gmer log bei rootkit

saput · 18.12.2013, 03:29

hallo

ich hab ein rootkit Problem, cpu, ram und platte laufen hoch, obwohl ich nichts mache und keine eigenen prozzesse laufen hab
könntet ihr bitte mein log überprüfen
danke im voraus

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-18 01:20:06
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000026 ST1000LM024_HN-M101MBB rev.2AR20002 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Maik\AppData\Local\Temp\kxloypoc.sys

---- Kernel code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\ntoskrnl.exe!KiCpuId + 988 fffff80173a5641c 1 byte [31]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe[1836] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f872b8177a 4 bytes [B8, 72, F8, 07]
.text C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe[1836] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f872b81782 4 bytes [B8, 72, F8, 07]

---- Threads - GMER 2.1 ----

Thread C:\WINDOWS\system32\csrss.exe [648:672] fffff960009a75e8

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

schrauber · 18.12.2013, 07:48

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

saput · 18.12.2013, 11:14

hi, danke für deine schnelle antwort, hier die gewünschten Daten:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-12-2013 02
Ran by Maik (administrator) on MAIK-PC on 18-12-2013 09:05:21
Running from C:\Users\Maik\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\core\mchost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-05] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] - C:\Windows\RTFTrack.exe [6339656 2013-04-24] (Realtek semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3050736 2013-04-04] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-10-26] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [193008 2013-10-26] (Lenovo(beijing) Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1527896 2012-06-21] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-15] (Lenovo)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-15] (Lenovo)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKLM - {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKLM-x32 - DefaultScope {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKLM-x32 - {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKCU - DefaultScope {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = 
SearchScopes: HKCU - {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = 
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

==================== Services (Whitelisted) =================

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-02] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-05-22] (McAfee, Inc.)
R2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-06-22] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-06-22] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [177144 2012-06-22] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-10-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385272 2013-04-23] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [66712 2012-06-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3341792 2013-04-25] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243144 2013-04-24] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-04] (Synaptics Incorporated)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
U3 kxloypoc; \??\C:\Users\Maik\AppData\Local\Temp\kxloypoc.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-18 09:05 - 2013-12-18 09:05 - 00011722 _____ C:\Users\Maik\Desktop\FRST.txt
2013-12-18 09:04 - 2013-12-18 09:04 - 00000000 ____D C:\FRST
2013-12-18 09:03 - 2013-12-18 09:03 - 01929376 _____ (Farbar) C:\Users\Maik\Desktop\FRST64.exe
2013-12-18 05:07 - 2013-12-18 05:07 - 00000000 _____ C:\Recovery.txt
2013-12-18 01:11 - 2013-12-18 01:11 - 449531245 _____ C:\WINDOWS\MEMORY.DMP
2013-12-18 01:11 - 2013-12-18 01:11 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-18 01:03 - 2013-12-18 09:01 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-151516639-3704992375-3126064996-1001
2013-12-18 00:46 - 2013-12-18 00:46 - 00001219 _____ C:\Users\Maik\Desktop\gmer_2.1.19163.bat
2013-12-18 00:35 - 2013-12-18 01:20 - 00001293 _____ C:\Users\Maik\Desktop\gmer.log
2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\Users\Maik\AppData\Roaming\ATI
2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\Users\Maik\AppData\Local\ATI
2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\ProgramData\ATI
2013-12-18 00:30 - 2013-12-18 00:30 - 00377856 _____ C:\Users\Maik\Desktop\gmer_2.1.19163.exe
2013-12-18 00:28 - 2013-12-18 01:28 - 00030826 _____ C:\Users\Public\CAFADEBUG.log
2013-12-17 19:31 - 2013-12-17 19:31 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Intel Corporation
2013-12-17 19:30 - 2013-12-17 19:30 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Lenovo
2013-12-17 19:29 - 2013-12-17 19:29 - 00001449 _____ C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-17 19:29 - 2013-12-17 19:29 - 00000139 _____ C:\Users\Public\Desktop\eBay.url
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Adobe
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\ProgramData\eBay
2013-12-17 19:28 - 2013-12-17 19:30 - 00001133 _____ C:\Users\Maik\Desktop\Cyberlink Power2Go.lnk
2013-12-17 19:28 - 2013-12-17 19:29 - 00000000 ____D C:\Users\Maik\AppData\Local\Packages
2013-12-17 19:28 - 2013-12-17 19:28 - 00000020 ___SH C:\Users\Maik\ntuser.ini
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Vorlagen
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Startmenü
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Netzwerkumgebung
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Lokale Einstellungen
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Eigene Dateien
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Druckumgebung
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Documents\Eigene Musik
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Documents\Eigene Bilder
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Local\Verlauf
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Local\Anwendungsdaten
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Anwendungsdaten
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Intel
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Local\VirtualStore
2013-12-17 19:28 - 2013-10-27 05:21 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-17 19:28 - 2013-10-27 05:18 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-17 19:28 - 2013-10-26 20:10 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2013-12-17 19:28 - 2013-10-26 20:09 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Macromedia
2013-12-17 19:28 - 2013-02-04 07:18 - 00000189 _____ C:\Users\Maik\Desktop\Lenovo Telephony Start Now.url
2013-12-17 19:28 - 2012-07-26 09:13 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-17 19:28 - 2012-07-26 09:13 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-17 19:27 - 2013-12-17 19:29 - 00000000 ____D C:\Users\Maik
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Programme
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Dokumente und Einstellungen

