|
Log-Analyse und Auswertung: Kann nicht booten - nur safe mode gehtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.01.2016, 00:31 | #1 |
| Kann nicht booten - nur safe mode geht Hallo, ich habe einen alten Notebook von einem Familienmitglied zum Reparieren bekommen. Enthält Windows 7 Professional und beim Starten gibt es nach dem automatischen Einloggen (kein Passwort gesetzt) einen Bluescreen (IRQL not less or equal oder sowas). Im Safe Mode funktioniert alles. Safe Mode mit Network geht auch nicht. Ich habe im Safe Mode in msconfig mal alles deaktiviert und nur Microsoft übrig gelassen. Auch das hat nichts geholfen. Via USB Stick habe ich mal Malwarebytes installiert und laufen lassen (Aktualisierung ging natürlich nicht) aber nichts wurde gefunden (nur ein paar PUP, jetzt entfernt). Ich habe auch einen neuen Benutzer angelegt und damit probiert; ohne Erfolg. Vielleicht ist ja auch was an der Hardware kaputt, aber wenn im Safe Mode alles läuft, scheint dies unwahrscheinlich. Was sollte ich tun um einen möglichst kompletten Check auf Malware durchzuführen? Es scheint eine Windows Installation vom Büro oder sowas vorzuliegen, d.h. alles neu Installieren ist wohl keine Option. Ach ja, noch ein paar Zusatzinfos: Es ist Windows 32-bit. Farbar log FRST: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016 Ran by newacct (administrator) on family-PC (28-01-2016 00:18:32) Running from E:\ Loaded Profiles: newacct (Available Profiles: family & newacct) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Safe Mode (minimal) Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\dinotify.exe (Microsoft Corporation) C:\Windows\System32\WerFault.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [12118840 2015-03-28] (Microsoft Corporation) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{71A9B5BB-67CD-4C4E-A214-A5A975300559}: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.6 Tcpip\..\Interfaces\{7FE26E94-8532-45C0-88F4-B901C05A5A56}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{C63E33CD-7F42-481C-888F-2F8A95D97026}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation) DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1318077124662 FireFox: ======== FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-07-19] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-28] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) Chrome: ======= CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) S2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1589152 2011-09-28] (Microsoft Corp.) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) S4 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [148840 2011-07-04] (Lenovo Group Limited) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 athr; C:\Windows\System32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.) S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [231640 2011-06-14] (Intel Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S1 MpKslae919e87; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BE4769EB-80FE-4CAA-956B-66C690F7A1D4}\MpKslae919e87.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-28 00:18 - 2016-01-28 00:18 - 00000000 ____D C:\FRST 2016-01-28 00:16 - 2016-01-28 00:17 - 00144744 _____ C:\Windows\Minidump\012816-23446-01.dmp 2016-01-28 00:15 - 2016-01-28 00:15 - 00001423 _____ C:\Users\newacct.family-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-28 00:15 - 2016-01-28 00:15 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Roaming\Adobe 2016-01-28 00:15 - 2016-01-28 00:15 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Local\VirtualStore 2016-01-27 21:28 - 2016-01-27 21:28 - 00144744 _____ C:\Windows\Minidump\012716-22838-01.dmp 2016-01-27 21:28 - 2016-01-27 21:28 - 00000020 ___SH C:\Users\newacct.family-PC\ntuser.ini 2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\My Documents 2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Videos 2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Pictures 2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Music 2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 ____D C:\Users\newacct.family-PC 2016-01-27 21:28 - 2011-10-08 15:19 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Local\Microsoft Help 2016-01-27 21:28 - 2011-04-12 03:24 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Roaming\Media Center Programs 2016-01-27 21:26 - 2016-01-27 21:26 - 00001423 _____ C:\Users\newacct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-27 21:26 - 2016-01-27 21:26 - 00000020 ___SH C:\Users\newacct\ntuser.ini 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\My Documents 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Videos 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Pictures 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Music 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct\AppData\Roaming\Adobe 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct\AppData\Local\VirtualStore 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct 2016-01-27 21:26 - 2011-10-08 15:19 - 00000000 ____D C:\Users\newacct\AppData\Local\Microsoft Help 2016-01-27 21:26 - 2011-04-12 03:24 - 00000000 ____D C:\Users\newacct\AppData\Roaming\Media Center Programs 2016-01-27 21:21 - 2016-01-27 21:21 - 00144744 _____ C:\Windows\Minidump\012716-25630-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-28 00:18 - 2015-06-29 22:40 - 03772346 _____ C:\Windows\ntbtlog.txt 2016-01-28 00:16 - 2015-06-29 22:34 - 00000000 ____D C:\Windows\Minidump 2016-01-28 00:16 - 2015-06-29 22:30 - 257937958 _____ C:\Windows\MEMORY.DMP 2016-01-28 00:15 - 2011-10-08 15:12 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-28 00:14 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-24 22:07 ==================== End of FRST.txt ============================ --- --- --- --- --- --- Addition.txt: [CODE]Additional FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x86) Version:27-01-2016 Ran by newacct (2016-01-28 00:19:14) Running from E:\ Microsoft Windows 7 Professional Service Pack 1 (X86) (2011-10-08 11:50:59) Boot Mode: Safe Mode (minimal) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-113424255-1033402217-2363257390-500 - Administrator - Disabled) newacct (S-1-5-21-113424255-1033402217-2363257390-1004 - Administrator - Enabled) => C:\Users\newacct.family-PC family (S-1-5-21-113424255-1033402217-2363257390-1000 - Administrator - Enabled) => C:\Users\family Guest (S-1-5-21-113424255-1033402217-2363257390-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-113424255-1033402217-2363257390-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Brother MFL-Pro Suite MFC-240C (HKLM\...\{7E48AFD3-F28A-4E54-99A8-9F3A4A27DBC4}) (Version: 1.0.3.0 - Brother Industries, Ltd.) EasyTax 2011 BL 1.01 (HKLM\...\EasyTax 2011 BL 1.01) (Version: - HWI Solutions AG) Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4461 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Online Services Sign-in Assistant (HKLM\...\{8A6BB58D-82A9-4FC7-B65F-A4EA87A4C138}) (Version: 7.250.4287.0 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation) ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.62 - ) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - ) ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo) Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {4E523091-538B-4FBE-9F02-EE87FC1933FD} - System32\Tasks\Microsoft\Windows\MemDiag => C:\Windows\system32\mdres.exe [2009-07-14] (Microsoft Corporation) Task: {5C0EFDD3-C42D-43D4-971C-617B456F5C47} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated) Task: {62BDAC61-F98E-4741-8F3A-8AA5AEC32E08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.) Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc Task: {867EDA05-0E8B-4E63-97D2-668DB977DF3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: {9F58D74E-A622-4E66-9D63-AAFBB1B052E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.) Task: {B6AA52D9-934F-42C0-817F-6F6F57A46F39} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2011-07-04] (Lenovo Group Limited) Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AEADIFilters => 2 MSCONFIG\Services: Ati External Event Utility => 2 MSCONFIG\Services: btwdins => 2 MSCONFIG\Services: DozeSvc => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: IBMPMSVC => 2 MSCONFIG\Services: McComponentHostService => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: Power Manager DBC Service => 3 MSCONFIG\Services: PwmEWSvc => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: TpShocks => TpShocks.