Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
JS:Decode-AMN [Trj] auf externer Festplatte

JS:Decode-AMN [Trj] auf externer Festplatte


Log-Analyse und Auswertung: JS:Decode-AMN [Trj] auf externer Festplatte

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 11.09.2014, 14:01   #1
dertb
 
JS:Decode-AMN [Trj] auf externer Festplatte - Standard

JS:Decode-AMN [Trj] auf externer Festplatte


Hallo zusammen,

heute habe ich einen Vollscan mit Avast durchgeführt,
bei der eine externe Festplatte angeschlossen wurde,
die ich schon längere Zeit nicht mehr benutzt habe.
Die Platte wurde zur Sicherung eines alten PCs verwendet bei dem
alles kopiert wurde.

Bei der Überprüfung wurde in einem alten Temp-Ordner des gesicherten PC
JS : Decode-AMN [Trj] gefunden. Hier das Avast-log:

Code:
ATTFilter
*
* avast! Protokolldatei
* Diese Protokolldatei wurde automatisch erstellt
*
* Prüfungsname: Vollständige Überprüfung
* Start: Donnerstag, 11. September 2014 13:40:52
* VPS: 140910-0, 10.09.2014
*

C:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Zugriff verweigert (5)
C:\hiberfil.sys [E] Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird (32)
C:\pagefile.sys [E] Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird (32)
D:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Zugriff verweigert (5)
E:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Zugriff verweigert (5)
G:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Zugriff verweigert (5)
G:\D-disc\ikejbade\AppData\Local\Temp\xWfyg1sL.txt.part [L] JS:Decode-AMN [Trj] (0)
Infizierte Dateien: 1
Dateien gesamt: 361677
Ordner gesamt: 26449
Gesamtgröße: 227,6 GB

*
* Prüfung beendet: Donnerstag, 11. September 2014 14:32:05
* Laufzeit war 51 Minute(n), 51 Sekunde(n)
*
Dann habe ich Held den Suchlauf unterbrochen und die Datei gelöscht,
obwohl ich die Datei eigentlich bei Virustotal scannen wollte .


Hier noch aktuelle FRST-logs (Name mit **** ersetzt) :

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by User (administrator) on ****-PC on 11-09-2014 14:43:17
Running from C:\Users\****\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Ricoh co.,Ltd.) C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Advanced Audio v2\pcee4.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11942984 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [969800 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [PWMTRV] => rundll32 "C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL",PwrMgrBkGndMonitor
HKLM\...\Run: [RotateImage] => C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe [31744 2008-10-30] (Ricoh co.,Ltd.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2248080 2013-03-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM\...\Run: [Dolby Advanced Audio v2] => C:\Program Files\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z3532oz5.default
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z3532oz5.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-08]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z3532oz5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-11]

Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-09]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-09]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-09]
CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-09]
CHR Extension: (avast! Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-09]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-09]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-09]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-27]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-27] (AVAST Software)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2013-02-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-13] (Intel Corporation)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [110128 2014-04-07] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [259824 2014-05-29] ()
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1664856 2014-03-20] (Lenovo Group Limited)
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [24560 2014-04-24] ()
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [115696 2014-06-10] (Lenovo Group Limited)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3032816 2014-05-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-06-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-06-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-06-27] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-06-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-06-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-06-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-06-27] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [174552 2013-03-27] (Broadcom Corporation.)
S3 btwampfl; C:\Windows\system32\drivers\btwampfl.sys [508184 2012-12-04] (Broadcom Corporation.)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [312208 2013-03-12] (ELAN Microelectronics Corp.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-02-27] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-02-27] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [792856 2012-02-27] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-05-13] (Intel Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\Netwsn00.sys [10374144 2014-01-26] (Intel Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [195176 2012-01-30] (Realtek Semiconductor Corp.)
S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
S3 iwdbus; system32\DRIVERS\iwdbus.sys [X]
S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [X]
S3 XHCIPort; system32\DRIVERS\XHCIPort.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 14:43 - 2014-09-11 14:43 - 00012819 _____ () C:\Users\****\Desktop\FRST.txt
2014-09-11 14:41 - 2014-09-11 14:41 - 01097728 _____ (Farbar) C:\Users\****\Desktop\FRST.exe
2014-09-11 00:52 - 2014-09-11 13:43 - 02012771 _____ () C:\Users\****\Downloads\Neuer ZIP-komprimierter Ordner.zip
2014-09-09 19:09 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-09 19:09 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-09 19:09 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-09 19:09 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-09 19:09 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-09 19:09 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-09 19:09 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-09 19:09 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-09 19:09 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-09 19:09 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-09 19:09 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-09 19:09 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-09 19:09 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-09 19:09 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-09 19:09 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-09 19:09 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-09 19:09 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-09 19:09 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-09 19:09 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-09 19:09 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-09 19:09 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-09 19:09 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-09 19:09 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-09 19:08 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-09 19:08 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-09 19:08 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-09 19:08 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-09 19:08 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-09 19:08 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-09 19:08 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-09 19:08 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-09 19:03 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 19:03 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 19:03 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-09 19:02 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-09 19:02 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 19:02 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-09 17:05 - 2014-09-09 17:05 - 115929856 _____ (Microsoft Corporation) C:\Users\****\Desktop\msert.exe
2014-09-04 16:04 - 2014-09-10 15:46 - 00000855 _____ () C:\Users\****\Desktop\mucke.txt
2014-09-02 16:27 - 2014-09-02 16:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-27 23:04 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 23:04 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 12:05 - 2014-08-27 12:05 - 00000934 _____ () C:\Users\****\Desktop\LibreCAD.lnk
2014-08-25 14:45 - 2014-08-25 14:45 - 29666539 _____ () C:\Users\****\Downloads\LibreCAD-Installer-2.0.5.exe
2014-08-21 20:24 - 2014-09-11 13:50 - 00000000 ____D () C:\Users\****\Desktop\p3
2014-08-20 17:15 - 2014-08-20 17:15 - 00000000 ____D () C:\Users\****\AppData\Local\Tvsukernel
2014-08-20 17:09 - 2011-01-14 07:38 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2014-08-20 17:07 - 2014-02-18 19:48 - 00693464 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
2014-08-20 17:07 - 2014-02-18 19:48 - 00076872 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2014-08-20 17:07 - 2012-05-30 13:30 - 00471360 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
2014-08-20 17:06 - 2014-08-20 17:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-08-20 17:04 - 2014-08-20 17:05 - 00006520 _____ () C:\Windows\DPINST.LOG
2014-08-20 16:55 - 2014-08-20 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-08-12 21:17 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-12 21:17 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 21:17 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-12 21:17 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-12 21:13 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 21:13 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 21:12 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 21:12 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 21:12 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-12 21:12 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-12 21:12 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 21:12 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 21:12 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 21:12 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 21:11 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 21:11 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 21:11 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 21:11 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 21:11 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 21:11 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\system32\locale.nls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 14:43 - 2014-09-11 14:43 - 00012819 _____ () C:\Users\****\Desktop\FRST.txt