==================== One Month Modified Files and Folders =======

2013-12-18 09:05 - 2013-12-18 09:05 - 00011722 _____ C:\Users\Maik\Desktop\FRST.txt
2013-12-18 09:05 - 2013-10-26 19:27 - 01129648 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-18 09:04 - 2013-12-18 09:04 - 00000000 ____D C:\FRST
2013-12-18 09:03 - 2013-12-18 09:03 - 01929376 _____ (Farbar) C:\Users\Maik\Desktop\FRST64.exe
2013-12-18 09:01 - 2013-12-18 01:03 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-151516639-3704992375-3126064996-1001
2013-12-18 09:01 - 2013-10-27 05:12 - 00754172 _____ C:\WINDOWS\system32\perfh007.dat
2013-12-18 09:01 - 2013-10-27 05:12 - 00156362 _____ C:\WINDOWS\system32\perfc007.dat
2013-12-18 09:01 - 2013-10-26 20:15 - 00001839 _____ C:\Users\Public\Desktop\McAfee Internet Security.lnk
2013-12-18 09:01 - 2012-07-26 08:28 - 01748838 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-18 09:00 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-18 09:00 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-12-18 05:07 - 2013-12-18 05:07 - 00000000 _____ C:\Recovery.txt
2013-12-18 05:07 - 2012-07-26 09:13 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2013-12-18 01:33 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-18 01:28 - 2013-12-18 00:28 - 00030826 _____ C:\Users\Public\CAFADEBUG.log
2013-12-18 01:20 - 2013-12-18 00:35 - 00001293 _____ C:\Users\Maik\Desktop\gmer.log
2013-12-18 01:15 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-12-18 01:11 - 2013-12-18 01:11 - 449531245 _____ C:\WINDOWS\MEMORY.DMP
2013-12-18 01:11 - 2013-12-18 01:11 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-18 00:46 - 2013-12-18 00:46 - 00001219 _____ C:\Users\Maik\Desktop\gmer_2.1.19163.bat
2013-12-18 00:43 - 2013-10-26 20:14 - 00000000 ____D C:\ProgramData\McAfee
2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\Users\Maik\AppData\Roaming\ATI
2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\Users\Maik\AppData\Local\ATI
2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\ProgramData\ATI
2013-12-18 00:30 - 2013-12-18 00:30 - 00377856 _____ C:\Users\Maik\Desktop\gmer_2.1.19163.exe
2013-12-18 00:27 - 2013-10-26 20:14 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-17 19:31 - 2013-12-17 19:31 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Intel Corporation
2013-12-17 19:30 - 2013-12-17 19:30 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Lenovo
2013-12-17 19:30 - 2013-12-17 19:28 - 00001133 _____ C:\Users\Maik\Desktop\Cyberlink Power2Go.lnk
2013-12-17 19:29 - 2013-12-17 19:29 - 00001449 _____ C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-17 19:29 - 2013-12-17 19:29 - 00000139 _____ C:\Users\Public\Desktop\eBay.url
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Adobe
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\ProgramData\eBay
2013-12-17 19:29 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Local\Packages
2013-12-17 19:29 - 2013-12-17 19:27 - 00000000 ____D C:\Users\Maik
2013-12-17 19:29 - 2013-10-27 06:26 - 00094019 _____ C:\WINDOWS\modules.log
2013-12-17 19:28 - 2013-12-17 19:28 - 00000020 ___SH C:\Users\Maik\ntuser.ini
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Vorlagen
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Startmenü
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Netzwerkumgebung
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Lokale Einstellungen
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Eigene Dateien
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Druckumgebung
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Documents\Eigene Musik
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Documents\Eigene Bilder
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Local\Verlauf
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Local\Anwendungsdaten
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Anwendungsdaten
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Intel
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Local\VirtualStore
2013-12-17 19:28 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2013-12-17 19:28 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-17 19:10 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\rescache
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Programme
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-12-17 19:08 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows NT
2013-12-17 19:08 - 2012-07-26 06:37 - 00000000 ___HD C:\Users\Default
2013-12-17 19:07 - 2013-03-25 22:02 - 00004616 _____ C:\WINDOWS\PFRO.log

