Trojaner-Board - gmer log bei rootkit

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - gmer log bei rootkit (https://www.trojaner-board.de/146274-gmer-log-rootkit.html)

gmer log bei rootkit

hallo

ich hab ein rootkit Problem, cpu, ram und platte laufen hoch, obwohl ich nichts mache und keine eigenen prozzesse laufen hab
könntet ihr bitte mein log überprüfen
danke im voraus

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-18 01:20:06
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000026 ST1000LM024_HN-M101MBB rev.2AR20002 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Maik\AppData\Local\Temp\kxloypoc.sys

---- Kernel code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\ntoskrnl.exe!KiCpuId + 988 fffff80173a5641c 1 byte [31]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe[1836] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f872b8177a 4 bytes [B8, 72, F8, 07]
.text C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe[1836] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f872b81782 4 bytes [B8, 72, F8, 07]

---- Threads - GMER 2.1 ----

Thread C:\WINDOWS\system32\csrss.exe [648:672] fffff960009a75e8

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

hi, danke für deine schnelle antwort, hier die gewünschten Daten:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-12-2013 02

Ran by Maik (administrator) on MAIK-PC on 18-12-2013 09:05:21

Running from C:\Users\Maik\Desktop

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe

() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe

(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

(Realtek semiconductor) C:\Windows\RTFTrack.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\core\mchost.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)

HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-05] (Conexant Systems, Inc.)

HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [RtsFT] - C:\Windows\RTFTrack.exe [6339656 2013-04-24] (Realtek semiconductor)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3050736 2013-04-04] (Synaptics Incorporated)

HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-10-26] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [193008 2013-10-26] (Lenovo(beijing) Limited)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-25] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1527896 2012-06-21] (McAfee, Inc.)

HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-15] (Lenovo)

HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-15] (Lenovo)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com

SearchScopes: HKLM - DefaultScope {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

SearchScopes: HKLM - {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

SearchScopes: HKLM-x32 - DefaultScope {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

SearchScopes: HKLM-x32 - {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

SearchScopes: HKCU - DefaultScope {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = 

SearchScopes: HKCU - {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = 

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 

==================== Services (Whitelisted) =================
 

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)

R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-02] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)

S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)

R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)

R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)

S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-05-22] (McAfee, Inc.)

R2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-06-22] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-06-22] (McAfee, Inc.)

R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [177144 2012-06-22] (McAfee, Inc.)

R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()

R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)

R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-26] ()

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-10-27] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385272 2013-04-23] (Motorola Solutions, Inc.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)

U3 mfeavfk01; No ImagePath

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [66712 2012-06-18] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3341792 2013-04-25] (Intel Corporation)

R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243144 2013-04-24] (Realtek Semiconductor Corp.)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-04] (Synaptics Incorporated)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

U3 kxloypoc; \??\C:\Users\Maik\AppData\Local\Temp\kxloypoc.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-12-18 09:05 - 2013-12-18 09:05 - 00011722 _____ C:\Users\Maik\Desktop\FRST.txt

2013-12-18 09:04 - 2013-12-18 09:04 - 00000000 ____D C:\FRST

2013-12-18 09:03 - 2013-12-18 09:03 - 01929376 _____ (Farbar) C:\Users\Maik\Desktop\FRST64.exe

2013-12-18 05:07 - 2013-12-18 05:07 - 00000000 _____ C:\Recovery.txt

2013-12-18 01:11 - 2013-12-18 01:11 - 449531245 _____ C:\WINDOWS\MEMORY.DMP

2013-12-18 01:11 - 2013-12-18 01:11 - 00000000 ____D C:\WINDOWS\Minidump

2013-12-18 01:03 - 2013-12-18 09:01 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-151516639-3704992375-3126064996-1001

2013-12-18 00:46 - 2013-12-18 00:46 - 00001219 _____ C:\Users\Maik\Desktop\gmer_2.1.19163.bat

2013-12-18 00:35 - 2013-12-18 01:20 - 00001293 _____ C:\Users\Maik\Desktop\gmer.log

2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\Users\Maik\AppData\Roaming\ATI

2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\Users\Maik\AppData\Local\ATI

2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\ProgramData\ATI

2013-12-18 00:30 - 2013-12-18 00:30 - 00377856 _____ C:\Users\Maik\Desktop\gmer_2.1.19163.exe

2013-12-18 00:28 - 2013-12-18 01:28 - 00030826 _____ C:\Users\Public\CAFADEBUG.log

2013-12-17 19:31 - 2013-12-17 19:31 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Intel Corporation

2013-12-17 19:30 - 2013-12-17 19:30 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Lenovo

2013-12-17 19:29 - 2013-12-17 19:29 - 00001449 _____ C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-12-17 19:29 - 2013-12-17 19:29 - 00000139 _____ C:\Users\Public\Desktop\eBay.url

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Adobe

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\ProgramData\eBay

2013-12-17 19:28 - 2013-12-17 19:30 - 00001133 _____ C:\Users\Maik\Desktop\Cyberlink Power2Go.lnk

2013-12-17 19:28 - 2013-12-17 19:29 - 00000000 ____D C:\Users\Maik\AppData\Local\Packages

2013-12-17 19:28 - 2013-12-17 19:28 - 00000020 ___SH C:\Users\Maik\ntuser.ini

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Vorlagen

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Startmenü

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Netzwerkumgebung

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Lokale Einstellungen

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Eigene Dateien

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Druckumgebung

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Documents\Eigene Musik

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Documents\Eigene Bilder

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Local\Verlauf

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Local\Anwendungsdaten

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Anwendungsdaten

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Intel

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Local\VirtualStore

2013-12-17 19:28 - 2013-10-27 05:21 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2013-12-17 19:28 - 2013-10-27 05:18 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2013-12-17 19:28 - 2013-10-26 20:10 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo

2013-12-17 19:28 - 2013-10-26 20:09 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Macromedia

2013-12-17 19:28 - 2013-02-04 07:18 - 00000189 _____ C:\Users\Maik\Desktop\Lenovo Telephony Start Now.url

2013-12-17 19:28 - 2012-07-26 09:13 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-12-17 19:28 - 2012-07-26 09:13 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-12-17 19:27 - 2013-12-17 19:29 - 00000000 ____D C:\Users\Maik

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Vorlagen

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Startmenü

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Eigene Dateien

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Druckumgebung

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Programme

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Vorlagen

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Startmenü

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Dokumente

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Dokumente und Einstellungen
 

==================== One Month Modified Files and Folders =======
 

2013-12-18 09:05 - 2013-12-18 09:05 - 00011722 _____ C:\Users\Maik\Desktop\FRST.txt

