MBAM-Funde

Hier wird Dir geholfen, Viren, Trojaner und andere unerwünschte Programme von Deinem Rechner zu entfernen.
NoG
Moderator
Beiträge: 7383
Registriert: So 24. Aug 2014, 15:02
Betriebssystem: Windows 8.1
Virenscanner: GData
Wohnort: Pinneberg

Re: MBAM-Funde

Beitrag von NoG »

Wir sind noch nicht fertig.
Task: C:\Windows\Tasks\{4800C9E1-FBE9-4D85-9007-D5B2694634C0}.job => C:\ProgramData\BetterSoft\SaveByClick\SaveByClick.exe
We have bugs the likes of which even God has never seen!
Benutzeravatar
beate67
Beiträge: 1199
Registriert: So 24. Aug 2014, 15:16
Wohnort: am wunderschönen Niederrhein

Re: MBAM-Funde

Beitrag von beate67 »

Ej Cheffe, das ist schon klar. Trotzdem werden beide Logs gebraucht, :)

Gruß, Beate :)
"Wenn du eine weise Antwort willst, mußt du vernünftig fragen." (Johann Wolfgang von Goethe)
NoG
Moderator
Beiträge: 7383
Registriert: So 24. Aug 2014, 15:02
Betriebssystem: Windows 8.1
Virenscanner: GData
Wohnort: Pinneberg

Re: MBAM-Funde

Beitrag von NoG »

Klar. Ich versuche ja nur zu verdeutlichen, warum. ;)
We have bugs the likes of which even God has never seen!
Benutzeravatar
phoenix66
Beiträge: 1140
Registriert: Mi 3. Sep 2014, 19:33
Betriebssystem: Windows 7 Prof (64bit) S ;
Virenscanner: Avast Zen Free
Wohnort: Gera

Re: MBAM-Funde

Beitrag von phoenix66 »

es ist echt anstrengend:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by MB PRIVAT (administrator) on MBPRIVAT-HP on 08-10-2014 09:13:58
Running from C:\Users\MB PRIVAT\Documents
Loaded Profile: MB PRIVAT (Available profiles: MB PRIVAT)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/" onclick="window.open(this.href);return false;

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [643168 2013-01-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-27] (Easybits)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-09-26] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3517970994-3013668129-2067591027-1001\...\Run: [DT Emphelungstool] => "C:\Users\MB PRIVAT\AppData\Local\Deutsche Telekom\Empfehlungstool\DTEmpfehlungstool.exe" 2
HKU\S-1-5-21-3517970994-3013668129-2067591027-1001\...\RunOnce: [Uninstall C:\Users\MB PRIVAT\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MB PRIVAT\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/4" onclick="window.open(this.href);return false;
SearchScopes: HKLM - {55F9F77C-E1A0-433A-B59A-ACC67CA90B18} URL = http://www.amazon.de/s/ref=azs_osd_iead ... -keywords=" onclick="window.open(this.href);return false;{searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/707-11107 ... com/?_nkw=" onclick="window.open(this.href);return false;{searchTerms}
SearchScopes: HKLM-x32 - {55F9F77C-E1A0-433A-B59A-ACC67CA90B18} URL = http://www.amazon.de/s/ref=azs_osd_iead ... -keywords=" onclick="window.open(this.href);return false;{searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/707-11107 ... com/?_nkw=" onclick="window.open(this.href);return false;{searchTerms}
SearchScopes: HKCU - {55F9F77C-E1A0-433A-B59A-ACC67CA90B18} URL = http://www.amazon.de/s/ref=azs_osd_iead ... -keywords=" onclick="window.open(this.href);return false;{searchTerms}
SearchScopes: HKCU - {C14EC139-D200-40E1-844F-9DF0CE01024C} URL = http://search.conduit.com/ResultsExt.aspx?q=" onclick="window.open(this.href);return false;{searchTerms}&SearchSource=4&ctid=CT1703539&CUI=UN40211413324385179&UM=2
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/707-11107 ... com/?_nkw=" onclick="window.open(this.href);return false;{searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @sun.com/npsopluginmi;version=1.0 -> C:\Program Files (x86)\OpenOffice.org 3\program No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MB PRIVAT\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-12-16]