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-03-25 22:02

==================== End Of Log ============================

--- --- ---

--- --- ---

und weil ich mir nicht sicher war ob beide datensäzte reinpassen

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-12-2013 02
Ran by Maik at 2013-12-18 09:05:46
Running from C:\Users\Maik\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee  Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee  Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee  Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.4.0.2710)
AMD Accelerated Video Transcoding (Version: 12.10.100.30425)
AMD APP SDK Runtime (Version: 10.0.1124.2)
AMD Catalyst Install Manager (Version: 8.0.911.0)
Benutzerhandbuch (x32 Version: 1.0.0.15)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2013.0425.225.2413)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0425.225.2413)
Catalyst Control Center InstallProxy (x32 Version: 2013.0425.225.2413)
Catalyst Control Center Localization All (x32 Version: 2013.0425.225.2413)
Catalyst Control Center Profiles Mobile (x32 Version: 2013.0425.225.2413)
CCC Help Chinese Standard (x32 Version: 2013.0425.0224.2413)
CCC Help Chinese Traditional (x32 Version: 2013.0425.0224.2413)
CCC Help Czech (x32 Version: 2013.0425.0224.2413)
CCC Help Danish (x32 Version: 2013.0425.0224.2413)
CCC Help Dutch (x32 Version: 2013.0425.0224.2413)
CCC Help English (x32 Version: 2013.0425.0224.2413)
CCC Help Finnish (x32 Version: 2013.0425.0224.2413)
CCC Help French (x32 Version: 2013.0425.0224.2413)
CCC Help German (x32 Version: 2013.0425.0224.2413)
CCC Help Greek (x32 Version: 2013.0425.0224.2413)
CCC Help Hungarian (x32 Version: 2013.0425.0224.2413)
CCC Help Italian (x32 Version: 2013.0425.0224.2413)
CCC Help Japanese (x32 Version: 2013.0425.0224.2413)
CCC Help Korean (x32 Version: 2013.0425.0224.2413)
CCC Help Norwegian (x32 Version: 2013.0425.0224.2413)
CCC Help Polish (x32 Version: 2013.0425.0224.2413)
CCC Help Portuguese (x32 Version: 2013.0425.0224.2413)
CCC Help Russian (x32 Version: 2013.0425.0224.2413)
CCC Help Spanish (x32 Version: 2013.0425.0224.2413)
CCC Help Swedish (x32 Version: 2013.0425.0224.2413)
CCC Help Thai (x32 Version: 2013.0425.0224.2413)
CCC Help Turkish (x32 Version: 2013.0425.0224.2413)
ccc-utility64 (Version: 2013.0425.225.2413)
Conexant HD Audio (Version: 8.64.49.0)
Dolby Advanced Audio v2 (x32 Version: 7.2.8000.17)
Energy Management (x32 Version: 8.0.2.11)
Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1281)
Intel(R) Processor Graphics (x32 Version: 9.17.10.3114)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.8.0.0548)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1327.1) (Version: 3.1.1307.0362)
Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.08.0000.0249)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® PROSet/Wireless Software (x32 Version: 15.8.0)
Intel® PROSet/Wireless WiFi Software (Version: 15.08.0000.0172)
Intel® Trusted Connect Service Client (Version: 1.24.738.1)
Lenovo EasyCamera (x32 Version: 6.2.9200.10230)
Lenovo OneKey Recovery (Version: 8.0.0.1219)
Lenovo OneKey Recovery (x32 Version: 8.0.0.1219)
Lenovo Photos (x32 Version: 4.8.5)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52)
Lenovo Solution Center (Version: 2.1.002.00)
Lenovo VeriFace (Version: 5.0.13.5261)
Lenovo YouCam (x32 Version: 4.1.3423)
McAfee Internet Security (x32 Version: 11.6.385)
Microsoft Office (x32 Version: 15.0.4454.1510)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Nitro Pro 8 (Version: 8.0.10.7)
OEM Application Profile (x32 Version: 1.00.0000)
Power2Go (x32 Version: 5.6.0.9109)
PowerXpressHybrid (x32 Version: 1.00.0000)
PX Profile Update (x32 Version: 1.00.1.)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.16)
Realtek USB Card Reader (x32 Version: 6.2.9200.39041)
Shared C Run-time for x64 (Version: 10.0.0)
SugarSync Manager (x32 Version: 1.9.61.90905)
Synaptics Pointing Device Driver (Version: 16.5.2.0)
UserGuide (x32 Version: 1.0.0.15)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0143E0BF-4DA1-494A-B71E-1A4F3492BAFF} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {154ED6CB-7411-41C5-891E-2E7BA5147FA3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-15] ()
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2746672A-A0EA-4750-8234-82A33ADE417D} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {4A1AF8D0-7E91-4A44-8D4A-7066DEEBE1C0} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-15] (Lenovo)
Task: {5023BBAC-10DF-4455-B6AE-795CE7E80654} - System32\Tasks\Microsoft\WINRE\WinRE-Repair => C:\Windows\System32\ReAgentc.exe [2012-10-24] (Microsoft Corporation)
Task: {68D76E1D-DF05-41E8-A315-B533C2C6E729} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-15] (Lenovo)
Task: {8842C160-0BA9-4367-9104-14EF08E35D6E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-15] (Lenovo)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D876E4E8-A921-43F0-8D07-AED326D30736} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-15] (Lenovo)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup

==================== Loaded Modules (whitelisted) =============

2013-04-26 07:25 - 2013-04-18 00:59 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-26 19:41 - 2012-07-18 05:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/18/2013 00:28:41 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 15.8.0.0, Zeitstempel: 0x51709701
Name des fehlerhaften Moduls: MurocApi.dll, Version: 15.8.0.0, Zeitstempel: 0x5170961c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000026990
ID des fehlerhaften Prozesses: 0x74c
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5


System errors:
=============
Error: (12/18/2013 01:33:13 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎18.‎12.‎2013 um 01:11:26 unerwartet heruntergefahren.

Error: (12/18/2013 01:11:29 AM) (Source: BugCheck) (User: )
Description: 0x00000109 (0xa3a039d89cf1a4e8, 0xb3b7465eef7151a4, 0xfffff803ad712080, 0x0000000000000002)C:\WINDOWS\MEMORY.DMP

Error: (12/18/2013 01:11:29 AM) (Source: BugCheck) (User: )
Description: 

Error: (12/18/2013 01:11:26 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎18.‎12.‎2013 um 00:52:05 unerwartet heruntergefahren.

Error: (12/18/2013 00:29:03 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/18/2013 00:27:05 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎17.‎12.‎2013 um 19:26:35 unerwartet heruntergefahren.

Error: (12/18/2013 00:26:38 AM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT-AUTORITÄT)
Description: 32212256841119104

Error: (12/17/2013 07:31:49 PM) (Source: DCOM) (User: Maik-Pc)
Description: Microsoft.WindowsLive.Platform.Service.RemoteProcess

Error: (12/17/2013 07:07:22 PM) (Source: volmgr) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.


Microsoft Office Sessions:
=========================
Error: (12/18/2013 00:28:41 AM) (Source: Application Error)(User: )
Description: ZeroConfigService.exe15.8.0.051709701MurocApi.dll15.8.0.05170961cc0000005000000000002699074c01cefb7f98aa31c5C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dllf63832a4-6772-11e3-be76-0cd2927a2db1


==================== Memory info =========================== 

Percentage of memory in use: 29%
Total physical RAM: 3993.77 MB
Available physical RAM: 2804.06 MB
Total Pagefile: 8089.77 MB
Available Pagefile: 6477.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:891.91 GB) (Free:862.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 0F2F7574)

Partition: GPT Partition Type
==================== End Of Log ============================

schrauber · 19.12.2013, 09:55

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

saput · 19.12.2013, 11:53

mal wieder danke für die schnelle antwort
hie der combofix log

Code:

