Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Internetverbindung bricht ab

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.02.2015, 19:58   #1
Zahrlfabian
 
Internetverbindung bricht ab - Standard

Internetverbindung bricht ab



Hallie liebes Trojanerboard,

seit einigen Tagen bricht die Verbindung zum Internet nach ~5 Minuten einfach ab, wo dann nur mehr ein Neustart hilft. Ich hoffe ihr könnt mir helfen.

frst.txt

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Zahrli (administrator) on IDEA-PC on 25-02-2015 19:43:35
Running from C:\Users\Zahrli\Desktop
Loaded Profiles: Zahrli (Available profiles: Zahrli & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-03-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-03-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-11] (Geek Software GmbH)
HKU\S-1-5-21-575461211-50880055-1663760230-1001\...\Run: [Facebook Update] => C:\Users\Zahrli\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-30] (Facebook Inc.)
HKU\S-1-5-21-575461211-50880055-1663760230-1001\...\Run: [GoogleChromeAutoLaunch_AFAB938D5E1FF3ACD526399E20BD564C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-575461211-50880055-1663760230-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-575461211-50880055-1663760230-1001\...\MountPoints2: {c9483f16-47ac-11e4-be94-f4b7e2edd6ec} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-575461211-50880055-1663760230-1001\...\MountPoints2: {dc763f20-793f-11e4-bea3-f4b7e2edd6ec} - "F:\HTC_Sync_Manager_PC.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Zahrli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-575461211-50880055-1663760230-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4F643AE2-4CF1-4BA9-B5B9-0A8263619573}: [NameServer] 198.101.13.115,95.211.37.200
Tcpip\..\Interfaces\{88B4CD3D-CD23-46A4-9D83-CBCC74DF4C9B}: [NameServer] 198.101.13.115,95.211.37.200
Tcpip\..\Interfaces\{BA70BDAF-16AE-40AB-9D3A-F0F6C0AEE2DC}: [NameServer] 198.101.13.115,95.211.37.200
Tcpip\..\Interfaces\{E1FF3DDD-88CD-4E71-992E-9293355810D7}: [NameServer] 198.101.13.115,95.211.37.200
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Zahrli\AppData\Roaming\Mozilla\Firefox\Profiles\pe9uc4tm.default
FF NetworkProxy: "type", 0
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-575461211-50880055-1663760230-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Zahrli\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Zahrli\AppData\Roaming\Mozilla\Firefox\Profiles\pe9uc4tm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKU\S-1-5-21-575461211-50880055-1663760230-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HomePage: Default -> hxxp://isearch.zoo.com/ofaz1/search/home?sid=77342&tid=18335&bd=1400273059551&ver=6.1&guid=77342-18335-1400273059551-CC6824CFDEBD13179B3C378A981661B2
CHR StartupUrls: Default -> "https://www.google.at/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Zahrli\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Zahrli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-19]
CHR Extension: (Google Drive) - C:\Users\Zahrli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Zahrli\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (YouTube) - C:\Users\Zahrli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-19]
CHR Extension: (Adblock Plus) - C:\Users\Zahrli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-12]
CHR Extension: (Google Search) - C:\Users\Zahrli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-19]
CHR Extension: (Skype Click to Call) - C:\Users\Zahrli\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-07]
CHR Extension: (Google Wallet) - C:\Users\Zahrli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-19]
CHR Extension: (Gmail) - C:\Users\Zahrli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-09-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 19:43 - 2015-02-25 19:44 - 00020479 _____ () C:\Users\Zahrli\Desktop\FRST.txt
2015-02-25 19:43 - 2015-02-25 19:43 - 00000474 _____ () C:\Users\Zahrli\Desktop\defogger_disable.log
2015-02-25 19:43 - 2015-02-25 19:43 - 00000000 ____D () C:\FRST
2015-02-25 19:43 - 2015-02-25 19:43 - 00000000 _____ () C:\Users\Zahrli\defogger_reenable
2015-02-25 19:40 - 2015-02-25 19:37 - 02087936 _____ (Farbar) C:\Users\Zahrli\Desktop\FRST64.exe
2015-02-25 19:40 - 2015-02-25 19:37 - 00380416 _____ () C:\Users\Zahrli\Desktop\Gmer-19357.exe
2015-02-25 19:40 - 2015-02-25 19:37 - 00050477 _____ () C:\Users\Zahrli\Desktop\Defogger.exe
2015-02-25 19:32 - 2015-02-25 19:32 - 00000605 _____ () C:\DelFix.txt
2015-02-25 19:24 - 2015-02-25 19:24 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-25 18:54 - 2015-02-25 18:57 - 00000753 _____ () C:\Users\Zahrli\Desktop\exercise5.html
2015-02-25 18:46 - 2015-02-25 18:52 - 00000626 _____ () C:\Users\Zahrli\Desktop\exercise4.html
2015-02-25 18:40 - 2015-02-25 18:40 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 18:40 - 2015-02-25 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-25 18:40 - 2015-02-25 18:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 18:40 - 2015-02-25 18:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-25 18:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-25 18:40 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-25 18:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-25 18:38 - 2015-02-25 18:39 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Zahrli\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-25 18:07 - 2015-02-25 18:07 - 00001248 _____ () C:\Users\Zahrli\Downloads\sources_of_20150220.zip