2013-12-18 09:05 - 2013-10-26 19:27 - 01129648 _____ C:\WINDOWS\WindowsUpdate.log

2013-12-18 09:04 - 2013-12-18 09:04 - 00000000 ____D C:\FRST

2013-12-18 09:03 - 2013-12-18 09:03 - 01929376 _____ (Farbar) C:\Users\Maik\Desktop\FRST64.exe

2013-12-18 09:01 - 2013-12-18 01:03 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-151516639-3704992375-3126064996-1001

2013-12-18 09:01 - 2013-10-27 05:12 - 00754172 _____ C:\WINDOWS\system32\perfh007.dat

2013-12-18 09:01 - 2013-10-27 05:12 - 00156362 _____ C:\WINDOWS\system32\perfc007.dat

2013-12-18 09:01 - 2013-10-26 20:15 - 00001839 _____ C:\Users\Public\Desktop\McAfee Internet Security.lnk

2013-12-18 09:01 - 2012-07-26 08:28 - 01748838 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2013-12-18 09:00 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\sru

2013-12-18 09:00 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM

2013-12-18 05:07 - 2013-12-18 05:07 - 00000000 _____ C:\Recovery.txt

2013-12-18 05:07 - 2012-07-26 09:13 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template

2013-12-18 01:33 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-12-18 01:28 - 2013-12-18 00:28 - 00030826 _____ C:\Users\Public\CAFADEBUG.log

2013-12-18 01:20 - 2013-12-18 00:35 - 00001293 _____ C:\Users\Maik\Desktop\gmer.log

2013-12-18 01:15 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\NDF

2013-12-18 01:11 - 2013-12-18 01:11 - 449531245 _____ C:\WINDOWS\MEMORY.DMP

2013-12-18 01:11 - 2013-12-18 01:11 - 00000000 ____D C:\WINDOWS\Minidump

2013-12-18 00:46 - 2013-12-18 00:46 - 00001219 _____ C:\Users\Maik\Desktop\gmer_2.1.19163.bat

2013-12-18 00:43 - 2013-10-26 20:14 - 00000000 ____D C:\ProgramData\McAfee

2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\Users\Maik\AppData\Roaming\ATI

2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\Users\Maik\AppData\Local\ATI

2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\ProgramData\ATI

2013-12-18 00:30 - 2013-12-18 00:30 - 00377856 _____ C:\Users\Maik\Desktop\gmer_2.1.19163.exe

2013-12-18 00:27 - 2013-10-26 20:14 - 00000000 ____D C:\Program Files (x86)\McAfee

2013-12-17 19:31 - 2013-12-17 19:31 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Intel Corporation

2013-12-17 19:30 - 2013-12-17 19:30 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Lenovo

2013-12-17 19:30 - 2013-12-17 19:28 - 00001133 _____ C:\Users\Maik\Desktop\Cyberlink Power2Go.lnk

2013-12-17 19:29 - 2013-12-17 19:29 - 00001449 _____ C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-12-17 19:29 - 2013-12-17 19:29 - 00000139 _____ C:\Users\Public\Desktop\eBay.url

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Adobe

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\ProgramData\eBay

2013-12-17 19:29 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Local\Packages

2013-12-17 19:29 - 2013-12-17 19:27 - 00000000 ____D C:\Users\Maik

2013-12-17 19:29 - 2013-10-27 06:26 - 00094019 _____ C:\WINDOWS\modules.log

2013-12-17 19:28 - 2013-12-17 19:28 - 00000020 ___SH C:\Users\Maik\ntuser.ini

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Vorlagen

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Startmenü

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Netzwerkumgebung

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Lokale Einstellungen

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Eigene Dateien

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Druckumgebung

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Documents\Eigene Musik

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Documents\Eigene Bilder

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Local\Verlauf

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Local\Anwendungsdaten

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Anwendungsdaten

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Intel

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Local\VirtualStore

2013-12-17 19:28 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2013-12-17 19:28 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\WinStore

2013-12-17 19:10 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\rescache

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Vorlagen

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Startmenü

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Eigene Dateien

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Druckumgebung

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Programme

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Vorlagen

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Startmenü

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Dokumente

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Dokumente und Einstellungen

2013-12-17 19:08 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows NT

2013-12-17 19:08 - 2012-07-26 06:37 - 00000000 ___HD C:\Users\Default

2013-12-17 19:07 - 2013-03-25 22:02 - 00004616 _____ C:\WINDOWS\PFRO.log
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-03-25 22:02
 

==================== End Of Log ============================

--- --- ---

--- --- ---

und weil ich mir nicht sicher war ob beide datensäzte reinpassen

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-12-2013 02

Ran by Maik at 2013-12-18 09:05:46

Running from C:\Users\Maik\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: McAfee  Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee  Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee  Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 

==================== Installed Programs ======================
 

Adobe AIR (x32 Version: 3.4.0.2710)

AMD Accelerated Video Transcoding (Version: 12.10.100.30425)

AMD APP SDK Runtime (Version: 10.0.1124.2)

AMD Catalyst Install Manager (Version: 8.0.911.0)

Benutzerhandbuch (x32 Version: 1.0.0.15)

Catalyst Control Center - Branding (x32 Version: 1.00.0000)

Catalyst Control Center (x32 Version: 2013.0425.225.2413)

Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0425.225.2413)

Catalyst Control Center InstallProxy (x32 Version: 2013.0425.225.2413)

Catalyst Control Center Localization All (x32 Version: 2013.0425.225.2413)

Catalyst Control Center Profiles Mobile (x32 Version: 2013.0425.225.2413)

CCC Help Chinese Standard (x32 Version: 2013.0425.0224.2413)

CCC Help Chinese Traditional (x32 Version: 2013.0425.0224.2413)

CCC Help Czech (x32 Version: 2013.0425.0224.2413)

CCC Help Danish (x32 Version: 2013.0425.0224.2413)

CCC Help Dutch (x32 Version: 2013.0425.0224.2413)

CCC Help English (x32 Version: 2013.0425.0224.2413)

CCC Help Finnish (x32 Version: 2013.0425.0224.2413)

CCC Help French (x32 Version: 2013.0425.0224.2413)

CCC Help German (x32 Version: 2013.0425.0224.2413)

CCC Help Greek (x32 Version: 2013.0425.0224.2413)

CCC Help Hungarian (x32 Version: 2013.0425.0224.2413)

CCC Help Italian (x32 Version: 2013.0425.0224.2413)

CCC Help Japanese (x32 Version: 2013.0425.0224.2413)

CCC Help Korean (x32 Version: 2013.0425.0224.2413)

