. Windows Update Dienste starten (net start wuauserv, net start cryptsvc, net start bits, net start msiserver)

Wenn es geholfen hat, die Ordner _old per Hand löschen.
Angehängte Dateien
Dateityp: bat analyse1.bat (156 Bytes, 75x aufgerufen)
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu Kann nicht booten - nur safe mode geht
automatische, beim starten, bluescreen, booten, check, deaktiviert, dnsapi.dll, einloggen, funktioniert, hardware, installation, irql, kaputt, malwarebytes, microsoft, network, neue, notebook, passwort, reparieren, starten, stick, usb, usb stick, windows, windows 7



Ähnliche Themen: Kann nicht booten - nur safe mode geht


  1. Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht
    Plagegeister aller Art und deren Bekämpfung - 25.06.2015 (19)
  2. GVU Trojaner W7x64, safe mode geht nicht, FRST müsste D scannen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2013 (12)
  3. Von Windows 7 CD Booten geht Nicht. (Laptop neu aufsetzten)
    Alles rund um Windows - 15.02.2013 (4)
  4. Bundespolizei Trojaner eingefangen safe mode geht nicht
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (37)
  5. PC gesperrt-GVU Trojaner (auch im safe-mode) OTL Frage!
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (7)
  6. GVU Pc Gesperrt und nix geht mehr nur save mode
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (6)
  7. Rechner findet Festplatte nicht und kann nicht booten
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (1)
  8. BKA-€-50-Trojaner, kann nicht von CD booten
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (39)
  9. (2x) Gema-Trojaner schlaegt auch im Safe-Mode durch
    Mülltonne - 19.03.2012 (1)
  10. Gema-Trojaner schlaegt auch im Safe-Mode durch
    Log-Analyse und Auswertung - 19.03.2012 (1)
  11. Windows 7 Safe Mode
    Log-Analyse und Auswertung - 14.03.2011 (15)
  12. winxp booten geht nicht !
    Alles rund um Windows - 24.01.2011 (1)
  13. Kann nicht von CD booten
    Alles rund um Windows - 15.10.2009 (9)
  14. Booten über CD/DVD geht nicht
    Alles rund um Windows - 25.06.2009 (1)
  15. nach escan im Safe Mode ist PC wahnsinnig langsam geworden
    Log-Analyse und Auswertung - 11.03.2006 (2)
  16. thnall1z.exe....W2K Safe Mode nicht mehr möglich!
    Log-Analyse und Auswertung - 05.11.2005 (1)
  17. thnall1z.exe....W2K Safe Mode nicht mehr möglich!
    Plagegeister aller Art und deren Bekämpfung - 04.11.2005 (2)

Zum Thema Kann nicht booten - nur safe mode geht - Hallo, ich habe einen alten Notebook von einem Familienmitglied zum Reparieren bekommen. Enthält Windows 7 Professional und beim Starten gibt es nach dem automatischen Einloggen (kein Passwort gesetzt) einen Bluescreen - Kann nicht booten - nur safe mode geht...
Archiv
Du betrachtest: Kann nicht booten - nur safe mode geht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.