2015-02-25 14:57 - 2015-02-15 13:03 - 04371731 ____N () C:\Users\Zahrli\Desktop\VID-20150215-WA0000.mp4
2015-02-25 14:40 - 2015-02-07 11:16 - 108495762 ____N () C:\Users\Zahrli\Desktop\VIDEO0014.mp4
2015-02-25 14:04 - 2015-02-25 14:04 - 00001870 _____ () C:\Users\Public\Desktop\GeoGebra.lnk
2015-02-25 14:04 - 2015-02-25 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 5
2015-02-25 14:03 - 2015-02-25 14:04 - 00000000 ____D () C:\Program Files (x86)\GeoGebra 5.0
2015-02-25 14:00 - 2015-02-25 14:02 - 58652992 _____ (International GeoGebra Institute) C:\Users\Zahrli\Downloads\GeoGebra-Windows-Installer-5-0-65-0.exe
2015-02-25 08:58 - 2015-02-25 08:59 - 00018732 _____ () C:\Users\Zahrli\Downloads\Intanet PSP.rar
2015-02-25 08:55 - 2015-02-25 08:55 - 00021867 _____ () C:\Users\Zahrli\Downloads\Intanet PSP.vsdx
2015-02-23 15:40 - 2015-02-23 15:40 - 00389703 _____ () C:\Users\Zahrli\Downloads\IMG-20150223-WA0006.jpeg
2015-02-20 10:34 - 2015-02-20 10:34 - 00000824 _____ () C:\Users\Zahrli\Downloads\index.html
2015-02-18 11:22 - 2015-02-18 11:22 - 00024159 _____ () C:\Users\Zahrli\Downloads\Zeitplan_KAV_v01.xlsx
2015-02-18 08:05 - 2015-02-18 08:05 - 00003148 _____ () C:\WINDOWS\System32\Tasks\{29D05CC1-9D43-4366-B922-42DFD898BD29}
2015-02-16 18:41 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-16 18:41 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-13 11:41 - 2015-02-13 11:42 - 00000000 ____D () C:\Users\Zahrli\Desktop\U18-LL-SVG-AKASTP
2015-02-13 10:38 - 2015-02-13 10:38 - 00000195 _____ () C:\Users\Zahrli\Downloads\Index.html.txt
2015-02-12 09:00 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-12 09:00 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-12 09:00 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-12 09:00 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-12 09:00 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-12 09:00 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-12 09:00 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-12 09:00 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-12 09:00 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-12 09:00 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-12 09:00 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-12 08:59 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-12 08:59 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-12 08:59 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-12 08:59 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-12 08:59 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-12 08:59 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-12 08:59 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-12 08:59 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-12 08:59 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-12 08:59 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-12 08:59 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-12 08:59 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-12 08:59 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-12 08:59 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-12 08:59 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-12 08:59 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-12 08:58 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 08:58 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-12 08:58 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-12 08:58 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-12 08:58 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-12 08:58 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-12 08:58 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-12 08:58 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-12 08:58 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-12 08:58 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-12 08:58 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-12 08:58 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-12 08:58 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-12 08:58 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-12 08:58 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-12 08:58 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-12 08:58 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-12 08:58 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-12 08:58 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-12 08:58 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-12 08:58 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-12 08:58 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-12 08:58 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-12 08:58 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-12 08:58 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-12 08:58 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-12 08:58 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-12 08:58 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-12 