2014-09-11 14:43 - 2014-03-30 16:38 - 00000000 ____D () C:\FRST
2014-09-11 14:41 - 2014-09-11 14:41 - 01097728 _____ (Farbar) C:\Users\****\Desktop\FRST.exe
2014-09-11 14:41 - 2009-07-14 06:34 - 00023344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 14:41 - 2009-07-14 06:34 - 00023344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 14:37 - 2013-09-10 03:13 - 01606267 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 14:34 - 2014-04-09 14:07 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 14:34 - 2013-12-17 15:08 - 00050787 _____ () C:\Windows\setupact.log
2014-09-11 14:34 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 14:33 - 2014-03-24 17:18 - 00000000 ____D () C:\Users\****\Documents\VÖ
2014-09-11 14:30 - 2014-04-09 14:07 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 13:51 - 2013-10-17 15:02 - 00000000 ____D () C:\Users\****\Documents\Job
2014-09-11 13:50 - 2014-08-21 20:24 - 00000000 ____D () C:\Users\****\Desktop\p3
2014-09-11 13:49 - 2013-09-13 13:16 - 00000000 ____D () C:\Users\****\Documents\Witzig
2014-09-11 13:43 - 2014-09-11 00:52 - 02012771 _____ () C:\Users\****\Downloads\Neuer ZIP-komprimierter Ordner.zip
2014-09-11 01:06 - 2014-03-27 20:40 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 00:53 - 2013-09-13 12:30 - 00000000 ____D () C:\Users\****\AppData\Roaming\QuickScan
2014-09-10 23:12 - 2013-09-19 13:42 - 00000600 _____ () C:\Users\****\AppData\Local\PUTTY.RND
2014-09-10 23:12 - 2013-09-19 13:40 - 00002292 ____H () C:\Users\****\Documents\Default.rdp
2014-09-10 15:46 - 2014-09-04 16:04 - 00000855 _____ () C:\Users\****\Desktop\mucke.txt
2014-09-10 15:39 - 2013-09-10 03:15 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 12:55 - 2014-04-09 14:07 - 00002086 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-09 21:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-09 19:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-09 19:08 - 2013-09-11 14:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-09 19:06 - 2014-04-25 17:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 19:06 - 2013-09-11 14:17 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 17:05 - 2014-09-09 17:05 - 115929856 _____ (Microsoft Corporation) C:\Users\****\Desktop\msert.exe
2014-09-09 16:24 - 2013-11-18 11:55 - 00000000 ____D () C:\Users\****\Desktop\chest
2014-09-05 03:52 - 2014-09-09 19:03 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-09 19:03 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 04:04 - 2014-02-07 15:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-02 16:27 - 2014-09-02 16:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-31 17:27 - 2013-09-13 13:04 - 00001007 _____ () C:\Users\Public\Desktop\Personal Backup 5.lnk
2014-08-31 17:27 - 2013-09-13 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup
2014-08-31 17:27 - 2013-09-13 13:04 - 00000000 ____D () C:\Program Files\Personal Backup 5
2014-08-27 23:07 - 2009-07-14 06:33 - 00297120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 22:23 - 2013-09-13 12:47 - 00000934 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-27 22:23 - 2013-09-13 12:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-27 12:05 - 2014-08-27 12:05 - 00000934 _____ () C:\Users\****\Desktop\LibreCAD.lnk
2014-08-25 14:47 - 2014-07-25 02:32 - 00000934 _____ () C:\Users\User\Desktop\LibreCAD.lnk
2014-08-25 14:47 - 2014-07-25 02:32 - 00000000 ____D () C:\Program Files\LibreCAD
2014-08-25 14:45 - 2014-08-25 14:45 - 29666539 _____ () C:\Users\****\Downloads\LibreCAD-Installer-2.0.5.exe
2014-08-23 03:46 - 2014-08-27 23:04 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-27 23:04 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 22:11 - 2013-09-13 13:04 - 00000000 ____D () C:\Users\****\AppData\Roaming\PersBackup5
2014-08-20 17:15 - 2014-08-20 17:15 - 00000000 ____D () C:\Users\****\AppData\Local\Tvsukernel
2014-08-20 17:10 - 2013-12-17 16:53 - 00071858 _____ () C:\Windows\PFRO.log
2014-08-20 17:07 - 2013-09-11 12:51 - 00000000 ____D () C:\Program Files\Realtek
2014-08-20 17:06 - 2014-08-20 17:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-08-20 17:06 - 2013-09-11 12:50 - 00000000 ____D () C:\ProgramData\Intel
2014-08-20 17:06 - 2013-09-11 12:50 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-08-20 17:06 - 2013-09-11 12:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-20 17:05 - 2014-08-20 17:04 - 00006520 _____ () C:\Windows\DPINST.LOG
2014-08-20 17:04 - 2013-09-11 12:49 - 00000000 ____D () C:\Program Files\Intel
2014-08-20 17:04 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media
2014-08-20 17:03 - 2013-09-11 13:26 - 00000000 ____D () C:\Program Files\Lenovo
2014-08-20 17:01 - 2013-09-11 13:16 - 00000000 ____D () C:\ProgramData\Lenovo
2014-08-20 16:55 - 2014-08-20 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-08-20 16:55 - 2013-09-11 13:16 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-08-20 16:47 - 2013-09-11 13:20 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-20 16:46 - 2013-10-15 12:13 - 00068312 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-08-20 16:46 - 2013-09-11 13:37 - 00000000 ____D () C:\Users\****\AppData\Local\Lenovo
2014-08-19 19:39 - 2014-09-09 19:09 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 00:26 - 2014-09-09 19:08 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-09 19:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 23:57 - 2014-09-09 19:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 23:57 - 2014-09-09 19:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 23:46 - 2014-09-09 19:09 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 23:45 - 2014-09-09 19:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 23:44 - 2014-09-09 19:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-09 19:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-09 19:08 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 23:39 - 2014-09-09 19:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 23:39 - 2014-09-09 19:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 23:37 - 2014-09-09 19:09 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 23:36 - 2014-09-09 19:09 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 23:36 - 2014-09-09 19:09 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:35 - 2014-09-09 19:09 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 23:30 - 2014-09-09 19:09 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:27 - 2014-09-09 19:09 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:22 - 2014-09-09 19:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-09 19:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:17 - 2014-09-09 19:09 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:17 - 2014-09-09 19:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:15 - 2014-09-09 19:08 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:09 - 2014-09-09 19:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:08 - 2014-09-09 19:09 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:08 - 2014-09-09 19:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:07 - 2014-09-09 19:09 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 22:46 - 2014-09-09 19:08 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 22:38 - 2014-09-09 19:08 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:36 - 2014-09-09 19:09 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-16 21:19 - 2013-09-13 13:04 - 00000000 ____D () C:\Users\****\Documents\PersBackup
2014-08-12 21:25 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-12 21:21 - 2013-09-12 11:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-12 12:44 - 2013-09-13 13:15 - 00000000 ____D () C:\Users\****\Documents\Eigene Scans