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Übersetzer) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-05-29]
CHR Extension: (Google Docs) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-11]
CHR Extension: (Google Drive) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23]
CHR Extension: (YouTube) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-11]
CHR Extension: (Google-Suche) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-11]
CHR Extension: (Avira Browser Safety) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-05-11]
CHR Extension: (AdBlock Premium) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-05-11]
CHR Extension: (dict-cc) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2014-05-11]
CHR Extension: (Google Wallet) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-11]
CHR Extension: (Google Mail) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-11]
CHR HKLM-x32\...\Chrome\Extension: [pddpaeffbcajlcljkiniacbpkoipmeck] - C:\ProgramData\SaveByclick\pddpaeffbcajlcljkiniacbpkoipmeck.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 HPSLPSVC; C:\Users\MBPRIV~1\AppData\Local\Temp\7zS5486\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 09:13 - 2014-10-08 09:15 - 00013611 _____ () C:\Users\MB PRIVAT\Documents\FRST.txt
2014-10-08 09:13 - 2014-10-08 09:14 - 00000000 ____D () C:\FRST
2014-10-08 08:57 - 2014-10-08 08:57 - 02109952 _____ (Farbar) C:\Users\MB PRIVAT\Documents\FRST64.exe
2014-10-07 21:09 - 2014-10-08 09:11 - 00000000 ____D () C:\AdwCleaner
2014-10-07 21:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-07 21:07 - 2014-10-07 21:07 - 01375089 _____ () C:\Users\MB PRIVAT\Documents\adwcleaner_3.311.exe
2014-10-07 15:28 - 2014-10-07 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-07 11:14 - 2014-10-07 11:14 - 04872304 _____ (Gougelet Pierre-e ) C:\Users\MB PRIVAT\Documents\XnView-win.exe
2014-10-07 10:26 - 2014-10-07 16:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-07 10:26 - 2014-10-07 15:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-07 10:26 - 2014-10-07 10:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-07 10:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-07 10:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-07 10:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-07 10:11 - 2014-10-07 10:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\MB PRIVAT\Documents\mbam-setup-2.0.2.1012.exe
2014-10-07 10:08 - 2014-10-07 10:10 - 17305656 _____ (Malwarebytes Corporation ) C:\Users\MB PRIVAT\Documents\mbam-setup.exe
2014-10-01 08:43 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 08:43 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-26 16:28 - 2014-09-26 16:28 - 00868264 _____ (Opera Software) C:\Users\MB PRIVAT\Documents\Opera_NI_stable.exe
2014-09-26 09:42 - 2014-09-26 09:42 - 00895120 _____ (Google Inc.) C:\Users\MB PRIVAT\Documents\ChromeSetup (1).exe
2014-09-25 14:41 - 2014-09-25 14:42 - 06917709 _____ () C:\Users\MB PRIVAT\Documents\JPG-Illuminator-x64_v45.zip
2014-09-24 08:14 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 08:14 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-19 16:47 - 2014-09-19 16:47 - 16205198 _____ (Mooii) C:\Users\MB PRIVAT\Documents\photoscape_3.4.exe
2014-09-17 21:18 - 2014-09-17 21:35 - 00013728 _____ () C:\Users\MB PRIVAT\Documents\Garagenunterhalt-14.odt
2014-09-17 09:59 - 2014-09-17 10:00 - 30504072 _____ (Opera Software ASA) C:\Users\MB PRIVAT\Documents\Opera_24.0.1558.61_Autoupdate.exe
2014-09-14 09:31 - 2014-09-14 09:31 - 00014987 _____ () C:\Users\MB PRIVAT\Documents\autorunsettings.zip
2014-09-13 09:56 - 2014-09-13 09:56 - 00511633 _____ () C:\Users\MB PRIVAT\Documents\Autoruns.zip
2014-09-11 16:38 - 2014-09-11 16:38 - 00000000 ____D () C:\Users\MB PRIVAT\AppData\Local\Brice_Lambson
2014-09-11 16:37 - 2014-09-11 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows
2014-09-11 16:37 - 2014-09-11 16:37 - 00000000 ____D () C:\Program Files\Image Resizer for Windows
2014-09-11 16:37 - 2014-09-11 16:37 - 00000000 ____D () C:\Program Files (x86)\Image Resizer for Windows
2014-09-11 16:36 - 2014-09-11 16:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 16:28 - 2014-09-11 16:28 - 00922057 _____ (Brice Lambson) C:\Users\MB PRIVAT\Documents\ImageResizerSetup.exe
2014-09-11 09:27 - 2014-09-11 09:27 - 01370467 _____ () C:\Users\MB PRIVAT\Documents\AdwCleaner.exe
2014-09-11 08:42 - 2014-09-11 08:42 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-11 08:42 - 2014-09-11 08:42 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-11 08:42 - 2014-09-11 08:42 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-11 08:42 - 2014-09-11 08:42 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-11 08:42 - 2014-09-11 08:42 - 00000000 ____D () C:\Program Files\Java
2014-09-11 08:39 - 2014-09-11 08:40 - 31013800 _____ (Oracle Corporation) C:\Users\MB PRIVAT\Documents\jre-7u67-windows-x64.exe