CCC Help Norwegian (x32 Version: 2013.0425.0224.2413)

CCC Help Polish (x32 Version: 2013.0425.0224.2413)

CCC Help Portuguese (x32 Version: 2013.0425.0224.2413)

CCC Help Russian (x32 Version: 2013.0425.0224.2413)

CCC Help Spanish (x32 Version: 2013.0425.0224.2413)

CCC Help Swedish (x32 Version: 2013.0425.0224.2413)

CCC Help Thai (x32 Version: 2013.0425.0224.2413)

CCC Help Turkish (x32 Version: 2013.0425.0224.2413)

ccc-utility64 (Version: 2013.0425.225.2413)

Conexant HD Audio (Version: 8.64.49.0)

Dolby Advanced Audio v2 (x32 Version: 7.2.8000.17)

Energy Management (x32 Version: 8.0.2.11)

Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10)

Intel(R) Management Engine Components (x32 Version: 8.1.0.1281)

Intel(R) Processor Graphics (x32 Version: 9.17.10.3114)

Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.8.0.0548)

Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1327.1) (Version: 3.1.1307.0362)

Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.08.0000.0249)

Intel(R) Rapid Storage Technology (Version: 12.0.0.1083)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)

Intel® PROSet/Wireless Software (x32 Version: 15.8.0)

Intel® PROSet/Wireless WiFi Software (Version: 15.08.0000.0172)

Intel® Trusted Connect Service Client (Version: 1.24.738.1)

Lenovo EasyCamera (x32 Version: 6.2.9200.10230)

Lenovo OneKey Recovery (Version: 8.0.0.1219)

Lenovo OneKey Recovery (x32 Version: 8.0.0.1219)

Lenovo Photos (x32 Version: 4.8.5)

Lenovo PowerDVD10 (x32 Version: 10.0.4331.52)

Lenovo Solution Center (Version: 2.1.002.00)

Lenovo VeriFace (Version: 5.0.13.5261)

Lenovo YouCam (x32 Version: 4.1.3423)

McAfee Internet Security (x32 Version: 11.6.385)

Microsoft Office (x32 Version: 15.0.4454.1510)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Nitro Pro 8 (Version: 8.0.10.7)

OEM Application Profile (x32 Version: 1.00.0000)

Power2Go (x32 Version: 5.6.0.9109)

PowerXpressHybrid (x32 Version: 1.00.0000)

PX Profile Update (x32 Version: 1.00.1.)

Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.16)

Realtek USB Card Reader (x32 Version: 6.2.9200.39041)

Shared C Run-time for x64 (Version: 10.0.0)

SugarSync Manager (x32 Version: 1.9.61.90905)

Synaptics Pointing Device Driver (Version: 16.5.2.0)

UserGuide (x32 Version: 1.0.0.15)

Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1)

Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733)
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {0143E0BF-4DA1-494A-B71E-1A4F3492BAFF} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()

Task: {154ED6CB-7411-41C5-891E-2E7BA5147FA3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-15] ()

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {2746672A-A0EA-4750-8234-82A33ADE417D} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)

Task: {4A1AF8D0-7E91-4A44-8D4A-7066DEEBE1C0} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-15] (Lenovo)

Task: {5023BBAC-10DF-4455-B6AE-795CE7E80654} - System32\Tasks\Microsoft\WINRE\WinRE-Repair => C:\Windows\System32\ReAgentc.exe [2012-10-24] (Microsoft Corporation)

Task: {68D76E1D-DF05-41E8-A315-B533C2C6E729} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-15] (Lenovo)

Task: {8842C160-0BA9-4367-9104-14EF08E35D6E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-15] (Lenovo)

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {D876E4E8-A921-43F0-8D07-AED326D30736} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-15] (Lenovo)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
 

==================== Loaded Modules (whitelisted) =============
 

2013-04-26 07:25 - 2013-04-18 00:59 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-10-26 19:41 - 2012-07-18 05:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (12/18/2013 00:28:41 AM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 15.8.0.0, Zeitstempel: 0x51709701

Name des fehlerhaften Moduls: MurocApi.dll, Version: 15.8.0.0, Zeitstempel: 0x5170961c

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0000000000026990

ID des fehlerhaften Prozesses: 0x74c

Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0

Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1

Pfad des fehlerhaften Moduls: ZeroConfigService.exe2

Berichtskennung: ZeroConfigService.exe3

Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5
 
 

System errors:

=============

Error: (12/18/2013 01:33:13 AM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ‎18.‎12.‎2013 um 01:11:26 unerwartet heruntergefahren.
 

Error: (12/18/2013 01:11:29 AM) (Source: BugCheck) (User: )

Description: 0x00000109 (0xa3a039d89cf1a4e8, 0xb3b7465eef7151a4, 0xfffff803ad712080, 0x0000000000000002)C:\WINDOWS\MEMORY.DMP
 

Error: (12/18/2013 01:11:29 AM) (Source: BugCheck) (User: )

Description: 
 

Error: (12/18/2013 01:11:26 AM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ‎18.‎12.‎2013 um 00:52:05 unerwartet heruntergefahren.
 

Error: (12/18/2013 00:29:03 AM) (Source: Service Control Manager) (User: )

Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (12/18/2013 00:27:05 AM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ‎17.‎12.‎2013 um 19:26:35 unerwartet heruntergefahren.
 

Error: (12/18/2013 00:26:38 AM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT-AUTORITÄT)

Description: 32212256841119104
 

Error: (12/17/2013 07:31:49 PM) (Source: DCOM) (User: Maik-Pc)

Description: Microsoft.WindowsLive.Platform.Service.RemoteProcess
 

Error: (12/17/2013 07:07:22 PM) (Source: volmgr) (User: )

Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
 

Microsoft Office Sessions:

=========================

Error: (12/18/2013 00:28:41 AM) (Source: Application Error)(User: )

Description: ZeroConfigService.exe15.8.0.051709701MurocApi.dll15.8.0.05170961cc0000005000000000002699074c01cefb7f98aa31c5C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dllf63832a4-6772-11e3-be76-0cd2927a2db1
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 29%

Total physical RAM: 3993.77 MB

Available physical RAM: 2804.06 MB

Total Pagefile: 8089.77 MB

Available Pagefile: 6477.91 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: (Windows8_OS) (Fixed) (Total:891.91 GB) (Free:862.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.9 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: 0F2F7574)
 

Partition: GPT Partition Type

==================== End Of Log ============================

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

mal wieder danke für die schnelle antwort
hie der combofix log

Code:

ComboFix 13-12-18.01 - Maik 19.12.2013  11:41:09.1.4 - x64

Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.3994.2884 [GMT 1:00]

ausgeführt von:: c:\users\Maik\Desktop\ComboFix.exe

AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee  Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini

c:\programdata\Roaming

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-11-19 bis 2013-12-19  ))))))))))))))))))))))))))))))

.