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{A7C93AE7-0858-48A5-9930-A5874F595186}] => (Allow) C:\Program Files\Microsoft Lync\communicator.exe FirewallRules: [{D7E509F5-231D-408E-AE10-E6CC7F77BABD}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi.exe FirewallRules: [{1E8D97DA-478C-4A8E-B72F-2FEAF3310094}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{BCC5C774-2870-4AA8-B773-F0164D7CBB39}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{09C724EB-4FBE-428E-95A7-2EFAE6449BC0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{B64CD706-BA02-4B17-AADA-23AABF0959B7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{8C529A0A-4E95-4ACB-A7E3-D14B08E45825}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [{386AF724-31F3-4753-B72A-02D911C54F3E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe ==================== Restore Points ========================= 02-06-2015 14:45:09 Windows Update 05-06-2015 22:24:19 Windows Update 09-06-2015 09:10:28 Windows Update 11-06-2015 10:51:56 Windows Update 18-06-2015 16:32:27 Windows Update 24-06-2015 21:38:46 Windows Update 29-06-2015 21:29:22 Windows Update 29-06-2015 22:15:21 Windows Update 05-07-2015 16:32:06 Windows Update 05-07-2015 16:32:49 Windows Backup 05-07-2015 18:19:30 Windows Update 05-07-2015 18:44:23 restorepunkt-5JUL-15 05-07-2015 18:50:06 Windows Update ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (01/28/2016 12:18:35 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/28/2016 12:15:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/27/2016 09:29:48 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/27/2016 09:22:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/23/2015 05:45:17 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c). Error: (12/23/2015 05:44:18 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c). Error: (12/23/2015 05:44:10 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c). Error: (12/23/2015 05:44:02 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c). Error: (12/23/2015 05:43:52 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c). Error: (12/23/2015 05:43:38 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c). System errors: ============= Error: (01/28/2016 12:17:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/28/2016 12:17:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/28/2016 12:17:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/28/2016 12:17:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/28/2016 12:17:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/28/2016 12:17:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (01/28/2016 12:17:46 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (01/28/2016 12:17:45 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (01/28/2016 12:17:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/28/2016 12:17:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.201.1018.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 ==================== Memory info =========================== Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz Percentage of memory in use: 15% Total physical RAM: 3070.43 MB Available physical RAM: 2609.14 MB Total Virtual: 6139.17 MB Available Virtual: 5719.75 MB ==================== Drives ================================ Drive c: (Ge_W7_exNB) (Fixed) (Total:148.95 GB) (Free:103.36 GB) NTFS Drive e: (PATRIOT) (Removable) (Total:7.19 GB) (Free:7.15 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 63179D80) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: 481EA962) Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B) ==================== End of Addition.txt ============================ --- --- --- --- --- --- |
28.01.2016, 17:22 | #2 |
/// TB-Ausbilder | Kann nicht booten - nur safe mode gehtIch sehe keine Schadsoftware. Neuinstallation ist das einzig richtige bei so etwas. |
28.01.2016, 23:29 | #3 |
| Kann nicht booten - nur safe mode geht Natürlich kann es auch ein Treiberproblem oder sowas sein. Aber was macht dich so sicher, dass da keine Malware drauf ist? Nur weil im Safe Mode mit obigem Scan nichts gefunden wurde?
__________________ |
29.01.2016, 21:02 | #4 |
/// TB-Ausbilder | Kann nicht booten - nur safe mode geht Servus, wir machen mal folgendes: Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier. |
31.01.2016, 21:22 | #5 |
| Kann nicht booten - nur safe mode geht Hallo, also es gibt Neuigkeiten. Beim Versuch das Logfile zu erstellen, habe ich vor dem Bluescreen noch die Meldung erhalten, dass Windows nicht lizenziert sei "activation required". Das kam bisher nicht. Sobald ich dann etwas geklickt hatte (oder auch einfach warten) kam dann der Bluescreen wie bisher. Weiterhin nur Safe Mode ging. Nun das hat mich auf die Idee gebracht, dass vielleicht doch etwas mit den Treibern nicht stimmt, insbesondere auch dein Kommentar "neu aufsetzen". Zuerst habe ich festgestellt, dass ich msconfig vergessen hatte zurückzustellen auf "normal boot" (es war beim ersten Scan im Modus nur das nötigste starten). Das ist nun zurück auf normal. Bezüglich Treiber habe ich als erstes mal beide Netzwerk-Treiber deaktiviert (WLAN und Ethernet). Seit dann kann ich im Normalmodus wieder booten ohne Bluescreen. Beim genaueren Untersuchen konnte ich auch den Ethernet-Adapter wieder aktivieren. Es scheint der WLAN Adapter das Problem zu verursachen. Nun ist also nur noch WLAN deaktiviert und das Gerät via Kabel am Netzwerk angeschlossen. Jetzt konnte ich auch Windows aktivieren (scheint also keine Raubkopie zu sein, sondern war einfach 3 Monate nicht mehr am Netz). Als erstes habe ich PDF Reader aktualisiert und das alte installierte Java entfernt. Ich kann aber weder den Treiber aktualisieren, noch funktioniert sonst etwas vom Windows Update. Mein neues Problem ist also Windows Update funktioniert nicht. Soll ich dafür einen separaten Thread eröffnen? Ich vermute immer noch Malware als Grund dafür. Vielleicht hat die Malware sogar etwas mit dem Treiber zu tun. Unten poste ich noch die verlangten Logs (inkl. den ersten zwei nochmal). Was passiert? Windows Update sucht nach Updates und hört nicht auf. Ich bin zwar etwas verwöhnt von SSD Notebooks, aber ich habe Windows Update über Nacht laufen lassen und es wird nicht fertig (scannt weiter). Ich komme also nicht zum Installieren. Letzter Update oder Scan war von Juli 2015. Ein paar mal konnte ich Windows Update öffnen ohne einen neuen Scan zu starten und da hat er 5 optionale Updates angezeigt. Ich habe sie ausgewählt, aber nur einer konnte installiert werden, die anderen sind fehlgeschlagen. Aber eigentlich sollte ich erst mal einen vollständigen Scan machen können. Ich habe mal das Microsoft Repair Tool für Windows Update laufen lassen. Zwei Punkte konnten nicht gefixt werden, aber nach Reboot und neuen Versuch war es nur noch ein Punkt, der nicht ok war: "Windows Update error 0x80070005 - not fixed". Der Code bedeutet "access denied" und mit googlen finde ich diesen Fehler im Zusammenhang von Windows Update nur beim Installieren von Updates (so weit komme ich ja gar nicht), oder im Zusammenhang mit Malware. Malwarebytes habe ich nochmal laufen lassen und online aktualisiert, aber nichts wurde gefunden. Antivirus ist Microsoft Security Essentials. Windows Defender ist dekativiert. Es war noch eine (vermutlich Trial) Version von McAfee drauf, die liess sich aber nicht mal starten und die habe ich nun auch deinstalliert. Das hosts File ist leer (nur Kommentare). Internet-Verbindung ist unser Guest Netzwerk (limitiert auf http/https/dns/mail auf Hardware Firewall) im IP Range 192.168.112.x. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016 Ran by family (administrator) on family-PC (31-01-2016 21:01:11) Running from E:\ Loaded Profiles: family (Available Profiles: family & newacct) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [12118840 2015-03-28] (Microsoft Corporation) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337256 2011-03-29] (Lenovo.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-22] (Synaptics Incorporated) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKU\S-1-5-21-113424255-1033402217-2363257390-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53282944 2015-06-16] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-10-08] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.6 Tcpip\..\Interfaces\{7FE26E94-8532-45C0-88F4-B901C05A5A56}: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.6 Tcpip\..