Problem: Win8..TR/Patched.Ren.Gen..und..TR/Patched.Ren.Gen2

Orpheuso · 05.11.2014, 13:05

Hallo...ich habe seid ein paar Wochen ein Problem. Bei mir taucht jeden Tag immer Pünktlich um 12 Uhr bei Antivier ein Fund auf. Es handelt sich immer um den TR/Patched.Ren.Gen..und TR/Patched.Ren.Gen2..Trojaner. Ich weiß nicht mehr was ich noch machen soll!. Hoffe ihr könnt mir helfen?.

schrauber · 05.11.2014, 13:55

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Orpheuso · 05.11.2014, 14:13

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Andy (administrator) on ANDRE on 05-11-2014 14:07:06
Running from C:\Users\Andy\Downloads
Loaded Profile: Andy (Available profiles: Andy)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10464536 2014-07-02] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [461312 2012-07-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [V0770Mon.exe] => C:\Windows\V0770Mon.exe [32884 2012-06-01] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4873248 2014-10-14] (Emsisoft GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Andy\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-09-29] (Glarysoft Ltd)
HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2121296057-1747745134-147526060-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {76162016-F5BA-48ED-ADF8-2D6F5AD17632} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS
SearchScopes: HKLM - {76162016-F5BA-48ED-ADF8-2D6F5AD17632} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 83.169.184.33 83.169.184.97