.

2013-12-19 10:45 . 2013-12-19 10:45        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-12-18 09:52 . 2013-12-18 09:52        --------        d-----w-        c:\windows\ServiceProfiles\LocalService\winhttp

2013-12-18 08:04 . 2013-12-18 08:04        --------        d-----w-        C:\FRST

2013-12-17 23:33 . 2013-12-17 23:33        --------        d-----w-        c:\programdata\ATI

2013-12-17 18:29 . 2013-12-17 18:29        --------        d-----w-        c:\programdata\eBay

2013-12-17 18:27 . 2013-12-17 18:29        --------        d-----w-        c:\users\Maik

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-17 23:42 . 2012-07-26 08:13        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-10-27 04:21 . 2013-10-27 04:21        1257472        ----a-w-        c:\windows\system32\kernel32.dll

2013-10-27 04:21 . 2013-10-27 04:21        1300992        ----a-w-        c:\windows\system32\gdi32.dll

2013-10-27 04:21 . 2013-10-27 04:21        1022464        ----a-w-        c:\windows\SysWow64\gdi32.dll

2013-10-27 04:21 . 2013-10-27 04:21        888320        ----a-w-        c:\windows\system32\autochk.exe

2013-10-27 04:21 . 2013-10-27 04:21        793088        ----a-w-        c:\windows\SysWow64\autochk.exe

2013-10-27 04:21 . 2013-10-27 04:21        542208        ----a-w-        c:\windows\system32\untfs.dll

2013-10-27 04:21 . 2013-10-27 04:21        482816        ----a-w-        c:\windows\SysWow64\untfs.dll

2013-10-27 04:21 . 2012-07-26 08:14        78200        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-27 04:21 . 2012-07-26 08:14        693112        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-10-27 04:21 . 2013-10-27 04:21        411880        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS

2013-10-27 04:21 . 2013-10-27 04:21        2233600        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2013-10-27 04:20 . 2013-10-27 04:20        98304        ----a-w-        c:\windows\system32\wudriver.dll

2013-10-27 04:20 . 2013-10-27 04:20        93696        ----a-w-        c:\windows\system32\psmsrv.dll

2013-10-27 04:20 . 2013-10-27 04:20        92160        ----a-w-        c:\windows\SysWow64\biwinrt.dll

2013-10-27 04:20 . 2013-10-27 04:20        8857088        ----a-w-        c:\windows\SysWow64\twinui.dll

2013-10-27 04:20 . 2013-10-27 04:20        83968        ----a-w-        c:\windows\SysWow64\wudriver.dll

2013-10-27 04:20 . 2013-10-27 04:20        83968        ----a-w-        c:\windows\system32\drivers\hidclass.sys

2013-10-27 04:20 . 2013-10-27 04:20        812544        ----a-w-        c:\windows\system32\Magnify.exe

2013-10-27 04:20 . 2013-10-27 04:20        77824        ----a-w-        c:\windows\system32\taskhost.exe

2013-10-27 04:20 . 2013-10-27 04:20        760320        ----a-w-        c:\windows\system32\wuapi.dll

2013-10-27 04:20 . 2013-10-27 04:20        758784        ----a-w-        c:\windows\SysWow64\Magnify.exe

2013-10-27 04:20 . 2013-10-27 04:20        754176        ----a-w-        c:\windows\SysWow64\actxprxy.dll

2013-10-27 04:20 . 2013-10-27 04:20        72192        ----a-w-        c:\windows\system32\taskhostex.exe

2013-10-27 04:20 . 2013-10-27 04:20        708096        ----a-w-        c:\windows\system32\AppXDeploymentExtensions.dll

2013-10-27 04:20 . 2013-10-27 04:20        69864        ----a-w-        c:\windows\system32\drivers\pdc.sys

2013-10-27 04:20 . 2013-10-27 04:20        621056        ----a-w-        c:\windows\SysWow64\wuapi.dll

2013-10-27 04:20 . 2013-10-27 04:20        58312        ----a-w-        c:\windows\system32\wuauclt.exe

2013-10-27 04:20 . 2013-10-27 04:20        560640        ----a-w-        c:\windows\system32\mfmp4srcsnk.dll

2013-10-27 04:20 . 2013-10-27 04:20        501760        ----a-w-        c:\windows\system32\DevicePairing.dll

2013-10-27 04:20 . 2013-10-27 04:20        470528        ----a-w-        c:\windows\system32\netprofmsvc.dll

2013-10-27 04:20 . 2013-10-27 04:20        449536        ----a-w-        c:\windows\SysWow64\DevicePairing.dll

2013-10-27 04:20 . 2013-10-27 04:20        446720        ----a-w-        c:\windows\system32\drivers\USBHUB3.SYS

2013-10-27 04:20 . 2013-10-27 04:20        43520        ----a-w-        c:\windows\system32\wups.dll

2013-10-27 04:20 . 2013-10-27 04:20        427520        ----a-w-        c:\windows\system32\drivers\rdbss.sys

2013-10-27 04:20 . 2013-10-27 04:20        419840        ----a-w-        c:\windows\system32\intl.cpl

2013-10-27 04:20 . 2013-10-27 04:20        411136        ----a-w-        c:\windows\SysWow64\mfmp4srcsnk.dll

2013-10-27 04:20 . 2013-10-27 04:20        39424        ----a-w-        c:\windows\system32\wuapp.exe

2013-10-27 04:20 . 2013-10-27 04:20        389632        ----a-w-        c:\windows\SysWow64\intl.cpl

2013-10-27 04:20 . 2013-10-27 04:20        389120        ----a-w-        c:\windows\system32\BCP47Langs.dll

2013-10-27 04:20 . 2013-10-27 04:20        34304        ----a-w-        c:\windows\SysWow64\wuapp.exe

2013-10-27 04:20 . 2013-10-27 04:20        337128        ----a-w-        c:\windows\system32\drivers\USBXHCI.SYS

2013-10-27 04:20 . 2013-10-27 04:20        330240        ----a-w-        c:\windows\system32\stobject.dll

2013-10-27 04:20 . 2013-10-27 04:20        328192        ----a-w-        c:\windows\system32\ubpm.dll

2013-10-27 04:20 . 2013-10-27 04:20        3241472        ----a-w-        c:\windows\system32\wuaueng.dll

2013-10-27 04:20 . 2013-10-27 04:20        309760        ----a-w-        c:\windows\SysWow64\BCP47Langs.dll