08:58 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-12 08:58 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-12 08:58 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-12 08:58 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-12 08:58 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-12 08:58 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-12 08:58 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-12 08:58 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-12 08:58 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-12 08:41 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-12 08:41 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-12 08:41 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-12 08:41 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-12 08:41 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-12 08:41 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-12 08:41 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-02 21:55 - 2015-02-02 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-02 21:55 - 2015-02-02 21:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-02 21:55 - 2015-02-02 21:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-02 21:54 - 2015-02-02 21:55 - 13087456 _____ (Microsoft Corporation) C:\Users\Zahrli\Downloads\Silverlight_x64(1).exe
2015-02-02 21:53 - 2015-02-02 21:53 - 13087456 _____ (Microsoft Corporation) C:\Users\Zahrli\Downloads\Silverlight_x64.exe
2015-01-29 09:20 - 2015-01-29 09:20 - 00085599 _____ () C:\Users\Zahrli\Downloads\Green-IT_pp.pptx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 19:43 - 2014-11-06 10:23 - 00000000 ____D () C:\Users\Zahrli
2015-02-25 19:43 - 2014-03-19 14:05 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-575461211-50880055-1663760230-1001
2015-02-25 19:41 - 2014-09-24 07:17 - 00005430 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-25 19:41 - 2014-09-24 06:43 - 04523254 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-25 19:41 - 2014-09-24 06:43 - 01284758 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-25 19:40 - 2015-01-06 19:44 - 00000000 ____D () C:\Users\Zahrli\AppData\Roaming\Skype
2015-02-25 19:39 - 2014-12-01 11:31 - 00000000 ____D () C:\Users\Zahrli\AppData\Local\HTC MediaHub
2015-02-25 19:38 - 2014-03-19 14:29 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-25 19:37 - 2014-11-06 10:39 - 01964760 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-25 19:36 - 2013-08-22 15:46 - 00348625 _____ () C:\WINDOWS\setupact.log
2015-02-25 19:36 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-25 19:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-25 19:17 - 2014-03-30 21:12 - 00000948 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-575461211-50880055-1663760230-1001UA.job
2015-02-25 19:05 - 2014-03-19 14:29 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-25 19:03 - 2014-09-23 22:06 - 00648632 _____ () C:\WINDOWS\PFRO.log
2015-02-25 19:02 - 2013-03-24 14:29 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-02-25 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-25 18:38 - 2014-03-26 13:07 - 00000000 ____D () C:\Users\Zahrli\AppData\Local\Aptana Studio 3
2015-02-25 18:34 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-25 14:30 - 2014-12-01 11:33 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6B7AECF-C6D1-473D-9460-C7FB8BCCC749}
2015-02-25 09:06 - 2014-12-02 13:19 - 00000000 ____D () C:\Users\Zahrli\Desktop\wetransfer-83430f
2015-02-22 20:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-20 13:23 - 2013-03-24 14:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-20 11:51 - 2012-07-26 06:26 - 00000293 _____ () C:\WINDOWS\win.ini
2015-02-20 08:02 - 2014-12-01 11:03 - 00003096 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-575461211-50880055-1663760230-1001
2015-02-20 08:02 - 2014-12-01 11:03 - 00000000 ___RD () C:\Users\Zahrli\OneDrive
2015-02-19 08:29 - 2015-01-07 08:29 - 00000176 _____ () C:\Users\Zahrli\AppData\Roaming\WB.CFG
2015-02-18 07:56 - 2014-03-27 12:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-18 07:56 - 2014-03-21 15:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-17 08:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-17 08:12 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-16 18:41 - 2014-03-19 13:59 - 00000000 ____D () C:\Users\Zahrli\AppData\Local\Packages
2015-02-13 10:31 - 2013-08-22 15:44 - 00482920 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-13 10:19 - 2014-03-20 11:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-13 10:13 - 2014-03-20 11:54 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-13 10:11 - 2014-12-15 17:09 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-13 10:11 - 2014-09-24 08:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-12 09:00 - 2014-03-19 14:29 - 00004106 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-12 09:00 - 2014-03-19 14:29 - 00003870 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 22:17 - 2014-03-30 21:12 - 00000926 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-575461211-50880055-1663760230-1001Core.job
2015-01-26 21:08 - 2014-09-11 19:56 - 00000000 ____D () C:\Users\Zahrli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth

==================== Files in the root of some directories =======

2015-01-07 08:29 - 2015-02-19 08:29 - 0000176 _____ () C:\Users\Zahrli\AppData\Roaming\WB.CFG
2015-01-09 08:30 - 2015-01-09 08:30 - 0000001 _____ () C:\Users\Zahrli\AppData\Local\DSI.DAT
2015-01-09 08:30 - 2015-01-09 08:30 - 0022528 _____ () C:\Users\Zahrli\AppData\Local\dsisetup2202822812.exe
2014-11-06 08:32 - 2014-11-06 08:32 - 0000727 _____ () C:\Users\Zahrli\AppData\Local\recently-used.xbel
2013-03-24 14:13 - 2013-03-24 14:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Zahrli\AppData\Local\Temp\CloudBackup7700.exe
C:\Users\Zahrli\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Zahrli\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Zahrli\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Zahrli\AppData\Local\Temp\Quarantine.exe
C:\Users\Zahrli\AppData\Local\Temp\sqlite3.dll
C:\Users\Zahrli\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-25 19:16

==================== End Of Log ============================
         
addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Zahrli at 2015-02-25 19:44:20
Running from C:\Users\Zahrli\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"FIFA 14" (HKLM-x32\...\{6049054B-DB11-48E1-A583-9A565D5C8856}_is1) (Version: 1.4.0.0 - )
1-Zip version 1.0 (HKLM-x32\...\{F3D5911B-4578-48E7-A186-D3990401F714}_is1) (Version: 1.0 - One Floor App Ltd.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aptana Studio 3 (HKLM-x32\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dia (nur entfernen) (HKLM-x32\...\Dia) (Version:  - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.65.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Chrome Packages (HKU\S-1-5-21-575461211-50880055-1663760230-1001\...\Google Chrome Packages) (Version:  - ) <==== ATTENTION
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GRID 2 version 1.0.0.1 (HKLM-x32\...\GRID 2_is1) (Version: 1.0.0.1 - )
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.33.0 - HTC)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java SE Development Kit 7 Update 40 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.10.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-575461211-50880055-1663760230-1001\...\OneDriveSetup.exe) (Version: 17.3.4713.0209 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MySQL Workbench 6.0 CE (HKLM-x32\...\{43CCD58C-FCC8-45AB-9909-37347969DDD1}) (Version: 6.0.9 - Oracle Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Experte Ultimate Testversion (HKLM-x32\...\{1B9D9CB3-A817-4f3e-B018-5C0967D5B425}) (Version: 9.00 - Avanquest)
PDF24 Creator 6.9.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPROR_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0051-0000-1000-0000000FF1CE}_Office15.VISPROR_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.10 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-575461211-50880055-1663760230-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-575461211-50880055-1663760230-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Zahrli\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

01-02-2015 19:50:07 Windows Update
12-02-2015 09:54:28 Windows Update
17-02-2015 08:11:05 Windows Modules Installer
20-02-2015 13:23:23 Entfernt Atheros Communications Inc.(R) AR81Family Gigabit/Fast :îšZ

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C47E6BE-4658-435A-8005-EE05FD3EEDE2} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-575461211-50880055-1663760230-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {2C51FA03-5102-497A-A410-C6C9C17C04A6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3573D8A2-933C-44BD-A429-23B8FE8B656B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-19] (Google Inc.)
Task: {412409A7-6975-473E-AFE6-C09619545D5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-19] (Google Inc.)
Task: {6FE454BF-D9EE-4574-B25D-8B127DDF2B1C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-13] (Microsoft Corporation)
Task: {899A6646-CA78-4370-A746-3571B36B23D7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-575461211-50880055-1663760230-1001UA => C:\Users\Zahrli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-30] (Facebook Inc.)
Task: {8D577D66-4F59-4EBF-8C77-973F158A2A2E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {A0C5D620-6362-406C-97CA-9684027E1DAD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-575461211-50880055-1663760230-1001Core => C:\Users\Zahrli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-30] (Facebook Inc.)
Task: {B94D1D73-F145-48BA-BA15-4CF93A87AA61} - System32\Tasks\{29D05CC1-9D43-4366-B922-42DFD898BD29} => pcalua.exe -a C:\Users\Zahrli\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=cor <==== ATTENTION
Task: {C9EBA698-3C74-4940-8A0D-8F5DA0D7CB8B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {E25AEF3B-3D23-4D3F-A396-46AEF37A6254} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {FB56F764-6F08-4AAB-B4A9-DC98E80FAD08} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-575461211-50880055-1663760230-1001Core.job => C:\Users\Zahrli\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-575461211-50880055-1663760230-1001UA.job => C:\Users\Zahrli\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-11-15 15:51 - 2012-11-15 15:51 - 00048920 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-11-03 11:04 - 2014-11-03 11:04 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-11-03 11:07 - 2014-11-03 11:07 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-03-24 14:06 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-02-20 08:07 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 08:07 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 08:07 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-575461211-50880055-1663760230-1001\Control Panel\Desktop\\Wallpaper -> C:\HTC\Pictures\Instagram\IMG_20140612_174902.jpg
DNS Servers: 198.101.13.115 - 95.211.37.200