\Interfaces\{C63E33CD-7F42-481C-888F-2F8A95D97026}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-113424255-1033402217-2363257390-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ch/ HKU\S-1-5-21-113424255-1033402217-2363257390-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-113424255-1033402217-2363257390-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKU\S-1-5-21-113424255-1033402217-2363257390-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1318077124662 FireFox: ======== FF ProfilePath: C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\gsb2kc81.default FF DefaultSearchEngine: Wikipedia (de) FF SelectedSearchEngine: Wikipedia (de) FF Homepage: hxxps://www.google.ch/ FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-07-19] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.2\npGoogleUpdate3.dll [2016-01-31] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.2\npGoogleUpdate3.dll [2016-01-31] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-28] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Extension: Customizable Shortcuts - C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\gsb2kc81.default\Extensions\customizable-shortcuts@timtaubert.de.xpi [2015-07-05] Chrome: ======= CHR Profile: C:\Users\family\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-27] CHR Extension: (Google Search) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-27] CHR Extension: (AdBlock) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-18] CHR Extension: (Chrome In-App Payments service) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18] CHR Extension: (Gmail) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-27] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1589152 2011-09-28] (Microsoft Corp.) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) R2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [148840 2011-07-04] (Lenovo Group Limited) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 athr; C:\Windows\System32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.) R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [231640 2011-06-14] (Intel Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-31 11:21 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2016-01-31 11:21 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2016-01-31 11:21 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2016-01-31 11:21 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2016-01-31 11:21 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2016-01-31 11:21 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2016-01-31 11:21 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2016-01-31 11:21 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2016-01-31 11:21 - 2013-10-02 00:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2016-01-31 11:21 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2016-01-31 11:21 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2016-01-31 11:21 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2016-01-31 10:55 - 2016-01-31 10:55 - 22908888 _____ (Malwarebytes ) C:\Users\family\Downloads\mbam-setup-org-2.2.0.1024.exe 2016-01-31 02:40 - 2016-01-31 02:40 - 00000000 ____D C:\Windows\system32\appmgmt 2016-01-31 02:38 - 2016-01-31 03:05 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-01-31 02:33 - 2016-01-31 02:33 - 00000000 ____D C:\Users\family\AppData\Local\CEF 2016-01-31 02:30 - 2016-01-31 02:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-01-31 02:30 - 2016-01-31 02:30 - 00002027 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2016-01-31 02:30 - 2016-01-31 02:30 - 00000000 ____D C:\Program Files\Adobe 2016-01-31 02:07 - 2016-01-31 02:07 - 00144744 _____ C:\Windows\Minidump\013116-21559-01.dmp 2016-01-31 02:05 - 2016-01-31 02:05 - 00144744 _____ C:\Windows\Minidump\013116-53305-01.dmp 2016-01-31 01:40 - 2016-01-31 01:41 - 00144744 _____ C:\Windows\Minidump\013116-24133-01.dmp 2016-01-31 01:29 - 2016-01-31 01:29 - 00144744 _____ C:\Windows\Minidump\013116-23306-01.dmp 2016-01-28 00:18 - 2016-01-31 21:01 - 00000000 ____D C:\FRST 2016-01-28 00:16 - 2016-01-28 00:17 - 00144744 _____ C:\Windows\Minidump\012816-23446-01.dmp 2016-01-28 00:15 - 2016-01-28 00:15 - 00001423 _____ C:\Users\newacct.family-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-28 00:15 - 2016-01-28 00:15 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Roaming\Adobe 2016-01-28 00:15 - 2016-01-28 00:15 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Local\VirtualStore 2016-01-27 21:28 - 2016-01-27 21:28 - 00144744 _____ C:\Windows\Minidump\012716-22838-01.dmp 2016-01-27 21:28 - 2016-01-27 21:28 - 00000020 ___SH C:\Users\newacct.family-PC\ntuser.ini 2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\My Documents 2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Videos 2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Pictures 2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Music 2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 ____D C:\Users\newacct.family-PC 2016-01-27 21:28 - 2011-10-08 15:19 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Local\Microsoft Help 2016-01-27 21:28 - 2011-04-12 03:24 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Roaming\Media Center Programs 2016-01-27 21:26 - 2016-01-27 21:26 - 00001423 _____ C:\Users\newacct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-27 21:26 - 2016-01-27 21:26 - 00000020 ___SH C:\Users\newacct\ntuser.ini 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\My Documents 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Videos 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Pictures 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Music 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct\AppData\Roaming\Adobe 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct\AppData\Local\VirtualStore 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct 2016-01-27 21:26 - 2011-10-08 15:19 - 00000000 ____D C:\Users\newacct\AppData\Local\Microsoft Help 2016-01-27 21:26 - 2011-04-12 03:24 - 00000000 ____D C:\Users\newacct\AppData\Roaming\Media Center Programs 2016-01-27 21:21 - 2016-01-27 21:21 - 00144744 _____ C:\Windows\Minidump\012716-25630-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-31 20:36 - 2009-07-14 05:34 - 00032016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-31 20:36 - 2009-07-14 05:34 - 00032016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-31 20:21 - 2011-10-08 15:12 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-31 18:04 - 2011-10-08 15:12 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-31 14:06 - 2010-11-20 22:01 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-31 14:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2016-01-31 14:02 - 2015-06-29 21:27 - 00000000 ____D C:\Users\family\AppData\Roaming\Skype 2016-01-31 14:01 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-31 12:12 - 2011-10-08 13:10 - 00000000 ____D C:\Users\family\AppData\Local\ElevatedDiagnostics 2016-01-31 03:05 - 2014-01-07 15:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-01-31 02:33 - 2011-10-08 17:30 - 00000000 ____D C:\Users\family\AppData\Local\Adobe 2016-01-31 02:30 - 2011-10-08 17:29 - 00000000 ____D C:\Program Files\Common Files\Adobe 2016-01-31 02:30 - 2011-10-08 17:23 - 00000000 ____D C:\ProgramData\Adobe 2016-01-31 02:08 - 2015-06-29 22:40 - 04612422 _____ C:\Windows\ntbtlog.txt 2016-01-31 02:07 - 2015-06-29 22:34 - 00000000 ____D C:\Windows\Minidump 2016-01-31 02:07 - 2015-06-29 22:30 - 246219302 _____ C:\Windows\MEMORY.DMP 2016-01-31 01:36 - 2015-12-23 14:18 - 00000000 ____D C:\Windows\pss ==================== Files in the root of some directories ======= 2015-07-05 17:52 - 2015-07-05 17:52 - 0038482 _____ () C:\Users\family\AppData\Roaming\Comma Separated Values (DOS).ADR 2015-07-05 17:50 - 2015-07-05 17:50 - 0013014 _____ () C:\Users\family\AppData\Roaming\Comma Separated Values (DOS).CAL 2015-07-05 18:11 - 2015-07-05 18:11 - 0038490 _____ () C:\Users\family\AppData\Roaming\Comma Separated Values (Windows).ADR 2015-12-23 15:35 - 2015-12-23 15:35 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1747.tmp 2015-12-23 14:45 - 2015-12-23 14:45 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1B4D.tmp 2015-12-23 15:25 - 2015-12-23 15:25 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1C57.tmp 2015-12-23 15:46 - 2015-12-23 15:46 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1DAE.tmp 2015-12-23 15:22 - 2015-12-23 15:22 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1E2A.tmp 2015-12-23 14:21 - 2015-12-23 14:21 - 0000000 ____H () C:\Users\family\AppData\Local\BIT79F.tmp 2011-11-06 20:11 - 2014-12-07 15:14 - 0010240 _____ () C:\Users\family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-07-27 21:57 - 2013-07-27 21:57 - 0000017 _____ () C:\Users\family\AppData\Local\resmon.resmoncfg 2015-12-23 15:35 - 2015-12-23 15:35 - 0000000 _____ () C:\Users\family\AppData\Local\{381C1583-DDFD-424B-910A-85ECE50625C9} 2015-12-23 14:45 - 2015-12-23 14:45 - 0000000 _____ () C:\Users\family\AppData\Local\{40D6B901-D390-44B9-B334-B4C71CD03E25} 2015-12-23 15:25 - 2015-12-23 15:25 - 0000000 _____ () C:\Users\family\AppData\Local\{4849D6C0-E749-4F5F-8163-6384D0CA36DD} 2015-12-23 15:22 - 2015-12-23 15:22 - 0000000 _____ () C:\Users\family\AppData\Local\{588B28F6-7606-4EAA-B527-343BFB5298E5} 2015-12-23 15:46 - 2015-12-23 15:46 - 0000000 _____ () C:\Users\family\AppData\Local\{92E61D16-8364-460F-9E13-2187CB2F59A2} 2015-12-23 14:21 - 2015-12-23 14:21 - 0000000 _____ () C:\Users\family\AppData\Local\{B018192C-7275-4C4F-8C98-ADC3F855C33B} ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-24 22:07 ==================== End of FRST.txt ============================ --- --- --- [CODE]Additional FRST Logfile: FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x86) Version:27-01-2016 Ran by family (2016-01-31 21:02:26) Running from E:\ Microsoft Windows 7 Professional Service Pack 1 (X86) (2011-10-08 11:50:59) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-113424255-1033402217-2363257390-500 - Administrator - Disabled) newacct (S-1-5-21-113424255-1033402217-2363257390-1004 - Administrator - Enabled) => C:\Users\newacct.family-PC family (S-1-5-21-113424255-1033402217-2363257390-1000 - Administrator - Enabled) => C:\Users\family Guest (S-1-5-21-113424255-1033402217-2363257390-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-113424255-1033402217-2363257390-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Brother MFL-Pro Suite MFC-240C (HKLM\...