2013-10-27 04:20 . 2013-10-27 04:20        303616        ----a-w-        c:\windows\SysWow64\stobject.dll

2013-10-27 04:20 . 2013-10-27 04:20        284416        ----a-w-        c:\windows\system32\drivers\spaceport.sys

2013-10-27 04:20 . 2013-10-27 04:20        27648        ----a-w-        c:\windows\system32\drivers\hidusb.sys

2013-10-27 04:20 . 2013-10-27 04:20        251904        ----a-w-        c:\windows\system32\WUSettingsProvider.dll

2013-10-27 04:20 . 2013-10-27 04:20        247296        ----a-w-        c:\windows\SysWow64\ubpm.dll

2013-10-27 04:20 . 2013-10-27 04:20        2305024        ----a-w-        c:\windows\system32\authui.dll

2013-10-27 04:20 . 2013-10-27 04:20        2146304        ----a-w-        c:\windows\system32\actxprxy.dll

2013-10-27 04:20 . 2013-10-27 04:20        213248        ----a-w-        c:\windows\system32\drivers\UCX01000.SYS

2013-10-27 04:20 . 2013-10-27 04:20        2035712        ----a-w-        c:\windows\SysWow64\authui.dll

2013-10-27 04:20 . 2013-10-27 04:20        18432        ----a-w-        c:\windows\SysWow64\npmproxy.dll

2013-10-27 04:20 . 2013-10-27 04:20        179712        ----a-w-        c:\windows\system32\bisrv.dll

2013-10-27 04:20 . 2013-10-27 04:20        17408        ----a-w-        c:\windows\system32\muifontsetup.dll

2013-10-27 04:20 . 2013-10-27 04:20        173568        ----a-w-        c:\windows\system32\storewuauth.dll

2013-10-27 04:20 . 2013-10-27 04:20        169984        ----a-w-        c:\windows\system32\netplwiz.dll

2013-10-27 04:20 . 2013-10-27 04:20        1619968        ----a-w-        c:\windows\system32\wucltux.dll

2013-10-27 04:20 . 2013-10-27 04:20        15872        ----a-w-        c:\windows\SysWow64\nlmproxy.dll

2013-10-27 04:20 . 2013-10-27 04:20        151552        ----a-w-        c:\windows\system32\netprofm.dll

2013-10-27 04:20 . 2013-10-27 04:20        151040        ----a-w-        c:\windows\SysWow64\netplwiz.dll

2013-10-27 04:20 . 2013-10-27 04:20        14848        ----a-w-        c:\windows\SysWow64\rars.rs

2013-10-27 04:20 . 2013-10-27 04:20        14848        ----a-w-        c:\windows\system32\rars.rs

2013-10-27 04:20 . 2013-10-27 04:20        1483776        ----a-w-        c:\windows\system32\VSSVC.exe

2013-10-27 04:20 . 2013-10-27 04:20        14336        ----a-w-        c:\windows\SysWow64\muifontsetup.dll

2013-10-27 04:20 . 2013-10-27 04:20        141824        ----a-w-        c:\windows\system32\wuwebv.dll

2013-10-27 04:20 . 2013-10-27 04:20        13644288        ----a-w-        c:\windows\system32\Windows.UI.Xaml.dll

2013-10-27 04:20 . 2013-10-27 04:20        1332736        ----a-w-        c:\windows\system32\sysmain.dll

2013-10-27 04:20 . 2013-10-27 04:20        125952        ----a-w-        c:\windows\SysWow64\wuwebv.dll

2013-10-27 04:20 . 2013-10-27 04:20        12288        ----a-w-        c:\windows\SysWow64\nlmsprep.dll

2013-10-27 04:20 . 2013-10-27 04:20        122368        ----a-w-        c:\windows\system32\biwinrt.dll

2013-10-27 04:20 . 2013-10-27 04:20        120736        ----a-w-        c:\windows\system32\AuthHost.exe

2013-10-27 04:20 . 2013-10-27 04:20        115712        ----a-w-        c:\windows\SysWow64\netprofm.dll

2013-10-27 04:20 . 2013-10-27 04:20        1131520        ----a-w-        c:\windows\system32\AppXDeploymentServer.dll

2013-10-27 04:20 . 2013-10-27 04:20        10788864        ----a-w-        c:\windows\SysWow64\Windows.UI.Xaml.dll

2013-10-27 04:20 . 2013-10-27 04:20        10116096        ----a-w-        c:\windows\system32\twinui.dll

2013-10-27 04:20 . 2013-10-27 04:20        733184        ----a-w-        c:\windows\system32\win32spl.dll

2013-10-27 04:20 . 2013-10-27 04:20        1455368        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys

2013-10-27 04:19 . 2013-10-27 04:19        861184        ----a-w-        c:\windows\system32\drivers\http.sys

2013-10-27 04:19 . 2013-10-27 04:19        148480        ----a-w-        c:\windows\system32\poqexec.exe

2013-10-27 04:19 . 2013-10-27 04:19        144384        ----a-w-        c:\windows\system32\tssdisai.dll

2013-10-27 04:19 . 2013-10-27 04:19        135680        ----a-w-        c:\windows\system32\appserverai.dll

2013-10-27 04:19 . 2013-10-27 04:19        132608        ----a-w-        c:\windows\SysWow64\poqexec.exe

2013-10-27 04:19 . 2013-10-27 04:19        126976        ----a-w-        c:\windows\system32\RDWebAI.dll

2013-10-27 04:19 . 2013-10-27 04:19        122880        ----a-w-        c:\windows\system32\VmHostAI.dll

2013-10-27 04:19 . 2013-10-27 04:19        444416        ----a-w-        c:\windows\apppatch\AcSpecfc.dll

2013-10-27 04:19 . 2013-10-27 04:19        39936        ----a-w-        c:\windows\apppatch\apppatch64\acspecfc.dll

2013-10-27 04:19 . 2013-10-27 04:19        83688        ----a-w-        c:\windows\system32\mcupdate_AuthenticAMD.dll

2013-10-27 04:19 . 2013-10-27 04:19        68096        ----a-w-        c:\windows\system32\cryptsvc.dll

2013-10-27 04:19 . 2013-10-27 04:19        1889280        ----a-w-        c:\windows\system32\crypt32.dll

2013-10-27 04:19 . 2013-10-27 04:19        1569792        ----a-w-        c:\windows\SysWow64\crypt32.dll

2013-10-27 04:19 . 2013-10-27 04:19        141312        ----a-w-        c:\windows\system32\cryptnet.dll

2013-10-27 04:19 . 2013-10-27 04:19        1255936        ----a-w-        c:\windows\system32\certutil.exe