2014-09-10 09:54 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 09:54 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 09:54 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 09:54 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 09:54 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 09:54 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 09:54 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 09:54 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 09:54 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 09:54 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 09:54 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 09:54 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 09:54 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 09:54 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 09:54 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 09:54 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 09:54 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 09:54 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 09:54 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 09:54 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 09:54 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 09:54 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 09:54 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 09:54 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 09:54 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 09:54 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 09:54 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 09:54 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 09:54 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 09:54 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 09:54 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 09:54 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 09:54 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 09:54 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 09:54 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 09:54 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 09:54 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 09:54 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 09:54 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 09:54 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 09:54 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 09:54 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 09:54 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 09:54 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 09:54 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 09:54 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 09:54 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 09:54 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 09:54 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 09:54 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 09:54 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 09:54 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 09:54 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 09:54 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 09:54 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 09:54 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 09:47 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 09:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 09:45 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 09:45 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 09:45 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 09:45 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 09:45 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 09:45 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 09:45 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 09:44 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 09:44 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 09:44 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 09:44 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 09:12 - 2014-05-11 09:31 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-08 09:12 - 2013-01-23 09:43 - 00000396 ____H () C:\Windows\Tasks\{4800C9E1-FBE9-4D85-9007-D5B2694634C0}.job
2014-10-08 09:12 - 2010-11-21 05:47 - 01837372 _____ () C:\Windows\PFRO.log
2014-10-08 09:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 09:12 - 2009-07-14 06:51 - 00257645 _____ () C:\Windows\setupact.log
2014-10-08 09:11 - 2012-07-04 11:49 - 01855581 _____ () C:\Windows\WindowsUpdate.log
2014-10-08 08:57 - 2012-07-04 11:51 - 00000000 ____D () C:\Users\MB PRIVAT
2014-10-08 08:41 - 2012-07-04 13:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-08 08:37 - 2012-07-04 15:57 - 00000000 ____D () C:\Users\MB PRIVAT\AppData\Roaming\XnView
2014-10-08 08:36 - 2014-05-11 09:31 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-08 08:25 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 08:25 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-07 20:07 - 2014-08-26 21:37 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForMB PRIVAT.job
2014-10-07 19:55 - 2012-07-04 13:19 - 00000000 ____D () C:\Users\MB PRIVAT\Sicherungskopien
2014-10-07 14:06 - 2012-07-04 11:51 - 00000000 ___RD () C:\Users\MB PRIVAT\Eigene Bilder
2014-10-07 14:02 - 2011-06-28 04:12 - 00702398 _____ () C:\Windows\system32\perfh007.dat
2014-10-07 14:02 - 2011-06-28 04:12 - 00151190 _____ () C:\Windows\system32\perfc007.dat