ATTFilter

ComboFix 13-12-18.01 - Maik 19.12.2013  11:41:09.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.3994.2884 [GMT 1:00]
ausgeführt von:: c:\users\Maik\Desktop\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee  Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\programdata\Roaming
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-19 bis 2013-12-19  ))))))))))))))))))))))))))))))
.
.
2013-12-19 10:45 . 2013-12-19 10:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-12-18 09:52 . 2013-12-18 09:52	--------	d-----w-	c:\windows\ServiceProfiles\LocalService\winhttp
2013-12-18 08:04 . 2013-12-18 08:04	--------	d-----w-	C:\FRST
2013-12-17 23:33 . 2013-12-17 23:33	--------	d-----w-	c:\programdata\ATI
2013-12-17 18:29 . 2013-12-17 18:29	--------	d-----w-	c:\programdata\eBay
2013-12-17 18:27 . 2013-12-17 18:29	--------	d-----w-	c:\users\Maik
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-17 23:42 . 2012-07-26 08:13	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-10-27 04:21 . 2013-10-27 04:21	1257472	----a-w-	c:\windows\system32\kernel32.dll
2013-10-27 04:21 . 2013-10-27 04:21	1300992	----a-w-	c:\windows\system32\gdi32.dll
2013-10-27 04:21 . 2013-10-27 04:21	1022464	----a-w-	c:\windows\SysWow64\gdi32.dll
2013-10-27 04:21 . 2013-10-27 04:21	888320	----a-w-	c:\windows\system32\autochk.exe
2013-10-27 04:21 . 2013-10-27 04:21	793088	----a-w-	c:\windows\SysWow64\autochk.exe
2013-10-27 04:21 . 2013-10-27 04:21	542208	----a-w-	c:\windows\system32\untfs.dll
2013-10-27 04:21 . 2013-10-27 04:21	482816	----a-w-	c:\windows\SysWow64\untfs.dll
2013-10-27 04:21 . 2012-07-26 08:14	78200	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-27 04:21 . 2012-07-26 08:14	693112	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-27 04:21 . 2013-10-27 04:21	411880	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-10-27 04:21 . 2013-10-27 04:21	2233600	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-10-27 04:20 . 2013-10-27 04:20	98304	----a-w-	c:\windows\system32\wudriver.dll
2013-10-27 04:20 . 2013-10-27 04:20	93696	----a-w-	c:\windows\system32\psmsrv.dll
2013-10-27 04:20 . 2013-10-27 04:20	92160	----a-w-	c:\windows\SysWow64\biwinrt.dll
2013-10-27 04:20 . 2013-10-27 04:20	8857088	----a-w-	c:\windows\SysWow64\twinui.dll
2013-10-27 04:20 . 2013-10-27 04:20	83968	----a-w-	c:\windows\SysWow64\wudriver.dll
2013-10-27 04:20 . 2013-10-27 04:20	83968	----a-w-	c:\windows\system32\drivers\hidclass.sys
2013-10-27 04:20 . 2013-10-27 04:20	812544	----a-w-	c:\windows\system32\Magnify.exe
2013-10-27 04:20 . 2013-10-27 04:20	77824	----a-w-	c:\windows\system32\taskhost.exe
2013-10-27 04:20 . 2013-10-27 04:20	760320	----a-w-	c:\windows\system32\wuapi.dll
2013-10-27 04:20 . 2013-10-27 04:20	758784	----a-w-	c:\windows\SysWow64\Magnify.exe
2013-10-27 04:20 . 2013-10-27 04:20	754176	----a-w-	c:\windows\SysWow64\actxprxy.dll
2013-10-27 04:20 . 2013-10-27 04:20	72192	----a-w-	c:\windows\system32\taskhostex.exe
2013-10-27 04:20 . 2013-10-27 04:20	708096	----a-w-	c:\windows\system32\AppXDeploymentExtensions.dll
2013-10-27 04:20 . 2013-10-27 04:20	69864	----a-w-	c:\windows\system32\drivers\pdc.sys
2013-10-27 04:20 . 2013-10-27 04:20	621056	----a-w-	c:\windows\SysWow64\wuapi.dll
2013-10-27 04:20 . 2013-10-27 04:20	58312	----a-w-	c:\windows\system32\wuauclt.exe
2013-10-27 04:20 . 2013-10-27 04:20	560640	----a-w-	c:\windows\system32\mfmp4srcsnk.dll
2013-10-27 04:20 . 2013-10-27 04:20	501760	----a-w-	c:\windows\system32\DevicePairing.dll
2013-10-27 04:20 . 2013-10-27 04:20	470528	----a-w-	c:\windows\system32\netprofmsvc.dll
2013-10-27 04:20 . 2013-10-27 04:20	449536	----a-w-	c:\windows\SysWow64\DevicePairing.dll
2013-10-27 04:20 . 2013-10-27 04:20	446720	----a-w-	c:\windows\system32\drivers\USBHUB3.SYS
2013-10-27 04:20 . 2013-10-27 04:20	43520	----a-w-	c:\windows\system32\wups.dll
2013-10-27 04:20 . 2013-10-27 04:20	427520	----a-w-	c:\windows\system32\drivers\rdbss.sys
2013-10-27 04:20 . 2013-10-27 04:20	419840	----a-w-	c:\windows\system32\intl.cpl
2013-10-27 04:20 . 2013-10-27 04:20	411136	----a-w-	c:\windows\SysWow64\mfmp4srcsnk.dll
2013-10-27 04:20 . 2013-10-27 04:20	39424	----a-w-	c:\windows\system32\wuapp.exe
2013-10-27 04:20 . 2013-10-27 04:20	389632	----a-w-	c:\windows\SysWow64\intl.cpl
2013-10-27 04:20 . 2013-10-27 04:20	389120	----a-w-	c:\windows\system32\BCP47Langs.dll
2013-10-27 04:20 . 2013-10-27 04:20	34304	----a-w-	c:\windows\SysWow64\wuapp.exe
2013-10-27 04:20 . 2013-10-27 04:20	337128	----a-w-	c:\windows\system32\drivers\USBXHCI.SYS
2013-10-27 04:20 . 2013-10-27 04:20	330240	----a-w-	c:\windows\system32\stobject.dll
2013-10-27 04:20 . 2013-10-27 04:20	328192	----a-w-	c:\windows\system32\ubpm.dll
2013-10-27 04:20 . 2013-10-27 04:20	3241472	----a-w-	c:\windows\system32\wuaueng.dll
2013-10-27 04:20 . 2013-10-27 04:20	309760	----a-w-	c:\windows\SysWow64\BCP47Langs.dll
2013-10-27 04:20 . 2013-10-27 04:20	303616	----a-w-	c:\windows\SysWow64\stobject.dll
2013-10-27 04:20 . 2013-10-27 04:20	284416	----a-w-	c:\windows\system32\drivers\spaceport.sys
2013-10-27 04:20 . 2013-10-27 04:20	27648	----a-w-	c:\windows\system32\drivers\hidusb.sys
2013-10-27 04:20 . 2013-10-27 04:20	251904	----a-w-	c:\windows\system32\WUSettingsProvider.dll
2013-10-27 04:20 . 2013-10-27 04:20	247296	----a-w-	c:\windows\SysWow64\ubpm.dll
2013-10-27 04:20 . 2013-10-27 04:20	2305024	----a-w-	c:\windows\system32\authui.dll
2013-10-27 04:20 . 2013-10-27 04:20	2146304	----a-w-	c:\windows\system32\actxprxy.dll
2013-10-27 04:20 . 2013-10-27 04:20	213248	----a-w-	c:\windows\system32\drivers\UCX01000.SYS
2013-10-27 04:20 . 2013-10-27 04:20	2035712	----a-w-	c:\windows\SysWow64\authui.dll
