Ich habe schon seit einigen Wochen das TR/Patched.Ren.Gen auf dem Pc und bekomme es nicht weg

FdK · 01.08.2015, 21:01

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:30-07-2015
durchgeführt von Margit (Administrator) auf MARGIT-PC (01-08-2015 21:52:51)
Gestartet von C:\Users\Margit\Downloads
Geladene Profile: Margit (Verfügbare Profile: Margit)
Platform: Microsoft Windows 7 Enterprise  (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 9 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Hardcopy\hcdll2_ex_Win32.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
() C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(sw4you, Siegfried Weckmann) C:\Program Files\Hardcopy\hardcopy.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_18_0_0_209_ActiveX.exe
(Jasc Software, Inc.) C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [782008 2015-07-29] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-01] (Avast Software s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Startup: C:\Users\Margit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK [2012-09-08]
ShortcutTarget: Hardcopy.LNK -> C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x86.dll [2013-08-17] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x86.dll [2013-08-17] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x86.dll [2013-08-17] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-01] (Avast Software s.r.o.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-371684570-2355001649-4281704241-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-30] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-01] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-30] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{027F4CFA-388F-444B-9F44-55AB74B39FB4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EECCAFC1-2CBC-4119-8858-1CB26CE60E96}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Margit\AppData\Roaming\Mozilla\Firefox\Profiles\6ufef364.default-1438458029872
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-30] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2013-08-19] (Adobe Systems)
FF Plugin HKU\S-1-5-21-371684570-2355001649-4281704241-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Margit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-08] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-01]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [461672 2015-07-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [461672 2015-07-29] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-07-29] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-07-01] (Avast Software)
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2568120 2012-07-19] (WIBU-SYSTEMS AG)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [X]
S2 SearchProtectionService; "C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe" [X]

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-07-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-01] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-07-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-07-01] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-07-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-07-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-04] (Avira Operations GmbH & Co. KG)
S3 eapihdrv; C:\Users\Margit\AppData\Local\Temp\ehdrv.sys [135760 2015-07-29] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2015-02-17] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-01] (Avast Software)
S3 catchme; \??\C:\Users\Margit\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-01 21:52 - 2015-08-01 21:53 - 00014204 _____ C:\Users\Margit\Downloads\FRST.txt
2015-08-01 21:52 - 2015-08-01 21:52 - 01673216 _____ (Farbar) C:\Users\Margit\Downloads\FRST.exe
2015-08-01 21:38 - 2015-08-01 21:38 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-01 21:38 - 2015-08-01 21:38 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-01 21:38 - 2015-08-01 21:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-01 13:14 - 2015-08-01 13:16 - 00000000 ____D C:\Users\Margit\Documents\Politik
2015-08-01 12:00 - 2015-08-01 12:00 - 00000000 ____H C:\ProgramData\cm-lock
2015-07-31 19:07 - 2015-08-01 21:22 - 00002564 _____ C:\Windows\IE11_main.log
2015-07-31 18:53 - 2015-07-31 18:53 - 00001222 _____ C:\Users\Margit\Desktop\Revo Uninstaller.lnk
2015-07-31 18:53 - 2015-07-31 18:53 - 00000000 ____D C:\Program Files\VS Revo Group
2015-07-31 18:08 - 2015-07-31 18:08 - 00415701 _____ C:\Users\Margit\Documents\bookmarks-2015-07-31.json
2015-07-31 18:06 - 2015-07-31 18:06 - 00738605 _____ C:\Users\Margit\Documents\bookmarks2.html
2015-07-30 20:24 - 2015-07-30 20:24 - 00738605 _____ C:\Users\Margit\Documents\bookmarks.html
2015-07-30 18:28 - 2015-07-30 18:28 - 00000000 ____D C:\Program Files\Common Files\Java
2015-07-29 19:58 - 2015-07-29 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-28 21:14 - 2015-07-28 21:14 - 00034571 _____ C:\Users\Margit\Documents\FRST2.txt
2015-07-28 21:08 - 2015-07-28 21:08 - 00001959 _____ C:\Users\Margit\Documents\JRT.txt
2015-07-28 21:05 - 2015-07-28 21:05 - 00001959 _____ C:\Users\Margit\Desktop\JRT.txt
2015-07-28 20:26 - 2015-07-28 20:44 - 00000000 ____D C:\AdwCleaner
2015-07-28 20:24 - 2015-07-28 20:24 - 00001182 _____ C:\Users\Margit\Documents\mbam.txt
2015-07-28 19:52 - 2015-08-01 20:51 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-28 19:52 - 2015-07-28 19:53 - 00001060 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-28 19:52 - 2015-07-28 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-28 19:52 - 2015-07-28 19:53 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-07-28 19:52 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-28 19:52 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-28 19:52 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-27 20:48 - 2015-07-27 20:48 - 00020918 _____ C:\Users\Margit\Documents\compo.txt
2015-07-27 19:22 - 2015-07-27 19:22 - 00020918 _____ C:\ComboFix.txt
2015-07-27 19:05 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-27 19:05 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-27 19:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-27 19:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-27 19:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-27 19:05 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-27 19:05 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-27 19:05 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-27 19:00 - 2015-07-27 19:22 - 00000000 ____D C:\Qoobox
2015-07-27 19:00 - 2015-07-27 19:21 - 00000000 ____D C:\Windows\erdnt
2015-07-26 15:40 - 2015-07-26 15:40 - 00032625 _____ C:\Users\Margit\Documents\Addition.txt
2015-07-26 15:39 - 2015-07-26 15:39 - 00036808 _____ C:\Users\Margit\Documents\FRST.txt
2015-07-26 13:54 - 2015-08-01 21:52 - 00000000 ____D C:\FRST
2015-07-20 19:15 - 2015-07-21 10:58 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-07-20 19:05 - 2015-07-20 19:05 - 00000000 ____D C:\Users\Margit\AppData\Local\CEF
2015-07-19 18:54 - 2015-07-19 18:54 - 250231741 _____ C:\Windows\MEMORY.DMP
2015-07-19 18:54 - 2015-07-19 18:54 - 00717920 _____ C:\Windows\Minidump\071915-32947-01.dmp
2015-07-09 18:11 - 2015-07-26 19:01 - 00009529 ____H C:\Windows\system32\BTImages.dat
2015-07-05 14:59 - 2010-04-09 09:24 - 00240008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-07-05 14:56 - 2015-07-05 14:56 - 00000000 ____D C:\ProgramData\CheckPoint