2014-10-07 14:02 - 2009-07-14 07:13 - 01629926 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-07 12:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-07 11:15 - 2012-07-04 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
2014-10-07 11:15 - 2012-07-04 13:31 - 00000000 ____D () C:\Program Files (x86)\XnView
2014-10-07 10:44 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2014-10-07 10:43 - 2012-07-04 13:32 - 00000000 ____D () C:\ProgramData\InstallMate
2014-10-05 21:42 - 2012-07-04 13:12 - 00000000 ___RD () C:\Users\MB PRIVAT\Arbeitsordner
2014-10-02 11:19 - 2012-07-10 14:13 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-02 11:19 - 2012-07-05 15:21 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-26 16:50 - 2014-06-03 13:55 - 00003856 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401196384
2014-09-26 16:50 - 2012-07-04 13:20 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-25 14:07 - 2014-08-26 21:37 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMB PRIVAT
2014-09-24 19:41 - 2012-07-04 13:58 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 19:41 - 2012-07-04 13:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 19:41 - 2012-07-04 13:58 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-22 20:43 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-17 18:51 - 2012-10-17 09:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 10:32 - 2014-09-02 11:17 - 00000000 ____D () C:\Users\MB PRIVAT\Documents\resources
2014-09-17 10:32 - 2014-09-02 11:17 - 00000000 ____D () C:\Users\MB PRIVAT\Documents\localization
2014-09-12 12:57 - 2014-09-02 11:17 - 00002912 _____ () C:\Users\MB PRIVAT\Documents\files_list
2014-09-12 12:56 - 2014-09-02 11:17 - 48069240 _____ (Opera Software) C:\Users\MB PRIVAT\Documents\opera.exe
2014-09-12 12:56 - 2014-09-02 11:17 - 08932984 _____ () C:\Users\MB PRIVAT\Documents\pdf.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 03537016 _____ (Opera Software) C:\Users\MB PRIVAT\Documents\installer.exe
2014-09-12 12:56 - 2014-09-02 11:17 - 03222648 _____ (Microsoft Corporation) C:\Users\MB PRIVAT\Documents\d3dcompiler_46.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 03180152 _____ () C:\Users\MB PRIVAT\Documents\opera_autoupdate.exe
2014-09-12 12:56 - 2014-09-02 11:17 - 03024504 _____ () C:\Users\MB PRIVAT\Documents\osmesa.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 01543800 _____ () C:\Users\MB PRIVAT\Documents\launcher_lib.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 01372280 _____ () C:\Users\MB PRIVAT\Documents\opera_crashreporter.exe
2014-09-12 12:56 - 2014-09-02 11:17 - 00974968 _____ () C:\Users\MB PRIVAT\Documents\ffmpegsumo.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00774264 _____ (Microsoft Corporation) C:\Users\MB PRIVAT\Documents\msvcr100.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00466040 _____ (Opera Software) C:\Users\MB PRIVAT\Documents\launcher.exe
2014-09-12 12:56 - 2014-09-02 11:17 - 00421496 _____ (Microsoft Corporation) C:\Users\MB PRIVAT\Documents\msvcp100.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00155768 _____ () C:\Users\MB PRIVAT\Documents\message_center_win8.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00109176 _____ () C:\Users\MB PRIVAT\Documents\opera.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00094840 _____ () C:\Users\MB PRIVAT\Documents\win8_importing.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00073336 _____ () C:\Users\MB PRIVAT\Documents\wow_helper.exe
2014-09-12 12:56 - 2014-04-05 21:30 - 01378936 _____ () C:\Users\MB PRIVAT\Documents\libGLESv2.dll
2014-09-12 12:56 - 2014-04-05 21:30 - 00182392 _____ () C:\Users\MB PRIVAT\Documents\libEGL.dll
2014-09-12 01:59 - 2014-09-02 11:17 - 13108464 _____ () C:\Users\MB PRIVAT\Documents\opera.pak
2014-09-12 01:59 - 2014-09-02 11:17 - 02239594 _____ () C:\Users\MB PRIVAT\Documents\opera_200_percent.pak
2014-09-12 01:59 - 2014-09-02 11:17 - 01678697 _____ () C:\Users\MB PRIVAT\Documents\opera_100_percent.pak
2014-09-12 01:59 - 2014-09-02 11:17 - 01414523 _____ () C:\Users\MB PRIVAT\Documents\opera_150_percent.pak
2014-09-12 01:59 - 2014-09-02 11:17 - 01397094 _____ () C:\Users\MB PRIVAT\Documents\opera_125_percent.pak
2014-09-12 01:59 - 2014-09-02 11:17 - 00989481 _____ () C:\Users\MB PRIVAT\Documents\opera_250_percent.pak
2014-09-12 01:56 - 2014-09-02 11:17 - 10187968 _____ () C:\Users\MB PRIVAT\Documents\icudtl.dat
2014-09-11 08:50 - 2014-08-14 10:55 - 00000000 ____D () C:\Users\MB PRIVAT\AppData\Local\Adobe
2014-09-11 08:40 - 2013-03-31 11:14 - 00000000 ____D () C:\Users\MB PRIVAT\Documents\Abkürzungen im DSLR-Forum - DSLR-Forum_files
2014-09-10 19:42 - 2012-11-13 10:02 - 00003224 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMBPRIVAT-HP$
2014-09-10 19:42 - 2012-11-13 10:02 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForMBPRIVAT-HP$.job
2014-09-10 09:52 - 2011-02-11 19:15 - 01603270 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 09:51 - 2013-07-27 21:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 09:48 - 2012-07-05 09:43 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 09:47 - 2014-04-27 19:37 - 00000000 ___SD () C:\Windows\system32\CompatTel