2013-10-27 04:20 . 2013-10-27 04:20	18432	----a-w-	c:\windows\SysWow64\npmproxy.dll
2013-10-27 04:20 . 2013-10-27 04:20	179712	----a-w-	c:\windows\system32\bisrv.dll
2013-10-27 04:20 . 2013-10-27 04:20	17408	----a-w-	c:\windows\system32\muifontsetup.dll
2013-10-27 04:20 . 2013-10-27 04:20	173568	----a-w-	c:\windows\system32\storewuauth.dll
2013-10-27 04:20 . 2013-10-27 04:20	169984	----a-w-	c:\windows\system32\netplwiz.dll
2013-10-27 04:20 . 2013-10-27 04:20	1619968	----a-w-	c:\windows\system32\wucltux.dll
2013-10-27 04:20 . 2013-10-27 04:20	15872	----a-w-	c:\windows\SysWow64\nlmproxy.dll
2013-10-27 04:20 . 2013-10-27 04:20	151552	----a-w-	c:\windows\system32\netprofm.dll
2013-10-27 04:20 . 2013-10-27 04:20	151040	----a-w-	c:\windows\SysWow64\netplwiz.dll
2013-10-27 04:20 . 2013-10-27 04:20	14848	----a-w-	c:\windows\SysWow64\rars.rs
2013-10-27 04:20 . 2013-10-27 04:20	14848	----a-w-	c:\windows\system32\rars.rs
2013-10-27 04:20 . 2013-10-27 04:20	1483776	----a-w-	c:\windows\system32\VSSVC.exe
2013-10-27 04:20 . 2013-10-27 04:20	14336	----a-w-	c:\windows\SysWow64\muifontsetup.dll
2013-10-27 04:20 . 2013-10-27 04:20	141824	----a-w-	c:\windows\system32\wuwebv.dll
2013-10-27 04:20 . 2013-10-27 04:20	13644288	----a-w-	c:\windows\system32\Windows.UI.Xaml.dll
2013-10-27 04:20 . 2013-10-27 04:20	1332736	----a-w-	c:\windows\system32\sysmain.dll
2013-10-27 04:20 . 2013-10-27 04:20	125952	----a-w-	c:\windows\SysWow64\wuwebv.dll
2013-10-27 04:20 . 2013-10-27 04:20	12288	----a-w-	c:\windows\SysWow64\nlmsprep.dll
2013-10-27 04:20 . 2013-10-27 04:20	122368	----a-w-	c:\windows\system32\biwinrt.dll
2013-10-27 04:20 . 2013-10-27 04:20	120736	----a-w-	c:\windows\system32\AuthHost.exe
2013-10-27 04:20 . 2013-10-27 04:20	115712	----a-w-	c:\windows\SysWow64\netprofm.dll
2013-10-27 04:20 . 2013-10-27 04:20	1131520	----a-w-	c:\windows\system32\AppXDeploymentServer.dll
2013-10-27 04:20 . 2013-10-27 04:20	10788864	----a-w-	c:\windows\SysWow64\Windows.UI.Xaml.dll
2013-10-27 04:20 . 2013-10-27 04:20	10116096	----a-w-	c:\windows\system32\twinui.dll
2013-10-27 04:20 . 2013-10-27 04:20	733184	----a-w-	c:\windows\system32\win32spl.dll
2013-10-27 04:20 . 2013-10-27 04:20	1455368	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-10-27 04:19 . 2013-10-27 04:19	861184	----a-w-	c:\windows\system32\drivers\http.sys
2013-10-27 04:19 . 2013-10-27 04:19	148480	----a-w-	c:\windows\system32\poqexec.exe
2013-10-27 04:19 . 2013-10-27 04:19	144384	----a-w-	c:\windows\system32\tssdisai.dll
2013-10-27 04:19 . 2013-10-27 04:19	135680	----a-w-	c:\windows\system32\appserverai.dll
2013-10-27 04:19 . 2013-10-27 04:19	132608	----a-w-	c:\windows\SysWow64\poqexec.exe
2013-10-27 04:19 . 2013-10-27 04:19	126976	----a-w-	c:\windows\system32\RDWebAI.dll
2013-10-27 04:19 . 2013-10-27 04:19	122880	----a-w-	c:\windows\system32\VmHostAI.dll
2013-10-27 04:19 . 2013-10-27 04:19	444416	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-10-27 04:19 . 2013-10-27 04:19	39936	----a-w-	c:\windows\apppatch\apppatch64\acspecfc.dll
2013-10-27 04:19 . 2013-10-27 04:19	83688	----a-w-	c:\windows\system32\mcupdate_AuthenticAMD.dll
2013-10-27 04:19 . 2013-10-27 04:19	68096	----a-w-	c:\windows\system32\cryptsvc.dll
2013-10-27 04:19 . 2013-10-27 04:19	1889280	----a-w-	c:\windows\system32\crypt32.dll
2013-10-27 04:19 . 2013-10-27 04:19	1569792	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-10-27 04:19 . 2013-10-27 04:19	141312	----a-w-	c:\windows\system32\cryptnet.dll
2013-10-27 04:19 . 2013-10-27 04:19	1255936	----a-w-	c:\windows\system32\certutil.exe
2013-10-27 04:19 . 2013-10-27 04:19	109056	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-10-27 04:19 . 2013-10-27 04:19	1013248	----a-w-	c:\windows\SysWow64\certutil.exe
2013-10-27 04:19 . 2013-10-27 04:19	1690624	----a-w-	c:\windows\system32\GdiPlus.dll
2013-10-27 04:19 . 2013-10-27 04:19	1437184	----a-w-	c:\windows\SysWow64\GdiPlus.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-25 642816]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2012-10-30 168464]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-18 217088]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-06-21 1527896]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;c:\program files (x86)\Intel\Bluetooth\ibtrksrv.exe;c:\program files (x86)\Intel\Bluetooth\ibtrksrv.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
S2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VeriFaceSrv;VeriFaceSrv;c:\program files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe;c:\program files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]
S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed - Virtueller Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 NETwNe64;@oem12.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 8 64-Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-04-24 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-04-24 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-04-24 442352]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2013-02-04 899680]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2013-03-05 1647616]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2013-05-21 7830328]
"RtsFT"="RTFTrack.exe" [2013-04-24 6339656]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2013-10-26 17097200]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2013-10-26 193008]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-12-19  11:46:36
ComboFix-quarantined-files.txt  2013-12-19 10:46
.
Vor Suchlauf: 6 Verzeichnis(se), 922.482.978.816 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 922.339.164.160 Bytes frei
.
- - End Of File - - 74EB0CDCBFA957A7CE2108F4C88502AA
5FB38429D5D77768867C76DCBDB35194