2013-10-27 04:19 . 2013-10-27 04:19        109056        ----a-w-        c:\windows\SysWow64\cryptnet.dll

2013-10-27 04:19 . 2013-10-27 04:19        1013248        ----a-w-        c:\windows\SysWow64\certutil.exe

2013-10-27 04:19 . 2013-10-27 04:19        1690624        ----a-w-        c:\windows\system32\GdiPlus.dll

2013-10-27 04:19 . 2013-10-27 04:19        1437184        ----a-w-        c:\windows\SysWow64\GdiPlus.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-25 642816]

"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2012-10-30 168464]

"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-18 217088]

"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-06-21 1527896]

"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableCursorSuppression"= 1 (0x1)

"ConsentPromptBehaviorUser"= 3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]

R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]

S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]

S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]

S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]

S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]

S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;c:\program files (x86)\Intel\Bluetooth\ibtrksrv.exe;c:\program files (x86)\Intel\Bluetooth\ibtrksrv.exe [x]

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]

S2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]

S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]

S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

S2 VeriFaceSrv;VeriFaceSrv;c:\program files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe;c:\program files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [x]

S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]

S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed - Virtueller Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x]

S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]

S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]

S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]

S3 NETwNe64;@oem12.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 8 64-Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]

S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]

@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"

[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]

2012-05-14 17:39        463952        ----a-w-        c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]

@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"

[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]

2012-05-14 17:39        463952        ----a-w-        c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]

@="{A759AFF6-5851-457D-A540-F4ECED148351}"

[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]

2012-05-14 17:39        463952        ----a-w-        c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]

@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"

[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]

2012-05-14 17:39        463952        ----a-w-        c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-04-24 172016]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-04-24 399856]

"Persistence"="c:\windows\system32\igfxpers.exe" [2013-04-24 442352]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2013-02-04 899680]

"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2013-03-05 1647616]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2013-05-21 7830328]

"RtsFT"="RTFTrack.exe" [2013-04-24 6339656]

"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2013-10-26 17097200]

"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2013-10-26 193008]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

@SACL=(02 0000)

.

Zeit der Fertigstellung: 2013-12-19  11:46:36

ComboFix-quarantined-files.txt  2013-12-19 10:46

.

Vor Suchlauf: 6 Verzeichnis(se), 922.482.978.816 Bytes frei

Nach Suchlauf: 12 Verzeichnis(se), 922.339.164.160 Bytes frei

.

- - End Of File - - 74EB0CDCBFA957A7CE2108F4C88502AA

5FB38429D5D77768867C76DCBDB35194

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

hier der mwb log (2 Elemente entfernt)

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.12.20.03
 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16599

Maik :: MAIK-PC [Administrator]
 

20.12.2013 09:24:55

mbam-log-2013-12-20 (09-24-55).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 413251

Laufzeit: 54 Minute(n), 47 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Photos (Trojan.Dropped.NS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Program Files (x86)\Lenovo DE\Lenovo Photos\uninstall.exe (Trojan.Dropped.NS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

awdcleaner hat nichts gefunden
hier der log

Code:

# AdwCleaner v3.015 - Bericht erstellt am 20/12/2013 um 10:36:42

# Updated 10/12/2013 von Xplode

# Betriebssystem : Windows 8  (64 bits)

# Benutzername : Maik - MAIK-PC

# Gestartet von : C:\Users\Maik\Desktop\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.16537
 
 

*************************
 

AdwCleaner[R0].txt - [635 octets] - [20/12/2013 10:31:10]

AdwCleaner[R1].txt - [753 octets] - [20/12/2013 10:35:56]

AdwCleaner[S0].txt - [695 octets] - [20/12/2013 10:32:00]

AdwCleaner[S1].txt - [675 octets] - [20/12/2013 10:36:42]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [734 octets] ##########

jrt log

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 8 x64

Ran by Maik on 20.12.2013 at 10:40:39,44

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 20.12.2013 at 10:45:52,48

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

frst log

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-12-2013 02

Ran by Maik (administrator) on MAIK-PC on 20-12-2013 10:49:08

Running from C:\Users\Maik\Desktop\rootkit tools\frst

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe

() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

(Realtek semiconductor) C:\Windows\RTFTrack.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\core\mchost.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)

HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-05] (Conexant Systems, Inc.)

HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [RtsFT] - C:\Windows\RTFTrack.exe [6339656 2013-04-24] (Realtek semiconductor)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3050736 2013-04-04] (Synaptics Incorporated)

HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-10-26] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [193008 2013-10-26] (Lenovo(beijing) Limited)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-25] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1527896 2012-06-21] (McAfee, Inc.)

HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-15] (Lenovo)

HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-15] (Lenovo)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

SearchScopes: HKLM - {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

SearchScopes: HKLM-x32 - {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

SearchScopes: HKCU - DefaultScope {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = 

SearchScopes: HKCU - {D5D7DD23-CBE3-41F7-8C4C-596BFFF88AF2} URL = 

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 

==================== Services (Whitelisted) =================
 

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)

R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-02] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)

S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)

R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)

R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)

S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-05-22] (McAfee, Inc.)

R2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-06-22] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-06-22] (McAfee, Inc.)

R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [177144 2012-06-22] (McAfee, Inc.)

R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()

R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)

R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-26] ()

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-10-27] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385272 2013-04-23] (Motorola Solutions, Inc.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

S3 MEMSWEEP2; C:\WINDOWS\system32\136A.tmp [6144 2009-06-18] (Sophos Plc)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)

U3 mfeavfk01; No ImagePath

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [66712 2012-06-18] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3341792 2013-04-25] (Intel Corporation)

R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243144 2013-04-24] (Realtek Semiconductor Corp.)