FireFox:
========
FF ProfilePath: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\90q2zrmr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\90q2zrmr.default\Extensions\abs@avira.com [2014-10-31]
FF Extension: YouTube Unblocker - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\90q2zrmr.default\Extensions\youtubeunblocker@unblocker.yt [2014-10-17]
FF Extension: YouTube Video Downloader (Lite) - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\90q2zrmr.default\Extensions\cccc5f0d-b9d0-4314-88b5-7e27551f9e84@jetpack.xpi [2014-08-30]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\90q2zrmr.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-07-01]
FF Extension: Video Downloader professional - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\90q2zrmr.default\Extensions\ffext_basicvideoext@startpage24.xpi [2014-08-30]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\90q2zrmr.default\Extensions\vdpure@link64.xpi [2014-08-30]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\90q2zrmr.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-06-09]
FF Extension: PDF Wizard - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\90q2zrmr.default\Extensions\{6cc5e6c5-6f9b-4f56-adc8-69ff694a56c9}.xpi [2014-07-01]
FF Extension: Term Tutor - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com [2014-11-02]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-11-05]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-21]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4816568 2014-10-14] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [487936 2014-03-24] (Connectify) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-10-09] (Ellora Assets Corp.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-05] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-18] ()
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [297984 2014-04-09] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R1 anodlwf; C:\Windows\system32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 cnnctfy3; C:\Windows\system32\DRIVERS\cnnctfy3.sys [35352 2014-07-19] (Connectify)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-04] (Glarysoft Ltd)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140616.001\IDSvia64.sys [525016 2014-05-09] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140616.024\ENG64.SYS [126040 2014-05-10] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140616.024\EX64.SYS [2099288 2014-05-10] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 V0770Vid; C:\Windows\system32\DRIVERS\V0770Vid.sys [379776 2012-06-01] (Creative Technology Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 14:07 - 2014-11-05 14:07 - 00022374 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-11-05 14:06 - 2014-11-05 14:06 - 00000470 _____ () C:\Users\Andy\Downloads\defogger_disable.log
2014-11-05 12:43 - 2014-11-05 12:43 - 00380416 _____ () C:\Users\Andy\Downloads\Gmer-19357.exe
2014-11-05 12:40 - 2014-11-05 14:07 - 00000000 ____D () C:\FRST
2014-11-05 12:39 - 2014-11-05 12:39 - 00010150 _____ () C:\Users\Andy\Documents\trojan.odt
2014-11-05 12:39 - 2014-11-05 12:39 - 00000000 _____ () C:\Users\Andy\defogger_reenable
2014-11-05 12:37 - 2014-11-05 12:37 - 00050477 _____ () C:\Users\Andy\Downloads\Defogger.exe
2014-11-05 12:36 - 2014-11-05 12:36 - 02114560 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2014-11-05 11:18 - 2014-11-05 11:18 - 00000000 ____D () C:\Windows\LastGood
2014-11-04 09:35 - 2014-11-04 09:35 - 686116005 _____ () C:\Users\Andy\Downloads\Gaki_141102_#1229_License Fujiwara MANZAI with DownTown.mp4
2014-11-03 14:13 - 2014-11-05 13:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-03 14:13 - 2014-11-03 14:13 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-03 14:10 - 2014-11-03 14:10 - 00854704 _____ (Adobe Systems Incorporated) C:\Users\Andy\Downloads\uninstall_flash_player.exe
2014-11-02 16:39 - 2014-11-02 16:39 - 00448512 _____ (OldTimer Tools) C:\Users\Andy\Downloads\TFC.exe
2014-11-02 16:24 - 2014-11-02 16:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-02 16:12 - 2014-11-02 16:15 - 00000000 ____D () C:\Users\Andy\Downloads\Das Junkware Removal Tool enfernt mitinstallierte Adware, Toolbars und andere potentiell unerwünschte Programme vom Windows System
2014-11-02 16:10 - 2014-11-02 16:10 - 00000000 ____D () C:\Users\Andy\Downloads\Revo Uninstaller hilft Ihnen dabei, Software zu deinstallieren und unerwünschte Programme, die auf Ihrem Computer installiert sind, einfach zu entfernen
2014-11-02 16:02 - 2014-11-02 16:38 - 00000000 ____D () C:\Users\Andy\Downloads\DelFix ist ein Tool, welches nach der Bereinigung eingesetzt wird um alle Tools zu entfernen
2014-11-02 13:44 - 2014-11-02 13:46 - 250691202 _____ () C:\Users\Andy\Downloads\gaki no tsukai #686 (2003.12.07) pink lady.mkv
2014-11-02 13:36 - 2014-11-02 13:36 - 233994724 _____ () C:\Users\Andy\Downloads\gaki no tsukai #531 (2000.10.08) yamazaki batsu v2.mkv
2014-11-02 09:32 - 2014-11-02 13:20 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-11-02 09:02 - 2014-11-02 09:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-02 07:04 - 2014-11-03 11:15 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense
2014-11-01 14:10 - 2014-10-22 04:34 - 00010777 _____ () C:\Windows\system32\AutoconfigV2.cab