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2972.dll
C:\Windows\Tasks\{4800C9E1-FBE9-4D85-9007-D5B2694634C0}.job


Some content of TEMP:
====================
C:\Users\MB PRIVAT\AppData\Local\Temp\avgnt.exe
C:\Users\MB PRIVAT\AppData\Local\Temp\CARDINFO.DLL
C:\Users\MB PRIVAT\AppData\Local\Temp\GENIN.DLL
C:\Users\MB PRIVAT\AppData\Local\Temp\GENINMRI.DLL
C:\Users\MB PRIVAT\AppData\Local\Temp\MIDIMAP.DLL
C:\Users\MB PRIVAT\AppData\Local\Temp\Quarantine.exe
C:\Users\MB PRIVAT\AppData\Local\Temp\RecoveryMgr.exe
C:\Users\MB PRIVAT\AppData\Local\Temp\SHSetup.exe
C:\Users\MB PRIVAT\AppData\Local\Temp\sp64126.exe
C:\Users\MB PRIVAT\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 16:32

==================== End Of Log ============================

findet der phoenix66 :)
Win 7 professional(64bit); Linuxmint-19.1 cinnamon (64bit)
Benutzeravatar
beate67
Beiträge: 1199
Registriert: So 24. Aug 2014, 15:16
Wohnort: am wunderschönen Niederrhein

Re: MBAM-Funde

Beitrag von beate67 »

Hallo Phoenix66,

das macht doch Spaß und ist nicht anstrengend ;)


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das "Ausführen" Fenster.

Kopiere jetzt folgenden Text


HKLM-x32\...\Run: [] => [X]
Toolbar: HKCU - No Name - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Public\AlexaNSISPlugin.2972.dll
C:\ProgramData\BetterSoft\SaveByClick\SaveByClick.exe
Task: {A4261E6A-5A00-4468-91B5-8599269EFBDC} - System32\Tasks\{4800C9E1-FBE9-4D85-9007-D5B2694634C0} => C:\ProgramData\BetterSoft\SaveByClick\SaveByClick.exe <==== ATTENTION
SaveByClick (HKLM\...\{23205CB9-14EA-4CAC-AE47-5CC8F8C37E4F}) (Version: 1.0 - SaveByClick) <==== ATTENTION
C:\Windows\Tasks\{4800C9E1-FBE9-4D85-9007-D5B2694634C0}.job

Reboot:


in das leere Textdokument.

Speichere diese bitte als Fixlist.txt auf dem Schreibtisch oder aber im Verzeichnis in dem sich FRST befindet (bei dir wahrscheinlich wieder in downloads).

Starte nun FRST erneut und klicke den Fix Button.
Das Tool erstellt wieder eine Fixlog.txt.
Stelle es danach wieder hier ein oder schicke es zu mir und ich stelle es wieder bei pastebin.com ein.