\{7E48AFD3-F28A-4E54-99A8-9F3A4A27DBC4}) (Version: 1.0.3.0 - Brother Industries, Ltd.) EasyTax 2011 BL 1.01 (HKLM\...\EasyTax 2011 BL 1.01) (Version: - HWI Solutions AG) Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4461 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Online Services Sign-in Assistant (HKLM\...\{8A6BB58D-82A9-4FC7-B65F-A4EA87A4C138}) (Version: 7.250.4287.0 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 44.0 (x86 de) (HKLM\...\Mozilla Firefox 44.0 (x86 de)) (Version: 44.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation) ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.62 - ) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - ) ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo) Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2C6DB199-3EE0-4805-A344-49D4CF389359} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {62BDAC61-F98E-4741-8F3A-8AA5AEC32E08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.) Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc Task: {867EDA05-0E8B-4E63-97D2-668DB977DF3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: {9F58D74E-A622-4E66-9D63-AAFBB1B052E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.) Task: {B6AA52D9-934F-42C0-817F-6F6F57A46F39} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2011-07-04] (Lenovo Group Limited) Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2011-10-08 13:03 - 2011-07-04 02:02 - 00044544 ____N () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL 2011-01-24 11:35 - 2011-01-24 11:35 - 00132384 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll 2011-11-06 11:36 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-113424255-1033402217-2363257390-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 62.2.17.61 - 62.2.24.158 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{A7C93AE7-0858-48A5-9930-A5874F595186}] => (Allow) C:\Program Files\Microsoft Lync\communicator.exe FirewallRules: [{D7E509F5-231D-408E-AE10-E6CC7F77BABD}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi.exe FirewallRules: [{1E8D97DA-478C-4A8E-B72F-2FEAF3310094}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{BCC5C774-2870-4AA8-B773-F0164D7CBB39}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{09C724EB-4FBE-428E-95A7-2EFAE6449BC0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{B64CD706-BA02-4B17-AADA-23AABF0959B7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{8C529A0A-4E95-4ACB-A7E3-D14B08E45825}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [{386AF724-31F3-4753-B72A-02D911C54F3E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe ==================== Restore Points ========================= 09-06-2015 09:10:28 Windows Update 11-06-2015 10:51:56 Windows Update 18-06-2015 16:32:27 Windows Update 24-06-2015 21:38:46 Windows Update 29-06-2015 21:29:22 Windows Update 29-06-2015 22:15:21 Windows Update 05-07-2015 16:32:06 Windows Update 05-07-2015 16:32:49 Windows Backup 05-07-2015 18:19:30 Windows Update 05-07-2015 18:44:23 restorepunkt-5JUL-15 05-07-2015 18:50:06 Windows Update 31-01-2016 02:39:54 Removed Java 8 Update 31 31-01-2016 03:12:42 Windows Update 31-01-2016 11:19:54 Windows Update ==================== Faulty Device Manager Devices ============= Name: 11a/b/g Wireless LAN Mini PCI Express Adapter Description: 11a/b/g Wireless LAN Mini PCI Express Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Qualcomm Atheros Communications Inc. Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/31/2016 02:03:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/31/2016 01:44:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/31/2016 12:28:17 PM) (Source: ESENT) (EventID: 490) (User: ) Description: wuaueng.dll (1160) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (01/31/2016 12:07:58 PM) (Source: ESENT) (EventID: 490) (User: ) Description: wuaueng.dll (1160) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (01/31/2016 11:26:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/31/2016 10:50:14 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/31/2016 03:07:22 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/31/2016 02:11:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/31/2016 02:09:00 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/31/2016 01:56:38 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (01/31/2016 12:07:48 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} Error: (01/31/2016 11:23:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 (KB2592687). Error: (01/31/2016 11:23:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 (KB3048761). Error: (01/31/2016 11:23:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 (KB2574819). Error: (01/31/2016 11:23:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 (KB3050265). Error: (01/31/2016 03:04:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.201.1018.0 Update Source: %NT AUTHORITY59 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/31/2016 02:10:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 115.3.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/31/2016 02:10:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.201.1018.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/31/2016 02:10:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.201.1018.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (01/31/2016 02:10:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.201.1018.0 Update Source: %NT AUTHORITY59 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 ==================== Memory info =========================== Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz Percentage of memory in use: 58% Total physical RAM: 3070.43 MB Available physical RAM: 1287.63 MB Total Virtual: 6139.17 MB Available Virtual: 4411.91 MB ==================== Drives ================================ Drive c: (Ge_W7_exNB) (Fixed) (Total:148.95 GB) (Free:102.93 GB) NTFS Drive e: (PATRIOT) (Removable) (Total:7.19 GB) (Free:7.15 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 63179D80) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: 481EA962) Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B) ==================== End of Addition.txt ============================ --- --- --- und finally hier der neue Scan: Code:
ATTFilter Farbar Service Scanner Version: 27-01-2016 Ran by family (administrator) on 31-01-2016 at 21:10:37 Running from "E:\" Microsoft Windows 7 Professional Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is unreachable Attempt to access Google.com returned error: Google.com is unreachable Attempt to access Yahoo.com returned error: Yahoo.com is unreachable Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => File is digitally signed C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed C:\Windows\system32\dhcpcore.dll => File is digitally signed C:\Windows\system32\Drivers\afd.sys => File is digitally signed C:\Windows\system32\Drivers\tdx.sys => File is digitally signed C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed C:\Windows\system32\dnsrslvr.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\mpssvc.dll => File is digitally signed C:\Windows\system32\bfe.dll => File is digitally signed C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed C:\Windows\system32\SDRSVC.dll => File is digitally signed C:\Windows\system32\vssvc.exe => File is digitally signed C:\Windows\system32\wscsvc.dll => File is digitally signed C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\system32\wuaueng.dll => File is digitally signed C:\Windows\system32\qmgr.dll => File is digitally signed C:\Windows\system32\es.dll => File is digitally signed C:\Windows\system32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\system32\ipnathlp.dll => File is digitally signed C:\Windows\system32\iphlpsvc.dll => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed **** End of log **** Ohne Windows Update werde ich früher oder später sicher Malware haben, daher wäre ich froh um Ratschläge. Ich habe auch mal WindowsUpdate.log angeschaut und dort sind noch mehr Fehlercodes und Warnungen vorhanden, aber irgendwie nix vernünftiges. Die nächsten 5 Tage werde ich keinen Zugang zu besagtem Problem-Rechner haben, es kann daher etwas dauern, bis ich dann wieder antworte. |