schrauber · 20.12.2013, 09:14

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

saput · 20.12.2013, 10:53

hier der mwb log (2 Elemente entfernt)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.20.03

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16599
Maik :: MAIK-PC [Administrator]

20.12.2013 09:24:55
mbam-log-2013-12-20 (09-24-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 413251
Laufzeit: 54 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Photos (Trojan.Dropped.NS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\Lenovo DE\Lenovo Photos\uninstall.exe (Trojan.Dropped.NS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

awdcleaner hat nichts gefunden
hier der log

Code:

ATTFilter

# AdwCleaner v3.015 - Bericht erstellt am 20/12/2013 um 10:36:42
# Updated 10/12/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Maik - MAIK-PC
# Gestartet von : C:\Users\Maik\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


*************************

AdwCleaner[R0].txt - [635 octets] - [20/12/2013 10:31:10]
AdwCleaner[R1].txt - [753 octets] - [20/12/2013 10:35:56]
AdwCleaner[S0].txt - [695 octets] - [20/12/2013 10:32:00]
AdwCleaner[S1].txt - [675 octets] - [20/12/2013 10:36:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [734 octets] ##########

jrt log

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Maik on 20.12.2013 at 10:40:39,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.12.2013 at 10:45:52,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

frst log

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-12-2013 02
Ran by Maik (administrator) on MAIK-PC on 20-12-2013 10:49:08
Running from C:\Users\Maik\Desktop\rootkit tools\frst
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\core\mchost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-05] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] - C:\Windows\RTFTrack.exe [6339656 2013-04-24] (Realtek semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3050736 2013-04-04] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-10-26] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [193008 2013-10-26] (Lenovo(beijing) Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1527896 2012-06-21] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-15] (Lenovo)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-15] (Lenovo)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKLM - {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKLM-x32 - {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKCU - DefaultScope {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = 
SearchScopes: HKCU - {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = 
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