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 14:37

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-09-2014
Ran by User at 2014-09-11 14:43:46
Running from C:\Users\****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.41.00 - )
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dolby Advanced Audio v2 (HKLM\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.65.1 - Lenovo Group Limited)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.2.1.16 (HKLM\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.16 - RICOH)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 17.00.5000.1609 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM\...\{d2c93397-34ec-4e66-8fee-30d9e0b38c6f}) (Version: 17.0.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 17.0.5.0389 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Lenovo Patch Utility (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
LibreCAD (HKLM\...\LibreCAD) (Version: 2.0.5 - LibreCAD Team)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Metric Collection SDK (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0 (x86 de) (HKLM\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.80.218.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6895 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29011 - Realtek Semiconductor Corp.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\Elantech) (Version: 11.4.15.2 - ELAN Microelectronic Corp.)
ThinkPad Wireless LAN Adapter Software (HKLM\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0031.1 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1000_Classes\CLSID\{3D3B1846-CC43-42ae-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll (Simon Bünzli)
CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\****\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\****\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1001_Classes\CLSID\{3D3B1846-CC43-42ae-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll (Simon Bünzli)
CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\****\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\****\AppData\Local\Google\Chrome\Application\33.0.1750.154\delegate_execute.exe" No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\****\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2333159856-3964816940-4251757566-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File