2014-11-01 14:10 - 2014-10-22 04:33 - 00581016 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2014-11-01 14:10 - 2014-10-22 04:33 - 00462760 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-11-01 14:10 - 2014-10-22 02:08 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-11-01 14:10 - 2014-10-22 02:08 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-01 14:10 - 2014-10-22 02:01 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-11-01 14:10 - 2014-10-22 02:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-11-01 14:10 - 2014-10-22 02:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-01 14:10 - 2014-10-22 02:00 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-11-01 13:03 - 2014-11-01 13:47 - 00000000 ____D () C:\Windows\erdnt
2014-10-31 12:32 - 2014-11-02 16:38 - 00000565 _____ () C:\DelFix.txt
2014-10-31 12:32 - 2014-11-02 16:26 - 00000000 ____D () C:\Windows\ERUNT
2014-10-29 14:56 - 2014-10-29 14:56 - 08969944 _____ (Connectify) C:\Users\Andy\Downloads\ConnectifyInstaller(2).exe
2014-10-27 16:50 - 2014-10-27 16:51 - 694865328 _____ () C:\Users\Andy\Downloads\Gaki_141026_#1228_4th I think that you like this.mp4
2014-10-27 14:51 - 2014-10-27 14:51 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\LavasoftStatistics
2014-10-27 14:42 - 2014-10-27 14:42 - 01753736 _____ () C:\Users\Andy\Downloads\Adaware114_Installer.exe
2014-10-27 12:29 - 2014-10-27 12:29 - 00001139 _____ () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2014-10-26 15:17 - 2014-10-26 15:17 - 689195816 _____ () C:\Users\Andy\Downloads\Gaki_140209_#1191_High Tension The Top 10 XVI (1).mp4
2014-10-26 15:01 - 2014-10-26 15:01 - 700009563 _____ () C:\Users\Andy\Downloads\Gaki no Tsukai #1216_Nonstop Acting Challenge.mp4
2014-10-26 14:22 - 2014-10-26 14:22 - 681877636 _____ () C:\Users\Andy\Downloads\Gaki no Tsukai #1206 14.05.25.mp4
2014-10-26 14:05 - 2014-10-26 14:05 - 682728548 _____ () C:\Users\Andy\Downloads\Gaki no Tsukai #1202.mp4
2014-10-26 09:37 - 2014-10-26 09:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-26 09:31 - 2014-10-26 09:31 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-10-26 08:13 - 2014-11-05 13:53 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-10-26 08:13 - 2014-10-26 08:13 - 00001098 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-10-26 08:13 - 2014-10-26 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-10-26 08:08 - 2014-10-26 08:09 - 159381144 _____ (Emsisoft GmbH ) C:\Users\Andy\Downloads\EmsisoftAntiMalwareSetup.exe
2014-10-26 07:37 - 2014-10-26 07:37 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-26 07:37 - 2014-10-26 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-26 07:37 - 2014-10-26 07:37 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-26 07:37 - 2014-10-26 07:37 - 00000000 ____D () C:\Program Files\iTunes
2014-10-26 07:37 - 2014-10-26 07:37 - 00000000 ____D () C:\Program Files\iPod
2014-10-26 07:37 - 2014-10-26 07:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-25 13:41 - 2014-10-25 13:41 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-10-25 13:33 - 2014-10-25 13:33 - 01156136 _____ (Ruiware) C:\Users\Andy\Downloads\wpsetup.exe
2014-10-25 11:03 - 2014-10-25 11:16 - 00000000 ____D () C:\Users\Andy\Documents\Freemake
2014-10-25 11:03 - 2014-10-25 11:03 - 00001339 _____ () C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2014-10-25 11:03 - 2014-10-25 11:03 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-10-25 11:03 - 2014-10-25 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2014-10-25 11:03 - 2014-10-25 11:03 - 00000000 ____D () C:\ProgramData\Freemake
2014-10-25 11:03 - 2014-10-25 11:03 - 00000000 ____D () C:\Program Files\WinPcap
2014-10-25 11:03 - 2014-10-25 11:03 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-10-25 11:02 - 2014-10-25 11:02 - 13717328 _____ (Ellora Assets Corporation ) C:\Users\Andy\Downloads\FreemakeVideoDownloader_3.7.1.1.exe
2014-10-25 10:50 - 2014-10-25 10:50 - 00004535 _____ () C:\Users\Andy\AppData\Roaming\CamStudio.cfg
2014-10-25 10:50 - 2014-10-25 10:50 - 00000408 _____ () C:\Users\Andy\AppData\Roaming\CamShapes.ini
2014-10-25 10:50 - 2014-10-25 10:50 - 00000408 _____ () C:\Users\Andy\AppData\Roaming\CamLayout.ini
2014-10-25 10:50 - 2014-10-25 10:50 - 00000046 _____ () C:\Users\Andy\AppData\Roaming\Camdata.ini
2014-10-25 10:50 - 2014-10-25 10:50 - 00000000 ____D () C:\Users\Andy\Documents\My CamStudio Temp Files
2014-10-25 10:46 - 2014-10-25 10:46 - 00000096 _____ () C:\Users\Andy\AppData\Roaming\version2.xml
2014-10-25 10:46 - 2014-10-25 10:46 - 00000000 ____D () C:\Program Files\TermTutor
2014-10-25 10:46 - 2014-08-29 16:02 - 00020296 _____ () C:\Windows\system32\roboot64.exe
2014-10-19 11:20 - 2014-10-19 11:20 - 00013927 _____ () C:\Users\Andy\Documents\Unbenannt 1E.odt
2014-10-19 10:29 - 2014-10-19 10:34 - 164858324 _____ () C:\Users\Andy\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2014-10-18 16:40 - 2014-10-18 16:41 - 00000000 ____D () C:\Users\Andy\Downloads\Neuer Ordner
2014-10-18 13:18 - 2014-10-18 13:19 - 00000000 ____D () C:\Users\Andy\AppData\Local\AviraSpeedup