S1 SAVRKBootTasks; C:\WINDOWS\SysWow64\SAVRKBootTasks.sys [18816 2009-06-18] (Sophos Plc)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-04] (Synaptics Incorporated)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-12-20 10:45 - 2013-12-20 10:45 - 00000611 _____ C:\Users\Maik\Desktop\JRT.txt

2013-12-20 10:40 - 2013-12-20 10:40 - 00000000 ____D C:\WINDOWS\ERUNT

2013-12-20 10:30 - 2013-12-20 10:30 - 01226750 _____ C:\Users\Maik\Desktop\adwcleaner.exe

2013-12-20 09:23 - 2013-12-20 09:23 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Malwarebytes

2013-12-20 09:22 - 2013-12-20 10:36 - 00000000 ____D C:\AdwCleaner

2013-12-20 09:22 - 2013-12-20 09:23 - 01034531 _____ (Thisisu) C:\Users\Maik\Desktop\JRT.exe

2013-12-20 09:20 - 2013-12-20 09:20 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-20 09:20 - 2013-12-20 09:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-20 09:20 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2013-12-20 09:18 - 2013-12-20 09:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Maik\Desktop\mbam-setup-1.75.0.1300.exe

2013-12-19 17:21 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\Documents\Youcam

2013-12-19 17:21 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\Documents\Avatar

2013-12-19 17:21 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\AppData\Roaming\CyberLink

2013-12-19 17:21 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\AppData\Local\CyberLink

2013-12-19 17:11 - 2009-06-18 12:55 - 00018816 ____N (Sophos Plc) C:\WINDOWS\SysWOW64\SAVRKBootTasks.sys

2013-12-19 16:58 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\WINDOWS\system32\136A.tmp

2013-12-19 16:56 - 2013-12-19 16:56 - 00000000 ____D C:\Program Files (x86)\Sophos

2013-12-19 16:56 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\WINDOWS\system32\B976.tmp

2013-12-19 16:44 - 2013-12-19 16:44 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-19 16:43 - 2013-12-19 16:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-12-19 16:43 - 2013-12-19 16:43 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2013-12-19 11:46 - 2013-12-19 11:46 - 00022255 _____ C:\ComboFix.txt

2013-12-19 11:40 - 2013-12-19 11:46 - 00000000 ____D C:\Qoobox

2013-12-19 11:40 - 2013-12-19 11:45 - 00000000 ____D C:\WINDOWS\erdnt

2013-12-19 11:40 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe

2013-12-19 11:40 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe

2013-12-19 11:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe

2013-12-19 11:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe

2013-12-19 11:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe

2013-12-19 11:40 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe

2013-12-19 11:40 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe

2013-12-19 11:40 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe

2013-12-19 11:40 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe

2013-12-19 11:39 - 2013-12-19 11:39 - 05154906 ____R (Swearware) C:\Users\Maik\Desktop\ComboFix.exe

2013-12-18 13:19 - 2013-12-18 13:19 - 00007604 _____ C:\Users\Maik\AppData\Local\Resmon.ResmonCfg

2013-12-18 13:07 - 2013-12-18 13:08 - 00000000 ____D C:\Users\Maik\AppData\Local\LSC

2013-12-18 13:07 - 2013-12-18 13:07 - 00000000 ____D C:\Users\Maik\AppData\Roaming\LSC

2013-12-18 13:07 - 2013-12-18 13:07 - 00000000 ____D C:\Users\Maik\AppData\Local\Adobe

2013-12-18 09:12 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\Desktop\rootkit tools

2013-12-18 09:04 - 2013-12-18 09:04 - 00000000 ____D C:\FRST

2013-12-18 05:07 - 2013-12-18 05:07 - 00000000 _____ C:\Recovery.txt

2013-12-18 01:11 - 2013-12-18 01:11 - 449531245 _____ C:\WINDOWS\MEMORY.DMP

2013-12-18 01:11 - 2013-12-18 01:11 - 00000000 ____D C:\WINDOWS\Minidump

2013-12-18 01:03 - 2013-12-20 10:46 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-151516639-3704992375-3126064996-1001

2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\Users\Maik\AppData\Roaming\ATI

2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\Users\Maik\AppData\Local\ATI

2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\ProgramData\ATI

2013-12-18 00:28 - 2013-12-20 10:36 - 00122208 _____ C:\Users\Public\CAFADEBUG.log

2013-12-17 19:31 - 2013-12-17 19:31 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Intel Corporation

2013-12-17 19:30 - 2013-12-17 19:30 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Lenovo

2013-12-17 19:29 - 2013-12-18 13:07 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Adobe

2013-12-17 19:29 - 2013-12-17 19:29 - 00001449 _____ C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-12-17 19:29 - 2013-12-17 19:29 - 00000139 _____ C:\Users\Public\Desktop\eBay.url

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\ProgramData\eBay

2013-12-17 19:28 - 2013-12-17 19:30 - 00001133 _____ C:\Users\Maik\Desktop\Cyberlink Power2Go.lnk

2013-12-17 19:28 - 2013-12-17 19:29 - 00000000 ____D C:\Users\Maik\AppData\Local\Packages

2013-12-17 19:28 - 2013-12-17 19:28 - 00000020 ___SH C:\Users\Maik\ntuser.ini

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Vorlagen

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Startmenü

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Netzwerkumgebung

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Lokale Einstellungen

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Eigene Dateien

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Druckumgebung

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Documents\Eigene Musik

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Documents\Eigene Bilder

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Local\Verlauf

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Local\Anwendungsdaten

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Anwendungsdaten

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Intel

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Local\VirtualStore

2013-12-17 19:28 - 2013-10-27 05:21 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2013-12-17 19:28 - 2013-10-27 05:18 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2013-12-17 19:28 - 2013-10-26 20:10 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo

2013-12-17 19:28 - 2013-10-26 20:09 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Macromedia

2013-12-17 19:28 - 2013-02-04 07:18 - 00000189 _____ C:\Users\Maik\Desktop\Lenovo Telephony Start Now.url

2013-12-17 19:28 - 2012-07-26 09:13 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-12-17 19:28 - 2012-07-26 09:13 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-12-17 19:27 - 2013-12-17 19:29 - 00000000 ____D C:\Users\Maik

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Vorlagen

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Startmenü

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Eigene Dateien

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Druckumgebung

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Programme

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Vorlagen

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Startmenü

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Dokumente

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Dokumente und Einstellungen
 

==================== One Month Modified Files and Folders =======
 

2013-12-20 10:47 - 2013-10-26 19:27 - 01739550 _____ C:\WINDOWS\WindowsUpdate.log

2013-12-20 10:46 - 2013-12-18 01:03 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-151516639-3704992375-3126064996-1001

2013-12-20 10:45 - 2013-12-20 10:45 - 00000611 _____ C:\Users\Maik\Desktop\JRT.txt

2013-12-20 10:43 - 2013-10-27 05:12 - 00754172 _____ C:\WINDOWS\system32\perfh007.dat

2013-12-20 10:43 - 2013-10-27 05:12 - 00156362 _____ C:\WINDOWS\system32\perfc007.dat

2013-12-20 10:43 - 2012-07-26 08:28 - 01748838 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2013-12-20 10:42 - 2013-10-26 20:15 - 00001839 _____ C:\Users\Public\Desktop\McAfee Internet Security.lnk

2013-12-20 10:40 - 2013-12-20 10:40 - 00000000 ____D C:\WINDOWS\ERUNT

2013-12-20 10:40 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM

2013-12-20 10:37 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-12-20 10:36 - 2013-12-20 09:22 - 00000000 ____D C:\AdwCleaner