==================== Restore Points  =========================

16-08-2014 13:51:06 Windows-Sicherung
16-08-2014 15:46:22 Windows-Sicherung
20-08-2014 14:54:26 Installed Lenovo System Update.
20-08-2014 15:08:47 Windows Update
27-08-2014 21:05:17 Windows Update
04-09-2014 15:36:52 Geplanter Prüfpunkt
09-09-2014 17:03:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {372D3730-F0B2-4095-B66D-AFCB7189C5AD} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {3F766E54-C72B-47B6-B509-A5B09CA11F8F} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-20] (Lenovo Group Limited)
Task: {4064599E-26A4-4512-AAB4-8D5FD8A97E6B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {48C7C16C-F461-43E0-BCF4-380C0498462E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-09] (Google Inc.)
Task: {84895CFB-D076-41E2-A8E0-FA77AABB04E7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-27] (AVAST Software)
Task: {84ABA338-F422-45BC-8134-243F6FF4CD56} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {99BCBA94-6C4F-49F1-8A0D-C2924AB1F143} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2333159856-3964816940-4251757566-1001
Task: {9A1E2555-AB99-464F-9544-5057862967F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-09] (Google Inc.)
Task: {B43667CE-0368-4880-90B9-79420C82B6D6} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2333159856-3964816940-4251757566-1000
Task: {B9EAB1E5-BF41-41D2-8B87-1A1C840AC230} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {C9077D0F-C23D-40C8-9730-CCB06F918699} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {E00D7CD2-F33A-4E16-BD0C-9BF991C6DDB7} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-27 22:36 - 2014-06-27 22:36 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-10 11:48 - 2014-09-10 11:48 - 02847744 _____ () C:\Program Files\AVAST Software\Avast\defs\14091000\algo.dll
2014-08-20 17:04 - 2014-03-20 06:05 - 00108544 _____ () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2013-09-11 12:54 - 2012-03-19 15:09 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-06-27 22:36 - 2014-06-27 22:36 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-02 16:27 - 2014-09-02 16:27 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-09-11 13:07 - 2013-05-13 15:15 - 01199576 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Integrated Camera
Description: Integrated Camera
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Ricoh
Service: 5U877
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ThinkPad Bluetooth 4.0
Description: ThinkPad Bluetooth 4.0
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/08/2014 02:56:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 32.0.0.5350 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1028

Startzeit: 01cfcb610c903914

Endzeit: 0

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: 39ae4811-3757-11e4-bf6b-3c970eba48cf

Error: (08/20/2014 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (08/20/2014 05:07:02 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\ProgramData\Lenovo\SystemUpdate\session\Repository\g3r106ww\setup.exe -s; Beschreibung = Installiert Realtek Ethernet Controller Driver; Fehler = 0x80070514).

Error: (08/20/2014 05:06:52 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\ProgramData\Package Cache\{4f754127-35a3-463c-9b09-dbb8370af1de}\Setup.exe Cache\{4f754127-35a3-463c-9b09-dbb8370af1de}\Setup.exe" -uninstall -quiet -burn.related.upgrade -burn.embedded BurnPipe.{3DC050E5-59DC-4CFC-A433-6DDF522AA054} {822D4375-8C77-4653-9CCD-08959DA9EDF3} 632; Beschreibung = Intel® PROSet/Wireless Software; Fehler = 0x80070514).

Error: (08/20/2014 05:05:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./ROOT/defaultselect * from CIntelWLANEvent0x80041010

Error: (08/20/2014 05:04:47 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\ProgramData\Lenovo\SystemUpdate\session\Repository\n14w207w_732\Install\Setup.exe -S; Beschreibung = Intel® PROSet/Wireless Software; Fehler = 0x80070514).

Error: (08/20/2014 05:04:32 PM) (Source: MsiInstaller) (EventID: 10005) (User: )
Description: Product: Lenovo Patch Utility -- Error 2103.Could not resolve path for shell folder 26.

Error: (08/20/2014 05:03:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\PROGRA~1\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe -Embedding; Beschreibung = Installiert Energie-Manager; Fehler = 0x80070514).

Error: (08/20/2014 04:48:03 PM) (Source: MsiInstaller) (EventID: 10997) (User: )
Description: Produkt: Lenovo System Update -- Fehler 997. Überlappender E/A-Vorgang wird verarbeitet.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/15/2014 01:27:40 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (08/20/2014 05:09:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (08/20/2014 05:09:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (08/16/2014 04:28:13 PM) (Source: volsnap) (EventID: 35) (User: )
Description: Die Schattenkopien von Volume "G:" wurden abgebrochen, weil der Schattenkopiespeicher nicht vergrößert werden kann.