2014-10-16 11:59 - 2014-09-13 06:29 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 11:59 - 2014-09-13 05:02 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 11:58 - 2014-09-28 05:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 11:58 - 2014-09-20 06:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 11:58 - 2014-09-20 06:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 11:58 - 2014-09-20 06:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 11:58 - 2014-09-20 06:17 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-10-16 11:58 - 2014-09-20 06:17 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-10-16 11:58 - 2014-09-20 06:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 11:58 - 2014-09-20 06:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 11:58 - 2014-09-20 06:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 11:58 - 2014-09-20 06:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 11:58 - 2014-09-20 06:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-16 11:58 - 2014-09-20 06:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 11:58 - 2014-09-20 06:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 11:58 - 2014-09-20 06:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 11:58 - 2014-09-20 06:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-16 11:58 - 2014-09-20 06:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 11:58 - 2014-09-20 06:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 11:58 - 2014-09-20 06:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 11:58 - 2014-09-20 06:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 11:58 - 2014-09-20 06:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 11:58 - 2014-09-20 06:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 11:58 - 2014-09-20 06:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 11:58 - 2014-09-20 04:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 11:58 - 2014-09-20 04:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 11:58 - 2014-09-20 04:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 11:58 - 2014-09-20 04:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 11:58 - 2014-09-20 04:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 11:58 - 2014-09-20 04:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 11:58 - 2014-09-20 04:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-16 11:58 - 2014-09-20 04:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 11:58 - 2014-09-20 04:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 11:58 - 2014-09-20 04:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 11:58 - 2014-09-20 04:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-16 11:58 - 2014-09-20 04:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 11:58 - 2014-09-20 04:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 11:58 - 2014-09-20 04:57 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-10-16 11:58 - 2014-09-20 04:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 11:58 - 2014-09-20 04:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 11:58 - 2014-09-20 04:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 11:58 - 2014-09-20 04:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 11:58 - 2014-09-20 04:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 11:58 - 2014-09-20 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 11:58 - 2014-09-20 04:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 11:58 - 2014-09-20 02:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-10-16 11:58 - 2014-09-18 00:24 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 11:58 - 2014-09-17 23:56 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 11:58 - 2014-09-03 03:48 - 00510464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 11:58 - 2014-09-03 03:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 11:58 - 2014-07-07 06:53 - 01125376 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 11:58 - 2014-07-07 06:52 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 11:58 - 2014-07-07 06:52 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 11:58 - 2014-07-07 06:52 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 11:58 - 2014-07-07 06:51 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 11:58 - 2014-07-07 05:01 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 11:58 - 2014-07-07 05:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 11:58 - 2014-07-07 05:00 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 11:58 - 2014-07-07 04:59 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-08 17:46 - 2014-10-08 17:48 - 46089664 _____ () C:\Users\Andy\Downloads\4110_u.apk
2014-10-07 15:48 - 2014-10-07 15:48 - 27209665 _____ () C:\Users\Andy\Downloads\John Swihart _ You're all alone.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 14:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-11-05 13:53 - 2014-08-07 19:10 - 01476915 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 13:53 - 2013-08-07 13:32 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Skype
2014-11-05 12:42 - 2013-04-19 14:39 - 07661056 ___SH () C:\Users\Andy\Downloads\Thumbs.db
2014-11-05 12:39 - 2013-04-17 16:01 - 00000000 ____D () C:\Users\Andy
2014-11-05 12:20 - 2014-10-04 08:50 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-11-05 12:15 - 2013-04-17 18:05 - 02527744 ___SH () C:\Users\Andy\Desktop\Thumbs.db
2014-11-05 10:44 - 2014-08-08 14:56 - 00001144 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-05 10:44 - 2014-07-26 11:33 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-05 10:44 - 2013-04-17 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-05 10:44 - 2013-04-17 16:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-05 10:43 - 2013-04-17 16:24 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2121296057-1747745134-147526060-1002
2014-11-05 10:42 - 2013-11-21 18:30 - 00004208 _____ () C:\Windows\System32\Tasks\Software Updater
2014-11-05 10:39 - 2014-10-04 08:50 - 00000344 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-11-05 10:39 - 2014-05-27 16:23 - 00000511 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-05 10:38 - 2013-01-07 10:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-05 10:38 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-04 12:20 - 2013-05-19 22:33 - 00000000 ____D () C:\Users\Andy\AppData\Local\CrashDumps