==================== Services (Whitelisted) =================

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-02] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-05-22] (McAfee, Inc.)
R2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-06-22] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-06-22] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [177144 2012-06-22] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-10-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385272 2013-04-23] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 MEMSWEEP2; C:\WINDOWS\system32\136A.tmp [6144 2009-06-18] (Sophos Plc)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [66712 2012-06-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3341792 2013-04-25] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243144 2013-04-24] (Realtek Semiconductor Corp.)
S1 SAVRKBootTasks; C:\WINDOWS\SysWow64\SAVRKBootTasks.sys [18816 2009-06-18] (Sophos Plc)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-04] (Synaptics Incorporated)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-20 10:45 - 2013-12-20 10:45 - 00000611 _____ C:\Users\Maik\Desktop\JRT.txt
2013-12-20 10:40 - 2013-12-20 10:40 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-20 10:30 - 2013-12-20 10:30 - 01226750 _____ C:\Users\Maik\Desktop\adwcleaner.exe
2013-12-20 09:23 - 2013-12-20 09:23 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Malwarebytes
2013-12-20 09:22 - 2013-12-20 10:36 - 00000000 ____D C:\AdwCleaner
2013-12-20 09:22 - 2013-12-20 09:23 - 01034531 _____ (Thisisu) C:\Users\Maik\Desktop\JRT.exe
2013-12-20 09:20 - 2013-12-20 09:20 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-20 09:20 - 2013-12-20 09:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-20 09:20 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-20 09:18 - 2013-12-20 09:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Maik\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-19 17:21 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\Documents\Youcam
2013-12-19 17:21 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\Documents\Avatar
2013-12-19 17:21 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\AppData\Roaming\CyberLink
2013-12-19 17:21 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\AppData\Local\CyberLink
2013-12-19 17:11 - 2009-06-18 12:55 - 00018816 ____N (Sophos Plc) C:\WINDOWS\SysWOW64\SAVRKBootTasks.sys
2013-12-19 16:58 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\WINDOWS\system32\136A.tmp
2013-12-19 16:56 - 2013-12-19 16:56 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-12-19 16:56 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\WINDOWS\system32\B976.tmp
2013-12-19 16:44 - 2013-12-19 16:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-19 16:43 - 2013-12-19 16:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-19 16:43 - 2013-12-19 16:43 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-19 11:46 - 2013-12-19 11:46 - 00022255 _____ C:\ComboFix.txt
2013-12-19 11:40 - 2013-12-19 11:46 - 00000000 ____D C:\Qoobox
2013-12-19 11:40 - 2013-12-19 11:45 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-19 11:40 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-12-19 11:40 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-12-19 11:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-12-19 11:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-12-19 11:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-12-19 11:40 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-12-19 11:40 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-12-19 11:40 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-12-19 11:40 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-12-19 11:39 - 2013-12-19 11:39 - 05154906 ____R (Swearware) C:\Users\Maik\Desktop\ComboFix.exe
2013-12-18 13:19 - 2013-12-18 13:19 - 00007604 _____ C:\Users\Maik\AppData\Local\Resmon.ResmonCfg
2013-12-18 13:07 - 2013-12-18 13:08 - 00000000 ____D C:\Users\Maik\AppData\Local\LSC
2013-12-18 13:07 - 2013-12-18 13:07 - 00000000 ____D C:\Users\Maik\AppData\Roaming\LSC
2013-12-18 13:07 - 2013-12-18 13:07 - 00000000 ____D C:\Users\Maik\AppData\Local\Adobe
2013-12-18 09:12 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\Desktop\rootkit tools
2013-12-18 09:04 - 2013-12-18 09:04 - 00000000 ____D C:\FRST
2013-12-18 05:07 - 2013-12-18 05:07 - 00000000 _____ C:\Recovery.txt
2013-12-18 01:11 - 2013-12-18 01:11 - 449531245 _____ C:\WINDOWS\MEMORY.DMP
2013-12-18 01:11 - 2013-12-18 01:11 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-18 01:03 - 2013-12-20 10:46 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-151516639-3704992375-3126064996-1001
2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\Users\Maik\AppData\Roaming\ATI
2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\Users\Maik\AppData\Local\ATI
2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\ProgramData\ATI
2013-12-18 00:28 - 2013-12-20 10:36 - 00122208 _____ C:\Users\Public\CAFADEBUG.log
2013-12-17 19:31 - 2013-12-17 19:31 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Intel Corporation
2013-12-17 19:30 - 2013-12-17 19:30 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Lenovo
2013-12-17 19:29 - 2013-12-18 13:07 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Adobe
2013-12-17 19:29 - 2013-12-17 19:29 - 00001449 _____ C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-17 19:29 - 2013-12-17 19:29 - 00000139 _____ C:\Users\Public\Desktop\eBay.url
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\ProgramData\eBay
2013-12-17 19:28 - 2013-12-17 19:30 - 00001133 _____ C:\Users\Maik\Desktop\Cyberlink Power2Go.lnk
2013-12-17 19:28 - 2013-12-17 19:29 - 00000000 ____D C:\Users\Maik\AppData\Local\Packages
2013-12-17 19:28 - 2013-12-17 19:28 - 00000020 ___SH C:\Users\Maik\ntuser.ini
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Vorlagen
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Startmenü
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Netzwerkumgebung
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Lokale Einstellungen
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Eigene Dateien
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Druckumgebung
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Documents\Eigene Musik
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Documents\Eigene Bilder
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Local\Verlauf
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Local\Anwendungsdaten
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Anwendungsdaten
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Intel
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Local\VirtualStore
2013-12-17 19:28 - 2013-10-27 05:21 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-12-17 19:28 - 2013-10-27 05:18 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-17 19:28 - 2013-10-26 20:10 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2013-12-17 19:28 - 2013-10-26 20:09 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Macromedia
2013-12-17 19:28 - 2013-02-04 07:18 - 00000189 _____ C:\Users\Maik\Desktop\Lenovo Telephony Start Now.url
2013-12-17 19:28 - 2012-07-26 09:13 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-17 19:28 - 2012-07-26 09:13 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-17 19:27 - 2013-12-17 19:29 - 00000000 ____D C:\Users\Maik
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Programme
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Dokumente und Einstellungen