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-01 21:52 - 2013-02-10 18:37 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-01 21:38 - 2012-08-26 13:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-01 21:20 - 2012-08-29 18:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-01 21:08 - 2012-08-20 19:50 - 01335555 _____ C:\Windows\WindowsUpdate.log
2015-08-01 12:13 - 2009-07-14 06:34 - 00011872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-01 12:13 - 2009-07-14 06:34 - 00011872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-01 12:10 - 2012-08-25 22:37 - 00000000 ____D C:\Users\Margit\AppData\Local\Adobe
2015-08-01 11:59 - 2013-02-10 18:37 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-01 11:59 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-01 11:59 - 2009-07-14 06:39 - 00163587 _____ C:\Windows\setupact.log
2015-07-30 18:49 - 2014-01-19 16:59 - 00000000 ____D C:\ProgramData\Oracle
2015-07-30 18:33 - 2014-01-19 16:58 - 00000000 ____D C:\Program Files\Java
2015-07-30 18:27 - 2014-04-26 13:16 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-07-29 19:58 - 2015-05-07 21:49 - 00001952 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-07-29 19:55 - 2013-04-06 18:12 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-29 19:55 - 2013-04-06 18:12 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-07-29 19:51 - 2012-08-20 19:52 - 01611160 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-28 21:02 - 2015-05-30 15:22 - 00000000 ____D C:\Users\Margit\AppData\Roaming\Lavasoft
2015-07-28 21:02 - 2015-05-30 15:20 - 00000000 ____D C:\ProgramData\Lavasoft
2015-07-28 21:01 - 2015-05-30 15:24 - 00000000 ____D C:\Program Files\Lavasoft
2015-07-28 20:45 - 2012-08-20 22:14 - 00286374 _____ C:\Windows\PFRO.log
2015-07-27 19:22 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2015-07-27 19:22 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2015-07-27 19:20 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-07-23 19:20 - 2012-09-14 19:48 - 00000000 ____D C:\Users\Margit\AppData\Roaming\vlc
2015-07-19 18:54 - 2013-02-07 18:52 - 00000000 ____D C:\Windows\Minidump
2015-07-16 11:44 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-15 12:20 - 2012-08-20 20:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-15 12:20 - 2012-08-20 20:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-15 11:38 - 2015-05-29 18:56 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-14 14:01 - 2012-09-01 13:58 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-07-12 19:00 - 2015-05-30 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-07-09 11:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-02-01 22:27 - 2015-02-01 22:27 - 0001581 _____ () C:\Program Files\18-index-5.1.7.txt
2015-02-01 22:28 - 2013-11-27 14:28 - 5245952 _____ () C:\Program Files\avcodec-54.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0092672 _____ () C:\Program Files\avdevice-54.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0413184 _____ () C:\Program Files\avfilter-3.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 1147904 _____ () C:\Program Files\avformat-54.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0289792 _____ () C:\Program Files\avutil-52.dll
2015-02-01 22:27 - 2014-10-14 12:00 - 0406528 _____ () C:\Program Files\CEWE FOTOIMPORTER.exe
2015-02-01 22:27 - 2014-10-14 12:00 - 1354240 _____ () C:\Program Files\CEWE FOTOSCHAU.exe
2015-02-01 22:28 - 2013-11-27 14:28 - 0374272 _____ () C:\Program Files\CORE_RL_Magick++_.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 1196544 _____ (ImageMagick Studio) C:\Program Files\CORE_RL_magick_.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0605184 _____ (ImageMagick Studio LLC) C:\Program Files\CORE_RL_wand_.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0866816 _____ () C:\Program Files\CWAPM0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0179712 _____ () C:\Program Files\CWAssistant0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0354304 _____ () C:\Program Files\CWCalendar0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0730624 _____ () C:\Program Files\CWCore0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0421888 _____ () C:\Program Files\CWCustomer0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 1052160 _____ () C:\Program Files\CWFoto0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0177664 _____ () C:\Program Files\CWFotoschauDLL0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0141312 _____ () C:\Program Files\CWGeoLocation0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 1111040 _____ () C:\Program Files\CWGUIWidgets0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0382464 _____ () C:\Program Files\CWImageLoader0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0592384 _____ () C:\Program Files\CWImageProcessing0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0296448 _____ () C:\Program Files\CWImageProcessingGUI0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0494080 _____ () C:\Program Files\CWModelBase0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0186368 _____ () C:\Program Files\CWNetworking0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0311296 _____ () C:\Program Files\CWNetworkingXTCI0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0394240 _____ () C:\Program Files\CWPriceListDialog0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0115200 _____ () C:\Program Files\CWProductBase0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0565760 _____ () C:\Program Files\CWProductProperties0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0075264 _____ () C:\Program Files\CWRegionOfInterest0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0501760 _____ () C:\Program Files\CWStartScreen0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0992768 _____ () C:\Program Files\CWTemplates0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0165888 _____ () C:\Program Files\CWVideoAnalysis0.dll
2015-02-01 22:28 - 2014-10-14 12:01 - 0385536 _____ () C:\Program Files\CWXML0.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 1033216 _____ () C:\Program Files\exiv2.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0415232 _____ (FotoNation Inc.) C:\Program Files\Face.dll
2015-02-01 22:28 - 2014-04-01 16:56 - 0017920 _____ () C:\Program Files\facedetection.exe
2015-02-01 22:28 - 2013-11-27 14:28 - 0069120 _____ () C:\Program Files\HE_3D2anaglyph.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0385536 _____ () C:\Program Files\IccProfLib0.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 20785664 _____ (The ICU Project) C:\Program Files\icudt50.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 1347584 _____ (The ICU Project) C:\Program Files\icuin50.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 1059840 _____ (The ICU Project) C:\Program Files\icuuc50.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 1616384 _____ (TODO: <Firmenname>) C:\Program Files\ImapiBurner.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 1029120 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Program Files\libeay32.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0048128 _____ () C:\Program Files\libEGL.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0137728 _____ () C:\Program Files\libexpat.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0728576 _____ () C:\Program Files\libGLESv2.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0310272 _____ (hxxp://hunspell.sourceforge.net/) C:\Program Files\libhunspell.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0305664 _____ () C:\Program Files\libwebp.dll
2015-02-01 22:27 - 2014-10-21 10:21 - 7622656 _____ () C:\Program Files\Mein CEWE FOTOBUCH.exe
2015-02-01 22:28 - 2013-11-27 14:28 - 0167936 _____ (Pegasus Imaging Corporation) C:\Program Files\picn1020.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0188416 _____ (Pegasus Imaging Corporation) C:\Program Files\picn1120.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0060416 _____ (Pegasus Imaging Corp.) C:\Program Files\picn20.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0060416 _____ (Pegasus Imaging Corp.) C:\Program Files\picn20n.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0073728 _____ (Pegasus Imaging Corporation) C:\Program Files\picn4620.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0094208 _____ (Pegasus Imaging Corporation) C:\Program Files\picn4720.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0073728 _____ (Pegasus Imaging Corporation) C:\Program Files\picn8420.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0126976 _____ (Pegasus Imaging Corporation) C:\Program Files\picn8520.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0040960 _____ (Pegasus Imaging Corporation) C:\Program Files\picn9220.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0049152 _____ (Pegasus Imaging Corporation) C:\Program Files\picn9320.dll
2015-02-01 22:28 - 2014-03-07 10:38 - 3853824 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Core.dll
2015-02-01 22:28 - 2014-03-07 10:38 - 3995648 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Gui.dll
2015-02-01 22:28 - 2014-03-07 10:37 - 0540672 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Multimedia.dll