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-575461211-50880055-1663760230-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-575461211-50880055-1663760230-501 - Limited - Disabled)
Zahrli (S-1-5-21-575461211-50880055-1663760230-1001 - Administrator - Enabled) => C:\Users\Zahrli

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2015 07:40:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (02/25/2015 07:40:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (02/25/2015 07:40:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (02/25/2015 07:28:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/25/2015 07:28:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/25/2015 07:27:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/25/2015 07:27:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/25/2015 07:24:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/25/2015 07:17:06 PM) (Source: Google Update) (EventID: 20) (User: idea-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7


System errors:
=============
Error: (02/25/2015 07:36:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎25.‎02.‎2015 um 19:26:28 unerwartet heruntergefahren.

Error: (02/25/2015 07:26:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎25.‎02.‎2015 um 19:04:06 unerwartet heruntergefahren.

Error: (02/25/2015 07:17:16 PM) (Source: DCOM) (EventID: 10010) (User: idea-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (02/25/2015 07:40:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (02/25/2015 07:40:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (02/25/2015 07:40:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000

Error: (02/25/2015 07:28:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Zahrli\Desktop\esetsmartinstaller_deu.exe

Error: (02/25/2015 07:28:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Zahrli\Desktop\esetsmartinstaller_deu.exe

Error: (02/25/2015 07:27:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Zahrli\Desktop\esetsmartinstaller_deu.exe

Error: (02/25/2015 07:27:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Zahrli\Desktop\esetsmartinstaller_deu.exe

Error: (02/25/2015 07:24:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Zahrli\Desktop\esetsmartinstaller_deu.exe

Error: (02/25/2015 07:17:06 PM) (Source: Google Update) (EventID: 20) (User: idea-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7


CodeIntegrity Errors:
===================================
  Date: 2015-02-25 19:19:08.941
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-18 08:59:17.774
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-18 08:59:17.605
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-18 08:59:17.345
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-18 08:59:17.211
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-18 08:59:16.929
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-18 08:59:16.778
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-18 08:59:16.465
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-18 08:59:16.304
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-18 08:59:15.978
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 18%
Total physical RAM: 8057.77 MB
Available physical RAM: 6541.06 MB
Total Pagefile: 9337.77 MB
Available Pagefile: 7767.99 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.4 GB) (Free:725.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:5.24 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 32436F05)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 7FD755A3)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)

==================== End Of Log ============================
         
gmer.log

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-25 19:48:19
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002d ST1000LM024_HN-M101MBB rev.2AR20002 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Zahrli\AppData\Local\Temp\kxldrpow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files\Windows Defender\MsMpEng.exe[1908] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506                  00007ffb62bc169a 4 bytes [BC, 62, FB, 7F]
.text   C:\Program Files\Windows Defender\MsMpEng.exe[1908] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514                  00007ffb62bc16a2 4 bytes [BC, 62, FB, 7F]
.text   C:\Program Files\Windows Defender\MsMpEng.exe[1908] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118                     00007ffb62bc181a 4 bytes [BC, 62, FB, 7F]
.text   C:\Program Files\Windows Defender\MsMpEng.exe[1908] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142                     00007ffb62bc1832 4 bytes [BC, 62, FB, 7F]
.text   C:\WINDOWS\Explorer.EXE[2292] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                        00007ffb62bc169a 4 bytes [BC, 62, FB, 7F]
.text   C:\WINDOWS\Explorer.EXE[2292] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                        00007ffb62bc16a2 4 bytes [BC, 62, FB, 7F]
.text   C:\WINDOWS\Explorer.EXE[2292] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                           00007ffb62bc181a 4 bytes [BC, 62, FB, 7F]
.text   C:\WINDOWS\Explorer.EXE[2292] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                           00007ffb62bc1832 4 bytes [BC, 62, FB, 7F]
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[504] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                 00007ffb57d31f6a 4 bytes [D3, 57, FB, 7F]
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[504] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                 00007ffb57d31f82 4 bytes [D3, 57, FB, 7F]
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[504] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506           00007ffb62bc169a 4 bytes [BC, 62, FB, 7F]
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[504] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514           00007ffb62bc16a2 4 bytes [BC, 62, FB, 7F]
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[504] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118              00007ffb62bc181a 4 bytes [BC, 62, FB, 7F]
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[504] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142              00007ffb62bc1832 4 bytes [BC, 62, FB, 7F]
.text   C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3028] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506  00007ffb62bc169a 4 bytes [BC, 62, FB, 7F]
.text   C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3028] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514  00007ffb62bc16a2 4 bytes [BC, 62, FB, 7F]
.text   C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3028] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118     00007ffb62bc181a 4 bytes [BC, 62, FB, 7F]
.text   C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[3028] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142     00007ffb62bc1832 4 bytes [BC, 62, FB, 7F]
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[1916] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194         00007ffb57d31f6a 4 bytes [D3, 57, FB, 7F]
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[1916] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218         00007ffb57d31f82 4 bytes [D3, 57, FB, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [580:604]                                                                                     fffff96000956b90