==================== One Month Modified Files and Folders =======

2013-12-20 10:47 - 2013-10-26 19:27 - 01739550 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-20 10:46 - 2013-12-18 01:03 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-151516639-3704992375-3126064996-1001
2013-12-20 10:45 - 2013-12-20 10:45 - 00000611 _____ C:\Users\Maik\Desktop\JRT.txt
2013-12-20 10:43 - 2013-10-27 05:12 - 00754172 _____ C:\WINDOWS\system32\perfh007.dat
2013-12-20 10:43 - 2013-10-27 05:12 - 00156362 _____ C:\WINDOWS\system32\perfc007.dat
2013-12-20 10:43 - 2012-07-26 08:28 - 01748838 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-20 10:42 - 2013-10-26 20:15 - 00001839 _____ C:\Users\Public\Desktop\McAfee Internet Security.lnk
2013-12-20 10:40 - 2013-12-20 10:40 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-20 10:40 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-12-20 10:37 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-20 10:36 - 2013-12-20 09:22 - 00000000 ____D C:\AdwCleaner
2013-12-20 10:36 - 2013-12-18 00:28 - 00122208 _____ C:\Users\Public\CAFADEBUG.log
2013-12-20 10:36 - 2013-10-26 20:15 - 00002560 _____ C:\WINDOWS\system32\VfService.trf
2013-12-20 10:30 - 2013-12-20 10:30 - 01226750 _____ C:\Users\Maik\Desktop\adwcleaner.exe
2013-12-20 10:25 - 2013-03-25 22:02 - 00005542 _____ C:\WINDOWS\PFRO.log
2013-12-20 10:00 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-20 09:23 - 2013-12-20 09:23 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Malwarebytes
2013-12-20 09:23 - 2013-12-20 09:22 - 01034531 _____ (Thisisu) C:\Users\Maik\Desktop\JRT.exe
2013-12-20 09:20 - 2013-12-20 09:20 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-20 09:20 - 2013-12-20 09:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-20 09:20 - 2013-12-20 09:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Maik\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-19 17:21 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\Documents\Youcam
2013-12-19 17:21 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\Documents\Avatar
2013-12-19 17:21 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\AppData\Roaming\CyberLink
2013-12-19 17:21 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\AppData\Local\CyberLink
2013-12-19 17:21 - 2013-12-18 09:12 - 00000000 ____D C:\Users\Maik\Desktop\rootkit tools
2013-12-19 17:21 - 2013-10-26 20:07 - 00000000 ____D C:\ProgramData\CyberLink
2013-12-19 16:56 - 2013-12-19 16:56 - 00000000 ____D C:\Program Files (x86)\Sophos
2013-12-19 16:45 - 2013-12-19 16:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-19 16:44 - 2013-12-19 16:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-19 16:43 - 2013-12-19 16:43 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-19 11:46 - 2013-12-19 11:46 - 00022255 _____ C:\ComboFix.txt
2013-12-19 11:46 - 2013-12-19 11:40 - 00000000 ____D C:\Qoobox
2013-12-19 11:46 - 2012-07-26 06:37 - 00000000 ___HD C:\Users\Default
2013-12-19 11:45 - 2013-12-19 11:40 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-19 11:45 - 2012-07-26 06:26 - 00000215 _____ C:\WINDOWS\system.ini
2013-12-19 11:39 - 2013-12-19 11:39 - 05154906 ____R (Swearware) C:\Users\Maik\Desktop\ComboFix.exe
2013-12-18 13:19 - 2013-12-18 13:19 - 00007604 _____ C:\Users\Maik\AppData\Local\Resmon.ResmonCfg
2013-12-18 13:08 - 2013-12-18 13:07 - 00000000 ____D C:\Users\Maik\AppData\Local\LSC
2013-12-18 13:07 - 2013-12-18 13:07 - 00000000 ____D C:\Users\Maik\AppData\Roaming\LSC
2013-12-18 13:07 - 2013-12-18 13:07 - 00000000 ____D C:\Users\Maik\AppData\Local\Adobe
2013-12-18 13:07 - 2013-12-17 19:29 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Adobe
2013-12-18 09:04 - 2013-12-18 09:04 - 00000000 ____D C:\FRST
2013-12-18 05:07 - 2013-12-18 05:07 - 00000000 _____ C:\Recovery.txt
2013-12-18 05:07 - 2012-07-26 09:13 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2013-12-18 01:15 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-12-18 01:11 - 2013-12-18 01:11 - 449531245 _____ C:\WINDOWS\MEMORY.DMP
2013-12-18 01:11 - 2013-12-18 01:11 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-18 00:43 - 2013-10-26 20:14 - 00000000 ____D C:\ProgramData\McAfee
2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\Users\Maik\AppData\Roaming\ATI
2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\Users\Maik\AppData\Local\ATI
2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\ProgramData\ATI
2013-12-18 00:27 - 2013-10-26 20:14 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-12-17 19:31 - 2013-12-17 19:31 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Intel Corporation
2013-12-17 19:30 - 2013-12-17 19:30 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Lenovo
2013-12-17 19:30 - 2013-12-17 19:28 - 00001133 _____ C:\Users\Maik\Desktop\Cyberlink Power2Go.lnk
2013-12-17 19:29 - 2013-12-17 19:29 - 00001449 _____ C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-17 19:29 - 2013-12-17 19:29 - 00000139 _____ C:\Users\Public\Desktop\eBay.url
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\ProgramData\eBay
2013-12-17 19:29 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Local\Packages
2013-12-17 19:29 - 2013-12-17 19:27 - 00000000 ____D C:\Users\Maik
2013-12-17 19:29 - 2013-10-27 06:26 - 00094019 _____ C:\WINDOWS\modules.log
2013-12-17 19:28 - 2013-12-17 19:28 - 00000020 ___SH C:\Users\Maik\ntuser.ini
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Vorlagen
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Startmenü
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Netzwerkumgebung
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Lokale Einstellungen
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Eigene Dateien
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Druckumgebung
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Documents\Eigene Musik
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Documents\Eigene Bilder
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Local\Verlauf
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Local\Anwendungsdaten
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Anwendungsdaten
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Intel
2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Local\VirtualStore
2013-12-17 19:28 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2013-12-17 19:28 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-17 19:10 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\rescache
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Programme
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-12-17 19:08 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows NT

Some content of TEMP:
====================
C:\Users\Maik\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-03-25 22:02

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 21.12.2013, 11:54

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

gmer log bei rootkit

Log-Analyse und Auswertung: gmer log bei rootkit