01.02.2016, 14:29 | #6 |
/// TB-Ausbilder | Kann nicht booten - nur safe mode geht Servus, vielen Dank für die Informationen und die Logdateien. Was wir tun können bzw. wobei ich evtl. helfen kann: Möglichkeit 1: Da du immer noch von Malware als Ursache ausgehst, könnten wir zuerst noch ein paar Tools über den Rechner jagen und anschließend die Tools ausführen, die ich kenne, um Windows- bzw. Update-Probleme zu beheben. Möglichkeit 2: Wir führen gleich die Tools aus und versuchen so die Update-Probleme zu beheben. Lass es mich einfach wissen. |
04.02.2016, 16:38 | #7 |
/// TB-Ausbilder | Kann nicht booten - nur safe mode geht Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
11.02.2016, 21:47 | #8 |
| Kann nicht booten - nur safe mode geht Hmm. Was ist genau der Unterschied zwischen den zwei Varianten? Ich meine, das Update Problem muss auf jeden Fall behoben werden. Wenn du dazu Ideen hast können wir das gerne machen. Im Fall 1 würden wir nur erst sicherstellen (mit weiteren Tools/Scans) dass keine Malware drauf ist, korrekt? Aber auch im Fall 2 müssten wir ja einen neuen Check machen, oder? Ist also eigentlich egal. Wir können also gut Variante 2 nehmen, da die schneller zu gehen scheint. Und sorry für die späte Antwort - ich sagte ja ich habe keinen PC Zugriff für über eine Woche. |
11.02.2016, 21:59 | #9 |
/// TB-Ausbilder | Kann nicht booten - nur safe mode geht Servus, bitte alle Tools vom Desktop ausführen. Scan mit Combofix
|
12.02.2016, 00:51 | #10 |
| Kann nicht booten - nur safe mode geht Hier ist der Scan: Code:
ATTFilter ComboFix 16-02-09.01 - family 12.02.2016 0:28.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.41.1033.18.3070.1815 [GMT 1:00] ausgeführt von:: c:\users\family\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . ((((((((((((((((((((((( Dateien erstellt von 2016-01-11 bis 2016-02-11 )))))))))))))))))))))))))))))) . . 2016-02-11 23:36 . 2016-02-11 23:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-02-11 23:30 . 2016-02-11 23:30 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5023C329-DC29-4164-AF31-D27121857102}\offreg.888.dll 2016-01-31 10:33 . 2016-01-31 10:33 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5023C329-DC29-4164-AF31-D27121857102}\offreg.904.dll 2016-01-31 10:21 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll 2016-01-31 10:21 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2016-01-31 10:21 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys 2016-01-31 10:21 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2016-01-31 10:21 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll 2016-01-31 10:21 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll 2016-01-31 10:21 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll 2016-01-31 10:21 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll 2016-01-31 10:21 . 2013-10-01 23:00 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe 2016-01-31 10:21 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe 2016-01-31 10:21 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe 2016-01-31 10:21 . 2013-10-01 20:55 5698048 ----a-w- c:\windows\system32\mstscax.dll 2016-01-31 02:14 . 2015-07-05 15:32 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{076A2453-070A-4494-8F69-A15254D28B71}\gapaengine.dll 2016-01-31 02:13 . 2015-11-25 01:43 9014120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5023C329-DC29-4164-AF31-D27121857102}\mpengine.dll 2016-01-31 01:33 . 2016-01-31 01:33 -------- d-----w- c:\users\family\AppData\Local\CEF 2016-01-27 23:18 . 2016-01-31 20:03 -------- d-----w- C:\FRST 2016-01-27 20:26 . 2016-01-27 20:26 -------- d-----w- c:\users\newacct . . . (((((((((((((((((((((((((((((((((((( Find3M Bnewacctht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-12-23 14:46 . 2015-12-23 14:46 0 ---ha-w- c:\users\family\AppData\Local\BIT1DAE.tmp 2015-12-23 14:35 . 2015-12-23 14:35 0 ---ha-w- c:\users\family\AppData\Local\BIT1747.tmp 2015-12-23 14:25 . 2015-12-23 14:25 0 ---ha-w- c:\users\family\AppData\Local\BIT1C57.tmp 2015-12-23 14:22 . 2015-12-23 14:22 0 ---ha-w- c:\users\family\AppData\Local\BIT1E2A.tmp 2015-12-23 13:45 . 2015-12-23 13:45 0 ---ha-w- c:\users\family\AppData\Local\BIT1B4D.tmp 2015-12-23 13:21 . 2015-12-23 13:21 0 ---ha-w- c:\users\family\AppData\Local\BIT79F.tmp 2015-12-09 03:39 . 2011-10-08 12:05 247976 ------w- c:\windows\system32\MpSigStub.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-06-16 53282944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184] "Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2015-03-28 12118840] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 981688] "TpShocks"="TpShocks.exe" [2011-03-29 337256] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-07-04 1299816] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 804128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-06-03 327296] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-08 45736] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-05-23 102912] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 95408] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2015-04-29 284504] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-07-04 83304] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152] R3 TsUsbGD;Remote Desktop Gennewacct USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-07-19 1343400] S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-07-04 25968] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-03-29 20592] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-09-28 1589152] S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-07-04 148840] S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-07-04 292200] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] utcsvc REG_MULTI_SZ DiagTrack . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2015-12-18 15:42 286904 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll . Inhalt des "geplante Tasks" Ordners . 2016-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-08 16:59] . 2016-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-08 16:59] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = https://www.google.ch/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 62.2.17.61 62.2.24.158 62.2.17.6 FF - ProfilePath - c:\users\family\AppData\Roaming\Mozilla\Firefox\Profiles\gsb2kc81.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (de) FF - prefs.js: browser.startup.homepage - hxxps://www.google.ch/ . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(5516) c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll c:\program files\ThinkPad\Utilities\PWMTR32V.DLL c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL . Zeit der Fertigstellung: 2016-02-12 00:39:31 ComboFix-quarantined-files.txt 2016-02-11 23:39 . Vor Suchlauf: 110'344'994'816 bytes free Nach Suchlauf: 110'354'870'272 bytes free . - - End Of File - - 77D6881207D8667B698E58A8D97D94BC A36C5E4F47E84449FF07ED3517B43A31 |
12.02.2016, 21:57 | #11 |
/// TB-Ausbilder | Kann nicht booten - nur safe mode geht Servus, Schritt 1 Schließe alle offenen Programme. Downloade dir WinUpdateFix auf den Desktop. Starte das Tool, es öffnet sich ein Fenster. Wähle unter Selection erst Tous und dann Executer aus. Bestätige auftretende Meldungen mit Ok. Dein Rechner wird neu gestartet. Öffne nach dem Neustart WinUpdateFix nochmal und vergewissere dich, dass unter Services überall Demarre und Automatique steht. Sollte dies nicht so sein, so drücke die entsprechenden Buttons. Überprüfe nun, ob Windows Update wieder funktioniert. Schritt 2 Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier. |
13.02.2016, 17:24 | #12 |
| Kann nicht booten - nur safe mode geht Schritt 1: Hat nicht funktioniert. Das Tool ist erfolgreich durchgelaufen (alle Optionen aktiviert wie beschrieben), hat rebooted und beim zweiten Start habe ich kontrolliert, ob "Automatisch" gesetzt ist (ist korrekt). Beim Öffnen von Windows Update erhalte ich ein rotes Kreuz mit der Meldung dass noch nie ein Scan gelaufen wäre. Wenn ich auf "Check for Updates" clicke sucht er mehrere Minuten, bis ich dann die Fehlermeldung mit Code 8007000E erhalte. Schritt 2: Code:
ATTFilter Farbar Service Scanner Version: 27-01-2016 Ran by family (administrator) on 13-02-2016 at 11:53:19 Running from "C:\Users\family\Desktop" Microsoft Windows 7 Professional Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is unreachable Attempt to access Google.com returned error: Google.com is unreachable Attempt to access Yahoo.com returned error: Yahoo.com is unreachable Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => File is digitally signed C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed C:\Windows\system32\dhcpcore.dll => File is digitally signed C:\Windows\system32\Drivers\afd.sys => File is digitally signed C:\Windows\system32\Drivers\tdx.sys => File is digitally signed C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed C:\Windows\system32\dnsrslvr.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\mpssvc.dll => File is digitally signed C:\Windows\system32\bfe.dll => File is digitally signed C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed C:\Windows\system32\SDRSVC.dll => File is digitally signed C:\Windows\system32\vssvc.exe => File is digitally signed C:\Windows\system32\wscsvc.dll => File is digitally signed C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\system32\wuaueng.dll => File is digitally signed C:\Windows\system32\qmgr.dll => File is digitally signed C:\Windows\system32\es.dll => File is digitally signed C:\Windows\system32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\system32\ipnathlp.dll => File is digitally signed C:\Windows\system32\iphlpsvc.dll => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed **** End of log **** Inzwischen habe ich mal nach dem Fehlercode gegoogelt. Dabei bin ich auf diesen Artikel gestossen: Henk's blog: Some clients not updating, reporting 8007000E error in WindowsUpdate.log Im Update zuunterst steht, dass KB3102810 (https://support.microsoft.com/en-us/kb/3102810) den Hotfix ersetzt. In der Beschreibung zum KB steht, dass Windows Update sehr lange laufen kann oder 100% CPU braucht und dies ein optionales Update für Windows ist. Ich habe diese dann manuell installiert (d.h. nicht mit Windows Update, sondern als Einzel-Download). Installation war erfolgreich. Nach dem Reboot habe ich nochmal probiert, aber keine Verbeserung - Windows Update habe ich nach vier Stunden "Checking for updates" dann abgebrochen, d.h. diesmal dann keine Fehlermeldung. Ich habe gedacht, dass ich nach der Installation nochmal dein Repair-Tool laufen lasse und dann ist mir aufgefallen, dass (nach dem Reboot) im Tool die zweite Box nicht auf "automatisch" stand. Entweder habe ich das beim letzten Post nicht gesehen, oder ich hatte nur die linke Box angeschaut. Ich habe also nun das auch auf "automatisch" gestellt (zweite Box ist übrigens BITS, also der wichtige Service) und gerebootet. Nach dem Reboot habe als erstes nochmal WinUpdateFix laufen lassen (ohne Repair, nur Anzeige) und nun stehen alle drei auf grün und automatisch. Es wird also nicht immer wieder ausgeschaltet. Aber immer noch gleiches Problem - Windows Update sucht ewigs nach Updates. Im Eventlog sehe ich auch keine Fehler, die auf Probleme schliessen lassen (1 WMI Fehler und 2 Warnungen vom Druckertreiber über veraltetes Flash bei jedem Boot). |
13.02.2016, 22:13 | #13 |
/// TB-Ausbilder | Kann nicht booten - nur safe mode geht Servus, ich weiß nicht, welche Ports Windows 7 für ein Update benötigt. Die Dienste scheinen aber an sich jetzt zu laufen. Hhmm... Kannst du den Rechner nicht an einen Ort bringen, an dem es keinen Einschränkungen gibt? Schon das hier probiert wegen der Fehlermeldung? 1) Windows Update-Fehler 80070008 oder 8007000e 2) Windows Update troubleshooter Nochmal FRST bitte:
|
14.02.2016, 17:24 | #14 |
| Kann nicht booten - nur safe mode geht Laut meiner Google-Recherche müsste Port 80 und 443 für Windows Update ausreichen. In Ergänzung zum Originalpost, ist auch noch NTP erlaubt. Einen anderen Internet-Anschluss habe ich gerade nicht zur Verfügung, aber ich habe mir mal die Firewall Logs angeschaut. Keine blockierten Zugriffe, ausser einen mit Port 67 (Zugriff auf Firewall) beim Reboot der Firewall mitten in der letzten Nacht, vermutlich DHCP oder sowas. Ich sehe da keinen Zusammenhang. Das Tool 1 habe ich schon mehrfach laufen lassen. Bei jedem Run erhalte ich verschiedene Meldungen. Ich habe es gerade zwe Mal laufen lassen. Jedes Mal erscheinen 1-4 Meldungen mit "gefixed" und 1-2 Meldungen mit "not fixed". Beim zweiten Lauf zum Beispiel habe ich folgende drei Zeilen: Windows Update error 0x8024402C(2016-02-14-T-04_51_21P) - not fixed Problems installing recent updates - not fixed Service registration is missing or corrupt - fixed Wenn ich jedoch die "Details" aufrufe erhalte ich folgendes: Service registration is missing or corrupt - fixed Windows Update error 0x8024402C(...) - fixed Problems installing recent updates - fixed 6x Potential issues - issue not present Service registration is missing or corrupt - fixed Windows Update error 0x8024402C(...) - fixed Problems installing recent updates - fixed Potential issues that were checked (6x issue not present) Das Tool 2 habe ich erfolgreich durchlaufen lassen (kannte ich nicht, aber scheint nur für Installationen zu sein). Beides hat nichts gebracht. FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-02-2016 Ran by family (administrator) on family-PC (14-02-2016 17:09:08) Running from C:\Users\family\Desktop Loaded Profiles: family (Available Profiles: family & newacct) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [12118840 2015-03-28] (Microsoft Corporation) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337256 2011-03-29] (Lenovo.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-22] (Synaptics Incorporated) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKU\S-1-5-21-113424255-1033402217-2363257390-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53282944 2015-06-16] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-10-08] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.6 Tcpip\..\Interfaces\{7FE26E94-8532-45C0-88F4-B901C05A5A56}: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.6 Tcpip\..\Interfaces\{C63E33CD-7F42-481C-888F-2F8A95D97026}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-113424255-1033402217-2363257390-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-113424255-1033402217-2363257390-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-113424255-1033402217-2363257390-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ch/ HKU\S-1-5-21-113424255-1033402217-2363257390-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKU\S-1-5-21-113424255-1033402217-2363257390-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1318077124662 FireFox: ======== FF ProfilePath: C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\gsb2kc81.default FF DefaultSearchEngine: Wikipedia (de) FF SelectedSearchEngine: Wikipedia (de) FF Homepage: hxxps://www.google.ch/ FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-07-19] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-12] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-12] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-28] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Extension: Customizable Shortcuts - C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\gsb2kc81.default\Extensions\customizable-shortcuts@timtaubert.de.xpi [2015-07-05] Chrome: ======= CHR Profile: C:\Users\family\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-27] CHR Extension: (Google Search) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-27] CHR Extension: (AdBlock) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-18] CHR Extension: (Chrome In-App Payments service) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18] CHR Extension: (Gmail) - C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-27] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1589152 2011-09-28] (Microsoft Corp.) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) R2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [148840 2011-07-04] (Lenovo Group Limited) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 athr; C:\Windows\System32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.) R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [231640 2011-06-14] (Intel Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 catchme; \??