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                       unknown MBR code

---- EOF - GMER 2.1 ----
         

Alt 25.02.2015, 20:01   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Internetverbindung bricht ab - Standard

Internetverbindung bricht ab



hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Google Chrome Packages


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool

Setze einen Haken bei folgenden Einträgen
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Minidump Files
Klicke Go und poste den Inhalt der Result.txt.
__________________

__________________

Antwort

Themen zu Internetverbindung bricht ab
adobe, adware, browser, defender, entfernen, explorer, fehler, ftp, google, homepage, iexplore.exe, installation, installmanager.exe, internet, mozilla, onedrive, performance, prozess, registry, rundll, security, services.exe, software, svchost.exe, system, usb, windows



Ähnliche Themen: Internetverbindung bricht ab


  1. Internetverbindung bricht immer ab
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (1)
  2. kernel.exe bricht die Internetverbindung ab
    Log-Analyse und Auswertung - 24.06.2011 (1)
  3. Internetverbindung bricht nach ca. 10 ab
    Netzwerk und Hardware - 09.01.2010 (0)
  4. Internetverbindung bricht ab
    Log-Analyse und Auswertung - 06.10.2009 (2)
  5. Internetverbindung bricht ab
    Log-Analyse und Auswertung - 23.05.2009 (1)
  6. Internetverbindung bricht ab!!!
    Log-Analyse und Auswertung - 23.11.2008 (1)
  7. Internetverbindung bricht ab - DR/delphi.gen?
    Plagegeister aller Art und deren Bekämpfung - 07.10.2008 (1)
  8. Internetverbindung bricht andauernd ab!
    Plagegeister aller Art und deren Bekämpfung - 04.10.2008 (7)
  9. Internetverbindung bricht permanent ab
    Log-Analyse und Auswertung - 22.05.2008 (15)
  10. Internetverbindung bricht zusammen
    Log-Analyse und Auswertung - 27.01.2008 (6)
  11. Internetverbindung bricht ständig ab
    Log-Analyse und Auswertung - 21.09.2007 (8)
  12. Internetverbindung bricht alle 5 min ab
    Log-Analyse und Auswertung - 20.09.2007 (6)
  13. Internetverbindung bricht ab - HiJackThis.log
    Log-Analyse und Auswertung - 03.09.2007 (2)
  14. Internetverbindung bricht spontan ab
    Log-Analyse und Auswertung - 27.07.2007 (4)
  15. Internetverbindung bricht ab
    Log-Analyse und Auswertung - 07.10.2006 (3)
  16. Internetverbindung bricht ab
    Log-Analyse und Auswertung - 17.03.2006 (4)
  17. Internetverbindung bricht ab !!
    Alles rund um Windows - 01.03.2005 (1)

Zum Thema Internetverbindung bricht ab - Hallie liebes Trojanerboard, seit einigen Tagen bricht die Verbindung zum Internet nach ~5 Minuten einfach ab, wo dann nur mehr ein Neustart hilft. Ich hoffe ihr könnt mir helfen. frst.txt - Internetverbindung bricht ab...
Archiv
Du betrachtest: Internetverbindung bricht ab auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.