2015-02-01 22:28 - 2014-03-07 10:38 - 0081920 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5MultimediaWidgets.dll
2015-02-01 22:28 - 2014-03-07 10:38 - 0825856 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Network.dll
2015-02-01 22:28 - 2014-03-07 10:37 - 0285184 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5OpenGL.dll
2015-02-01 22:28 - 2014-03-07 10:37 - 0226816 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5PrintSupport.dll
2015-02-01 22:28 - 2014-03-07 10:38 - 1553408 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Qml.dll
2015-02-01 22:28 - 2014-03-07 10:38 - 1933824 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Quick.dll
2015-02-01 22:28 - 2014-03-07 10:38 - 1118720 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Script.dll
2015-02-01 22:28 - 2014-03-07 10:38 - 0140800 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Sensors.dll
2015-02-01 22:28 - 2014-03-07 10:38 - 0150016 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Sql.dll
2015-02-01 22:28 - 2014-03-07 10:38 - 0198656 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Svg.dll
2015-02-01 22:28 - 2014-03-07 10:38 - 2670080 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5V8.dll
2015-02-01 22:28 - 2014-03-07 10:37 - 16332288 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5WebKit.dll
2015-02-01 22:28 - 2014-03-07 10:38 - 0189952 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5WebKitWidgets.dll
2015-02-01 22:28 - 2014-03-07 10:38 - 4271104 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Widgets.dll
2015-02-01 22:28 - 2014-03-07 10:38 - 0154624 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Qt5Xml.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0450560 _____ (RecDev GmbH) C:\Program Files\RecDev.dll
2015-02-01 22:28 - 2014-03-07 10:37 - 0438272 _____ (FotoNation Inc.) C:\Program Files\RedEye.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0380928 _____ () C:\Program Files\safpx.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0077824 _____ (Smaller Animals Software, Inc) C:\Program Files\SAFPXLB.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0210432 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Program Files\ssleay32.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0139776 _____ () C:\Program Files\swresample-0.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0342016 _____ () C:\Program Files\swscale-2.dll
2015-02-01 22:27 - 2015-02-01 22:31 - 0000000 _____ () C:\Program Files\temp.txt
2015-02-01 22:28 - 2013-11-27 14:28 - 4132360 _____ (Microsoft Corporation) C:\Program Files\vcredist_x86.exe
2015-02-01 22:28 - 2013-11-27 14:28 - 0077824 _____ (RecDev GmbH) C:\Program Files\wnaspi32.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0059904 _____ () C:\Program Files\zlib1.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 1053696 _____ (Smaller Animals Software, Inc.) C:\Program Files\_ISource30.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0081920 _____ (Smaller Animals Software, Inc.) C:\Program Files\_SAFPX10.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0368640 _____ (Smaller Animals Software, Inc.) C:\Program Files\_SAJ2K10.dll
2015-02-01 22:28 - 2013-11-27 14:28 - 0225280 _____ (Smaller Animals Software, Inc.) C:\Program Files\_SARAW10.dll
2013-08-27 19:30 - 2013-08-27 19:31 - 0000132 _____ () C:\Users\Margit\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2013-08-27 19:29 - 2013-08-27 19:29 - 0001456 _____ () C:\Users\Margit\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-02-09 21:37 - 2015-02-09 21:37 - 0006144 _____ () C:\Users\Margit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-01 12:00 - 2015-08-01 12:00 - 0000000 ____H () C:\ProgramData\cm-lock

Einige Dateien in TEMP:
====================
C:\Users\Margit\AppData\Local\Temp\avgnt.exe
C:\Users\Margit\AppData\Local\Temp\Quarantine.exe
C:\Users\Margit\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-25 16:01

==================== Ende vom log ============================

--- --- ---

"Firefox zurücksetzen" zurücksetzen habe ich nicht gefunden, restauriert habe ich.

Danke und Grüße

Ich habe schon seit einigen Wochen das TR/Patched.Ren.Gen auf dem Pc und bekomme es nicht weg

Plagegeister aller Art und deren Bekämpfung: Ich habe schon seit einigen Wochen das TR/Patched.Ren.Gen auf dem Pc und bekomme es nicht weg

Ich habe schon seit einigen Wochen das TR/Patched.Ren.Gen auf dem Pc und bekomme es nicht weg

Ähnliche Themen: Ich habe schon seit einigen Wochen das TR/Patched.Ren.Gen auf dem Pc und bekomme es nicht weg