\C:\Users\family\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-14 17:09 - 2016-02-14 17:09 - 00011067 _____ C:\Users\family\Desktop\FRST.txt 2016-02-14 17:08 - 2016-02-14 17:08 - 01721344 _____ (Farbar) C:\Users\family\Desktop\FRST.exe 2016-02-13 12:10 - 2015-10-20 18:46 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-02-13 12:10 - 2015-10-20 18:46 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-02-13 12:10 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-02-13 12:10 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-02-13 12:10 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-02-13 12:10 - 2015-10-20 18:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-02-13 12:10 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-02-13 12:10 - 2015-10-20 18:45 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-02-13 12:10 - 2015-10-20 18:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2016-02-13 12:10 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-02-13 12:10 - 2015-10-20 18:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2016-02-13 12:09 - 2016-02-13 12:09 - 02751664 _____ C:\Users\family\Desktop\Windows6.1-KB3102810-x86.msu 2016-02-13 11:40 - 2016-02-13 11:40 - 00548774 _____ C:\Users\family\Desktop\winupdatefix_1.3.exe 2016-02-12 00:26 - 2016-02-12 00:39 - 00000000 ____D C:\Qoobox 2016-02-12 00:26 - 2016-02-12 00:37 - 00000000 ____D C:\Windows\erdnt 2016-02-12 00:26 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2016-02-12 00:26 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2016-02-12 00:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2016-02-12 00:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2016-02-12 00:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2016-02-12 00:26 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2016-02-12 00:26 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2016-02-12 00:26 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2016-01-31 11:21 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2016-01-31 11:21 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2016-01-31 11:21 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2016-01-31 11:21 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2016-01-31 11:21 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2016-01-31 11:21 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2016-01-31 11:21 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2016-01-31 11:21 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2016-01-31 11:21 - 2013-10-02 00:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2016-01-31 11:21 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2016-01-31 11:21 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2016-01-31 11:21 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2016-01-31 10:55 - 2016-01-31 10:55 - 22908888 _____ (Malwarebytes ) C:\Users\family\Downloads\mbam-setup-org-2.2.0.1024.exe 2016-01-31 02:40 - 2016-01-31 02:40 - 00000000 ____D C:\Windows\system32\appmgmt 2016-01-31 02:38 - 2016-01-31 03:05 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-01-31 02:33 - 2016-01-31 02:33 - 00000000 ____D C:\Users\family\AppData\Local\CEF 2016-01-31 02:30 - 2016-01-31 02:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-01-31 02:30 - 2016-01-31 02:30 - 00002027 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2016-01-31 02:30 - 2016-01-31 02:30 - 00000000 ____D C:\Program Files\Adobe 2016-01-31 02:07 - 2016-01-31 02:07 - 00144744 _____ C:\Windows\Minidump\013116-21559-01.dmp 2016-01-31 02:05 - 2016-01-31 02:05 - 00144744 _____ C:\Windows\Minidump\013116-53305-01.dmp 2016-01-31 01:40 - 2016-01-31 01:41 - 00144744 _____ C:\Windows\Minidump\013116-24133-01.dmp 2016-01-31 01:29 - 2016-01-31 01:29 - 00144744 _____ C:\Windows\Minidump\013116-23306-01.dmp 2016-01-28 00:18 - 2016-02-14 17:09 - 00000000 ____D C:\FRST 2016-01-28 00:16 - 2016-01-28 00:17 - 00144744 _____ C:\Windows\Minidump\012816-23446-01.dmp 2016-01-28 00:15 - 2016-01-28 00:15 - 00001423 _____ C:\Users\newacct.family-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-28 00:15 - 2016-01-28 00:15 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Roaming\Adobe 2016-01-28 00:15 - 2016-01-28 00:15 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Local\VirtualStore 2016-01-27 21:28 - 2016-01-27 21:28 - 00144744 _____ C:\Windows\Minidump\012716-22838-01.dmp 2016-01-27 21:28 - 2016-01-27 21:28 - 00000020 ___SH C:\Users\newacct.family-PC\ntuser.ini 2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\My Documents 2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Videos 2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Pictures 2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 _SHDL C:\Users\newacct.family-PC\Documents\My Music 2016-01-27 21:28 - 2016-01-27 21:28 - 00000000 ____D C:\Users\newacct.family-PC 2016-01-27 21:28 - 2011-10-08 15:19 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Local\Microsoft Help 2016-01-27 21:28 - 2011-04-12 03:24 - 00000000 ____D C:\Users\newacct.family-PC\AppData\Roaming\Media Center Programs 2016-01-27 21:26 - 2016-01-27 21:26 - 00001423 _____ C:\Users\newacct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-27 21:26 - 2016-01-27 21:26 - 00000020 ___SH C:\Users\newacct\ntuser.ini 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\My Documents 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Videos 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Pictures 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 _SHDL C:\Users\newacct\Documents\My Music 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct\AppData\Roaming\Adobe 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct\AppData\Local\VirtualStore 2016-01-27 21:26 - 2016-01-27 21:26 - 00000000 ____D C:\Users\newacct 2016-01-27 21:26 - 2011-10-08 15:19 - 00000000 ____D C:\Users\newacct\AppData\Local\Microsoft Help 2016-01-27 21:26 - 2011-04-12 03:24 - 00000000 ____D C:\Users\newacct\AppData\Roaming\Media Center Programs 2016-01-27 21:21 - 2016-01-27 21:21 - 00144744 _____ C:\Windows\Minidump\012716-25630-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-14 17:09 - 2011-10-08 15:12 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-14 17:01 - 2009-07-14 05:34 - 00032016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-02-14 17:01 - 2009-07-14 05:34 - 00032016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-02-14 01:19 - 2011-10-08 15:12 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-13 16:09 - 2010-11-20 22:01 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-13 16:09 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2016-02-13 16:06 - 2015-06-29 21:27 - 00000000 ____D C:\Users\family\AppData\Roaming\Skype 2016-02-13 16:05 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-02-13 12:11 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\PolicyDefinitions 2016-02-12 00:36 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini 2016-01-31 12:12 - 2011-10-08 13:10 - 00000000 ____D C:\Users\family\AppData\Local\ElevatedDiagnostics 2016-01-31 03:05 - 2014-01-07 15:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-01-31 02:33 - 2011-10-08 17:30 - 00000000 ____D C:\Users\family\AppData\Local\Adobe 2016-01-31 02:30 - 2011-10-08 17:29 - 00000000 ____D C:\Program Files\Common Files\Adobe 2016-01-31 02:30 - 2011-10-08 17:23 - 00000000 ____D C:\ProgramData\Adobe 2016-01-31 02:08 - 2015-06-29 22:40 - 04612422 _____ C:\Windows\ntbtlog.txt 2016-01-31 02:07 - 2015-06-29 22:34 - 00000000 ____D C:\Windows\Minidump 2016-01-31 02:07 - 2015-06-29 22:30 - 246219302 _____ C:\Windows\MEMORY.DMP 2016-01-31 01:36 - 2015-12-23 14:18 - 00000000 ____D C:\Windows\pss ==================== Files in the root of some directories ======= 2015-07-05 17:52 - 2015-07-05 17:52 - 0038482 _____ () C:\Users\family\AppData\Roaming\Comma Separated Values (DOS).ADR 2015-07-05 17:50 - 2015-07-05 17:50 - 0013014 _____ () C:\Users\family\AppData\Roaming\Comma Separated Values (DOS).CAL 2015-07-05 18:11 - 2015-07-05 18:11 - 0038490 _____ () C:\Users\family\AppData\Roaming\Comma Separated Values (Windows).ADR 2015-12-23 15:35 - 2015-12-23 15:35 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1747.tmp 2015-12-23 14:45 - 2015-12-23 14:45 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1B4D.tmp 2015-12-23 15:25 - 2015-12-23 15:25 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1C57.tmp 2015-12-23 15:46 - 2015-12-23 15:46 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1DAE.tmp 2015-12-23 15:22 - 2015-12-23 15:22 - 0000000 ____H () C:\Users\family\AppData\Local\BIT1E2A.tmp 2015-12-23 14:21 - 2015-12-23 14:21 - 0000000 ____H () C:\Users\family\AppData\Local\BIT79F.tmp 2011-11-06 20:11 - 2014-12-07 15:14 - 0010240 _____ () C:\Users\family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-07-27 21:57 - 2013-07-27 21:57 - 0000017 _____ () C:\Users\family\AppData\Local\resmon.resmoncfg 2015-12-23 15:35 - 2015-12-23 15:35 - 0000000 _____ () C:\Users\family\AppData\Local\{381C1583-DDFD-424B-910A-85ECE50625C9} 2015-12-23 14:45 - 2015-12-23 14:45 - 0000000 _____ () C:\Users\family\AppData\Local\{40D6B901-D390-44B9-B334-B4C71CD03E25} 2015-12-23 15:25 - 2015-12-23 15:25 - 0000000 _____ () C:\Users\family\AppData\Local\{4849D6C0-E749-4F5F-8163-6384D0CA36DD} 2015-12-23 15:22 - 2015-12-23 15:22 - 0000000 _____ () C:\Users\family\AppData\Local\{588B28F6-7606-4EAA-B527-343BFB5298E5} 2015-12-23 15:46 - 2015-12-23 15:46 - 0000000 _____ () C:\Users\family\AppData\Local\{92E61D16-8364-460F-9E13-2187CB2F59A2} 2015-12-23 14:21 - 2015-12-23 14:21 - 0000000 _____ () C:\Users\family\AppData\Local\{B018192C-7275-4C4F-8C98-ADC3F855C33B} ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-24 22:07 ==================== End of FRST.txt ============================ [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x86) Version:07-02-2016 Ran by family (2016-02-14 17:10:02) Running from C:\Users\family\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) (2011-10-08 11:50:59) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-113424255-1033402217-2363257390-500 - Administrator - Disabled) newacct (S-1-5-21-113424255-1033402217-2363257390-1004 - Administrator - Enabled) => C:\Users\newacct.family-PC family (S-1-5-21-113424255-1033402217-2363257390-1000 - Administrator - Enabled) => C:\Users\family Guest (S-1-5-21-113424255-1033402217-2363257390-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-113424255-1033402217-2363257390-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Brother MFL-Pro Suite MFC-240C (HKLM\...