Error: (08/15/2014 01:28:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/15/2014 01:28:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (08/15/2014 01:28:06 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/15/2014 01:27:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/15/2014 01:27:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (08/10/2014 00:51:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet: 
%%1062

Error: (08/10/2014 00:51:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Stromversorgung" wurde mit folgendem dienstspezifischem Fehler beendet: %%0.


Microsoft Office Sessions:
=========================
Error: (04/01/2014 05:39:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 488 seconds with 180 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-09-21 17:46:26.596
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 44%
Total physical RAM: 3169.87 MB
Available physical RAM: 1771.24 MB
Total Pagefile: 6338.02 MB
Available Pagefile: 4858.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.33 MB

==================== Drives ================================

Drive c: (Space) (Fixed) (Total:195.31 GB) (Free:100.24 GB) NTFS
Drive d: (Time) (Fixed) (Total:146.48 GB) (Free:146.21 GB) NTFS
Drive e: (Information) (Fixed) (Total:123.87 GB) (Free:123.62 GB) NTFS
Drive g: (sicherung_ikejbade) (Fixed) (Total:931.51 GB) (Free:235.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6072F14C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=123.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 28812BD0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Aktueller MBAM-Scan (mit angeschlossener Festplatte):
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 11.09.2014
Suchlauf-Zeit: 01:06:35
Logdatei: 1.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.10.10
Rootkit Datenbank: v2014.09.10.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: User

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 315770
Verstrichene Zeit: 6 Min, 10 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Muss ich mir Sorgen machen ?

Viele Grüße
dertb

 

Themen zu JS:Decode-AMN [Trj] auf externer Festplatte
adware, antivirus, bildschirm, browser, cpu, datei gelöscht, excel, feedback, festplatte, firefox, home, mozilla, programm, prozess, realtek, registry, rundll, schutz, security, services.exe, software, svchost.exe, system, usb, virus, windows, zugriff verweigert


« Windows 8.1- Firefox: Unerwünschte Werbefenster, gefakte Java-Update-Meldungen und unerwünschte neue Tabs, die sich öffnen | Bekomme "search.gadgetbox" nicht weg »


Ähnliche Themen: JS:Decode-AMN [Trj] auf externer Festplatte


  1. Virus auf externer Festplatte?
    Plagegeister aller Art und deren Bekämpfung - 13.09.2014 (5)
  2. Virus auf externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 03.07.2014 (1)
  3. Frage zu externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (3)
  4. autorun.inf auf externer Festplatte !
    Plagegeister aller Art und deren Bekämpfung - 05.09.2011 (5)
  5. Probleme mit externer Festplatte
    Netzwerk und Hardware - 16.02.2011 (5)
  6. Virus autorun.inf auf Festplatte, externer Festplatte und USB
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (20)
  7. TR/Dropper.gen auf externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (1)
  8. Malware auf Externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 23.08.2010 (27)
  9. yqq8eqil.exe auf externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 13.07.2010 (12)
  10. W32/Virut.Gen auf externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 16.03.2009 (9)
  11. bat.ftp.b - fund auf externer usb-festplatte
    Plagegeister aller Art und deren Bekämpfung - 11.02.2009 (0)
  12. Malware auf externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 30.01.2009 (10)
  13. butsur.e auf externer festplatte
    Plagegeister aller Art und deren Bekämpfung - 21.09.2008 (1)
  14. Trojaner auf externer Festplatte
    Mülltonne - 03.07.2008 (0)
  15. TR/Inject.ZS auf externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 24.03.2008 (6)
  16. TR/Inject.ZS auf externer Festplatte
    Mülltonne - 22.03.2008 (0)
  17. Booten von externer Festplatte
    Netzwerk und Hardware - 20.12.2004 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema JS:Decode-AMN [Trj] auf externer Festplatte - Hallo zusammen, heute habe ich einen Vollscan mit Avast durchgeführt, bei der eine externe Festplatte angeschlossen wurde, die ich schon längere Zeit nicht mehr benutzt habe. Die Platte wurde zur - JS:Decode-AMN [Trj] auf externer Festplatte...
Archiv
Du betrachtest: JS:Decode-AMN [Trj] auf externer Festplatte auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131