2014-11-04 12:17 - 2014-06-29 08:24 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\vlc
2014-11-04 09:42 - 2013-04-27 17:26 - 00024768 _____ () C:\Windows\diagwrn.xml
2014-11-04 09:42 - 2013-04-27 17:26 - 00024768 _____ () C:\Windows\diagerr.xml
2014-11-04 09:42 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-04 09:36 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\registration
2014-11-04 09:24 - 2014-09-24 16:19 - 00000000 ___HD () C:\$Windows.~BT
2014-11-04 09:08 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-11-03 17:04 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-11-03 14:13 - 2014-06-21 17:10 - 00000000 ____D () C:\Users\Andy\AppData\Local\Adobe
2014-11-03 12:09 - 2012-07-26 09:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-02 15:51 - 2013-04-25 16:58 - 00485516 _____ () C:\Windows\system32\perfh011.dat
2014-11-02 15:51 - 2013-04-25 16:58 - 00132890 _____ () C:\Windows\system32\perfc011.dat
2014-11-02 15:51 - 2012-07-26 11:27 - 00752930 _____ () C:\Windows\system32\perfh007.dat
2014-11-02 15:51 - 2012-07-26 11:27 - 00156156 _____ () C:\Windows\system32\perfc007.dat
2014-11-02 15:51 - 2012-07-26 08:28 - 02367698 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 12:50 - 2014-06-07 09:32 - 00000000 ____D () C:\Users\Andy\Desktop\Japan
2014-11-02 07:04 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-11-02 07:04 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-01 13:49 - 2014-04-23 13:40 - 00000000 ____D () C:\Users\dub_cm_auto
2014-11-01 13:44 - 2012-07-26 06:26 - 00000215 _____ () C:\Windows\system.ini
2014-11-01 13:42 - 2012-07-26 06:26 - 74711040 _____ () C:\Windows\system32\config\software.bak
2014-11-01 13:42 - 2012-07-26 06:26 - 17301504 _____ () C:\Windows\system32\config\system.bak
2014-11-01 13:42 - 2012-07-26 06:26 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-11-01 13:42 - 2012-07-26 06:26 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-11-01 13:42 - 2012-07-26 06:26 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-11-01 12:47 - 2014-07-09 18:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-01 12:22 - 2014-05-11 16:24 - 00000000 ___RD () C:\Users\Andy\Dropbox
2014-11-01 12:16 - 2014-05-11 16:22 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Dropbox
2014-10-31 17:34 - 2014-06-29 08:24 - 00000922 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-10-31 17:34 - 2014-01-19 15:49 - 00000873 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-31 15:56 - 2014-03-15 10:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-31 15:55 - 2014-03-15 10:39 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-31 15:55 - 2014-03-15 10:39 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-31 15:55 - 2014-03-15 10:39 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-31 15:55 - 2014-03-15 10:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-31 15:55 - 2014-03-15 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-31 15:54 - 2014-03-15 10:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-29 17:23 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-28 15:23 - 2014-08-16 08:35 - 00000000 ____D () C:\Users\Andy\Desktop\bewerb
2014-10-27 12:31 - 2013-11-21 18:30 - 00000000 ____D () C:\Program Files (x86)\SoftwareUpdater
2014-10-26 15:58 - 2014-09-14 12:26 - 00000000 ____D () C:\Users\Andy\Desktop\Unterkunft ALG2
2014-10-26 09:34 - 2014-05-28 17:07 - 00000000 ____D () C:\ProgramData\YTAHelper
2014-10-26 07:37 - 2014-08-10 08:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-26 07:37 - 2013-04-17 20:27 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-25 13:41 - 2013-05-02 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-10-25 13:41 - 2013-05-02 09:36 - 00000000 ____D () C:\ProgramData\InstallMate
2014-10-25 12:18 - 2014-07-09 18:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-25 12:09 - 2014-07-09 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-25 12:09 - 2013-05-02 09:40 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-25 10:54 - 2013-04-20 22:51 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-10-25 08:37 - 2013-11-05 15:56 - 00000000 ____D () C:\Users\Andy\Desktop\Neuer Ordner (2)
2014-10-24 14:33 - 2014-03-29 18:12 - 00000000 ____D () C:\ProgramData\Origin
2014-10-24 14:08 - 2014-03-29 18:11 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-18 16:11 - 2014-05-11 16:24 - 00001019 _____ () C:\Users\Andy\Desktop\Dropbox.lnk
2014-10-18 16:11 - 2014-05-11 16:23 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-18 13:19 - 2013-01-07 18:11 - 00000000 ____D () C:\Windows\Panther
2014-10-17 10:12 - 2014-10-04 08:27 - 00325872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 19:37 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-10-16 19:37 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 17:41 - 2013-07-27 13:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 17:39 - 2013-01-07 10:43 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-11 19:52 - 2013-06-04 17:03 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Media Player Classic
2014-10-11 13:29 - 2013-08-07 12:47 - 00000000 ____D () C:\Users\Andy\AppData\Local\Akamai
2014-10-07 11:44 - 2013-05-08 17:19 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-07 11:44 - 2013-04-17 16:51 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-07 11:44 - 2013-04-17 16:51 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Some content of TEMP:
====================
C:\Users\Andy\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-02 15:46