2013-12-20 10:36 - 2013-12-18 00:28 - 00122208 _____ C:\Users\Public\CAFADEBUG.log

2013-12-20 10:36 - 2013-10-26 20:15 - 00002560 _____ C:\WINDOWS\system32\VfService.trf

2013-12-20 10:30 - 2013-12-20 10:30 - 01226750 _____ C:\Users\Maik\Desktop\adwcleaner.exe

2013-12-20 10:25 - 2013-03-25 22:02 - 00005542 _____ C:\WINDOWS\PFRO.log

2013-12-20 10:00 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\sru

2013-12-20 09:23 - 2013-12-20 09:23 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Malwarebytes

2013-12-20 09:23 - 2013-12-20 09:22 - 01034531 _____ (Thisisu) C:\Users\Maik\Desktop\JRT.exe

2013-12-20 09:20 - 2013-12-20 09:20 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-20 09:20 - 2013-12-20 09:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-20 09:20 - 2013-12-20 09:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Maik\Desktop\mbam-setup-1.75.0.1300.exe

2013-12-19 17:21 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\Documents\Youcam

2013-12-19 17:21 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\Documents\Avatar

2013-12-19 17:21 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\AppData\Roaming\CyberLink

2013-12-19 17:21 - 2013-12-19 17:21 - 00000000 ____D C:\Users\Maik\AppData\Local\CyberLink

2013-12-19 17:21 - 2013-12-18 09:12 - 00000000 ____D C:\Users\Maik\Desktop\rootkit tools

2013-12-19 17:21 - 2013-10-26 20:07 - 00000000 ____D C:\ProgramData\CyberLink

2013-12-19 16:56 - 2013-12-19 16:56 - 00000000 ____D C:\Program Files (x86)\Sophos

2013-12-19 16:45 - 2013-12-19 16:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-12-19 16:44 - 2013-12-19 16:44 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-19 16:43 - 2013-12-19 16:43 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2013-12-19 11:46 - 2013-12-19 11:46 - 00022255 _____ C:\ComboFix.txt

2013-12-19 11:46 - 2013-12-19 11:40 - 00000000 ____D C:\Qoobox

2013-12-19 11:46 - 2012-07-26 06:37 - 00000000 ___HD C:\Users\Default

2013-12-19 11:45 - 2013-12-19 11:40 - 00000000 ____D C:\WINDOWS\erdnt

2013-12-19 11:45 - 2012-07-26 06:26 - 00000215 _____ C:\WINDOWS\system.ini

2013-12-19 11:39 - 2013-12-19 11:39 - 05154906 ____R (Swearware) C:\Users\Maik\Desktop\ComboFix.exe

2013-12-18 13:19 - 2013-12-18 13:19 - 00007604 _____ C:\Users\Maik\AppData\Local\Resmon.ResmonCfg

2013-12-18 13:08 - 2013-12-18 13:07 - 00000000 ____D C:\Users\Maik\AppData\Local\LSC

2013-12-18 13:07 - 2013-12-18 13:07 - 00000000 ____D C:\Users\Maik\AppData\Roaming\LSC

2013-12-18 13:07 - 2013-12-18 13:07 - 00000000 ____D C:\Users\Maik\AppData\Local\Adobe

2013-12-18 13:07 - 2013-12-17 19:29 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Adobe

2013-12-18 09:04 - 2013-12-18 09:04 - 00000000 ____D C:\FRST

2013-12-18 05:07 - 2013-12-18 05:07 - 00000000 _____ C:\Recovery.txt

2013-12-18 05:07 - 2012-07-26 09:13 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template

2013-12-18 01:15 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\NDF

2013-12-18 01:11 - 2013-12-18 01:11 - 449531245 _____ C:\WINDOWS\MEMORY.DMP

2013-12-18 01:11 - 2013-12-18 01:11 - 00000000 ____D C:\WINDOWS\Minidump

2013-12-18 00:43 - 2013-10-26 20:14 - 00000000 ____D C:\ProgramData\McAfee

2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\Users\Maik\AppData\Roaming\ATI

2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\Users\Maik\AppData\Local\ATI

2013-12-18 00:33 - 2013-12-18 00:33 - 00000000 ____D C:\ProgramData\ATI

2013-12-18 00:27 - 2013-10-26 20:14 - 00000000 ____D C:\Program Files (x86)\McAfee

2013-12-17 19:31 - 2013-12-17 19:31 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Intel Corporation

2013-12-17 19:30 - 2013-12-17 19:30 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Lenovo

2013-12-17 19:30 - 2013-12-17 19:28 - 00001133 _____ C:\Users\Maik\Desktop\Cyberlink Power2Go.lnk

2013-12-17 19:29 - 2013-12-17 19:29 - 00001449 _____ C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-12-17 19:29 - 2013-12-17 19:29 - 00000139 _____ C:\Users\Public\Desktop\eBay.url

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ___RD C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD

2013-12-17 19:29 - 2013-12-17 19:29 - 00000000 ____D C:\ProgramData\eBay

2013-12-17 19:29 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Local\Packages

2013-12-17 19:29 - 2013-12-17 19:27 - 00000000 ____D C:\Users\Maik

2013-12-17 19:29 - 2013-10-27 06:26 - 00094019 _____ C:\WINDOWS\modules.log

2013-12-17 19:28 - 2013-12-17 19:28 - 00000020 ___SH C:\Users\Maik\ntuser.ini

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Vorlagen

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Startmenü

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Netzwerkumgebung

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Lokale Einstellungen

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Eigene Dateien

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Druckumgebung

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Documents\Eigene Musik

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Documents\Eigene Bilder

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Local\Verlauf

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\AppData\Local\Anwendungsdaten

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 _SHDL C:\Users\Maik\Anwendungsdaten

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Roaming\Intel

2013-12-17 19:28 - 2013-12-17 19:28 - 00000000 ____D C:\Users\Maik\AppData\Local\VirtualStore

2013-12-17 19:28 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2013-12-17 19:28 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\WinStore

2013-12-17 19:10 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\rescache

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Vorlagen

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Startmenü

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Eigene Dateien

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Druckumgebung

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Programme

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Vorlagen

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Startmenü

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Dokumente

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien

2013-12-17 19:08 - 2013-12-17 19:08 - 00000000 _SHDL C:\Dokumente und Einstellungen

2013-12-17 19:08 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows NT
 

Some content of TEMP:

====================

C:\Users\Maik\AppData\Local\temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-03-25 22:02
 

==================== End Of Log ============================

--- --- ---

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)