\{7E48AFD3-F28A-4E54-99A8-9F3A4A27DBC4}) (Version: 1.0.3.0 - Brother Industries, Ltd.) EasyTax 2011 BL 1.01 (HKLM\...\EasyTax 2011 BL 1.01) (Version: - HWI Solutions AG) Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4461 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Online Services Sign-in Assistant (HKLM\...\{8A6BB58D-82A9-4FC7-B65F-A4EA87A4C138}) (Version: 7.250.4287.0 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 44.0 (x86 de) (HKLM\...\Mozilla Firefox 44.0 (x86 de)) (Version: 44.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation) ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.62 - ) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - ) ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo) Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2C6DB199-3EE0-4805-A344-49D4CF389359} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {62BDAC61-F98E-4741-8F3A-8AA5AEC32E08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.) Task: {867EDA05-0E8B-4E63-97D2-668DB977DF3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: {9F58D74E-A622-4E66-9D63-AAFBB1B052E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.) Task: {B6AA52D9-934F-42C0-817F-6F6F57A46F39} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2011-07-04] (Lenovo Group Limited) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2011-10-08 13:03 - 2011-07-04 02:02 - 00044544 ____N () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL 2011-01-24 11:35 - 2011-01-24 11:35 - 00132384 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll 2011-11-06 11:36 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-113424255-1033402217-2363257390-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 62.2.17.61 - 62.2.24.158 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{A7C93AE7-0858-48A5-9930-A5874F595186}] => (Allow) C:\Program Files\Microsoft Lync\communicator.exe FirewallRules: [{D7E509F5-231D-408E-AE10-E6CC7F77BABD}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi.exe FirewallRules: [{1E8D97DA-478C-4A8E-B72F-2FEAF3310094}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{BCC5C774-2870-4AA8-B773-F0164D7CBB39}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{09C724EB-4FBE-428E-95A7-2EFAE6449BC0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{B64CD706-BA02-4B17-AADA-23AABF0959B7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{8C529A0A-4E95-4ACB-A7E3-D14B08E45825}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [{386AF724-31F3-4753-B72A-02D911C54F3E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe ==================== Restore Points ========================= 18-06-2015 16:32:27 Windows Update 24-06-2015 21:38:46 Windows Update 29-06-2015 21:29:22 Windows Update 29-06-2015 22:15:21 Windows Update 05-07-2015 16:32:06 Windows Update 05-07-2015 16:32:49 Windows Backup 05-07-2015 18:19:30 Windows Update 05-07-2015 18:44:23 restorepunkt-5JUL-15 05-07-2015 18:50:06 Windows Update 31-01-2016 02:39:54 Removed Java 8 Update 31 31-01-2016 03:12:42 Windows Update 31-01-2016 11:19:54 Windows Update 12-02-2016 00:26:48 ComboFix created restore point 13-02-2016 11:54:18 Windows Update 13-02-2016 12:09:59 Windows Update 14-02-2016 16:19:09 Installed Microsoft Fix it 50123 ==================== Faulty Device Manager Devices ============= Name: 11a/b/g Wireless LAN Mini PCI Express Adapter Description: 11a/b/g Wireless LAN Mini PCI Express Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Qualcomm Atheros Communications Inc. Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/13/2016 04:06:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/13/2016 12:14:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/13/2016 11:45:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/13/2016 11:38:54 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/12/2016 12:21:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/31/2016 02:03:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/31/2016 01:44:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/31/2016 12:28:17 PM) (Source: ESENT) (EventID: 490) (User: ) Description: wuaueng.dll (1160) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (01/31/2016 12:07:58 PM) (Source: ESENT) (EventID: 490) (User: ) Description: wuaueng.dll (1160) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (01/31/2016 11:26:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (02/14/2016 04:51:27 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.6097.0 Update Source: %NT AUTHORITY59 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (02/12/2016 07:59:19 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.5966.0 Update Source: %NT AUTHORITY59 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (02/12/2016 07:58:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. Error: (02/12/2016 12:36:40 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (02/12/2016 12:32:58 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (02/12/2016 12:28:22 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (02/12/2016 12:19:44 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 115.32.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (02/12/2016 12:19:44 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.5004.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (02/12/2016 12:19:44 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.5004.0 Update Source: %NT AUTHORITY51 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (02/12/2016 12:19:44 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.5004.0 Update Source: %NT AUTHORITY59 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 ==================== Memory info =========================== Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz Percentage of memory in use: 37% Total physical RAM: 3070.43 MB Available physical RAM: 1922.77 MB Total Virtual: 6139.17 MB Available Virtual: 4909.59 MB ==================== Drives ================================ Drive c: (Ge_W7_exNB) (Fixed) (Total:148.95 GB) (Free:103.24 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 63179D80) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Ich habe mir die beiden Files oben mal angesehen. Kommentare: 192.168.1.1 ist NICHT die IP Adresse des Routers, aber bei Tcpip\..\Interfaces aufgelistet Chrome ist nicht installiert, aber es werden ein paar Sachen dazu aufgelistet Keine Ahnung was C:\Qoobox ist SteelWerX ist mir auch unbekannt Die zwei Einträge im Eventlog mit wuaueng.dll scheinen interessant, sind aber schon vom 31. Januar. |
14.02.2016, 21:05 | #15 | ||
/// TB-Ausbilder | Kann nicht booten - nur safe mode geht Servus, schade, dass die Programme nicht geholfen haben. Zitat:
Lade dir die Datei Analyse1.bat auf den Rechner. Starte Sie als Admin und poste mir bitte die Logdatei. Rechner neu starten. Zitat:
Du könntest mal folgendes versuchen: 1. Windows Update Dienste beenden (net stop wuauserv, net stop cryptsvc, net stop bits, net stop msiserver) 2. Ordner C:\Windows\SoftwareDistribution in C:\Windows\SoftwareDistribution_old umbenennen. 3. Ordner C:\Windows\System32\catroot2 in C:\Windows\System32\catroot2_old umbenennen 4. Windows Update Dienste starten (net start wuauserv, net start cryptsvc, net start bits, net start msiserver) Wenn es geholfen hat, die Ordner _old per Hand löschen. Geändert von M-K-D-B (24.02.2020 um 21:07 Uhr) |
Themen zu Kann nicht booten - nur safe mode geht |
automatische, beim starten, bluescreen, booten, check, deaktiviert, dnsapi.dll, einloggen, funktioniert, hardware, installation, irql, kaputt, malwarebytes, microsoft, network, neue, notebook, passwort, reparieren, starten, stick, usb, usb stick, windows, windows 7 |