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Andy at 2014-11-05 14:07:26
Running from C:\Users\Andy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apowersoft Gratis - Audiorekorder V2.1.2 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 2.1.2 - Apowersoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{dc9a688a-12cb-4a22-b449-23d849d01dc7}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
Battlefield 2: Special Forces (HKLM-x32\...\{50D4CB89-AF34-4978-96DC-C3034062E901}) (Version:  - )
Battlefield 2142 (HKLM-x32\...\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Connectify (HKLM\...\Connectify) (Version: 8.0.0.30686 - Connectify)
Creative Live! Central 3 (HKLM-x32\...\Creative Live! Central 2) (Version: 3.01.21 - Creative Technology Ltd)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version:  - NCH Software)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EdenEternal-DE (HKLM-x32\...\EdenEternal-DE) (Version:  - )
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)

....Und vielen Dank nochmal

schrauber · 06.11.2014, 08:30

Ohne Log von Antivir tippe ich mal auf einen Fehlalarm in den Temps. Lass die nächste Datei die angemeckert wird bitte bei www.virustotal.com scannen.

Orpheuso · 06.11.2014, 12:35

..Das ist der Fund...

Code:

ATTFilter

Exportierte Ereignisse:

05.11.2014 12:03 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\Windows\Temp\9cbcc765-238b-434f-a802-6c53dd02e860\tmp000065bd\tmp00006192'
      wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Ren.Gen2' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

..Das ist es ja...wenn ich Antivir, Malwarebytes und Emsisoft Anti-Malware durchlaufen lasse wird nie etws gefunden. Aber trotzdem Danke für deine Hilfe Schrauber

schrauber · 07.11.2014, 07:48

Antivir eben, der König der Fehlalarme.

Problem: Win8..TR/Patched.Ren.Gen..und..TR/Patched.Ren.Gen2

Plagegeister aller Art und deren Bekämpfung: Problem: Win8..TR/Patched.Ren.Gen..und..TR/Patched.Ren.Gen2