Gruß, Beate :)
"Wenn du eine weise Antwort willst, mußt du vernünftig fragen." (Johann Wolfgang von Goethe)
Benutzeravatar
phoenix66
Beiträge: 1140
Registriert: Mi 3. Sep 2014, 19:33
Betriebssystem: Windows 7 Prof (64bit) S ;
Virenscanner: Avast Zen Free
Wohnort: Gera

Re: MBAM-Funde

Beitrag von phoenix66 »

leider lässt sich der kopierte Text nicht speichern. Warum, weiß ich nicht. Somit ist die Aktion nicht möglich.

Gruß phoenix66
Win 7 professional(64bit); Linuxmint-19.1 cinnamon (64bit)
Benutzeravatar
Carlus
Beiträge: 643
Registriert: So 24. Aug 2014, 14:40
Wohnort: Das Tor zur Welt

Re: MBAM-Funde

Beitrag von Carlus »

phoenix66 hat geschrieben:leider lässt sich der kopierte Text nicht speichern. Warum, weiß ich nicht. Somit ist die Aktion nicht möglich.

Gruß phoenix66
wie jetzt..... bei dir läßt sich ein einfacher text nicht speichern?

hast du es denn mit notepad probiert?
Gruß Carlus

Die Stimme ist eine menschliche Gabe. Sie sollte geschätzt und benutzt werden.
Kraftlosigkeit und Schweigen gehören zusammen.
Benutzeravatar
phoenix66
Beiträge: 1140
Registriert: Mi 3. Sep 2014, 19:33
Betriebssystem: Windows 7 Prof (64bit) S ;
Virenscanner: Avast Zen Free
Wohnort: Gera

Re: MBAM-Funde

Beitrag von phoenix66 »

Hallo Carlus,

ich habe wahrscheinlich einen Fehler gemacht und deshalb ließ sich kein Text speichern. Nach der Überprüfung ging es dann doch.
Hier ist die gewünschte Datei:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by MB PRIVAT (administrator) on MBPRIVAT-HP on 10-10-2014 16:10:37
Running from C:\Users\MB PRIVAT\Documents
Loaded Profile: MB PRIVAT (Available profiles: MB PRIVAT)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/" onclick="window.open(this.href);return false;

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [643168 2013-01-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-27] (Easybits)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3517970994-3013668129-2067591027-1001\...\Run: [DT Emphelungstool] => "C:\Users\MB PRIVAT\AppData\Local\Deutsche Telekom\Empfehlungstool\DTEmpfehlungstool.exe" 2
HKU\S-1-5-21-3517970994-3013668129-2067591027-1001\...\RunOnce: [Uninstall C:\Users\MB PRIVAT\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MB PRIVAT\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/4" onclick="window.open(this.href);return false;
SearchScopes: HKLM - {55F9F77C-E1A0-433A-B59A-ACC67CA90B18} URL = http://www.amazon.de/s/ref=azs_osd_iead ... -keywords=" onclick="window.open(this.href);return false;{searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/707-11107 ... com/?_nkw=" onclick="window.open(this.href);return false;{searchTerms}
SearchScopes: HKLM-x32 - {55F9F77C-E1A0-433A-B59A-ACC67CA90B18} URL = http://www.amazon.de/s/ref=azs_osd_iead ... -keywords=" onclick="window.open(this.href);return false;{searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/707-11107 ... com/?_nkw=" onclick="window.open(this.href);return false;{searchTerms}
SearchScopes: HKCU - {55F9F77C-E1A0-433A-B59A-ACC67CA90B18} URL = http://www.amazon.de/s/ref=azs_osd_iead ... -keywords=" onclick="window.open(this.href);return false;{searchTerms}
SearchScopes: HKCU - {C14EC139-D200-40E1-844F-9DF0CE01024C} URL = http://search.conduit.com/ResultsExt.aspx?q=" onclick="window.open(this.href);return false;{searchTerms}&SearchSource=4&ctid=CT1703539&CUI=UN40211413324385179&UM=2
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/707-11107 ... com/?_nkw=" onclick="window.open(this.href);return false;{searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @sun.com/npsopluginmi;version=1.0 -> C:\Program Files (x86)\OpenOffice.org 3\program No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MB PRIVAT\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-12-16]

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Übersetzer) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-05-29]
CHR Extension: (Google Docs) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-11]
CHR Extension: (Google Drive) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23]
CHR Extension: (YouTube) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-11]
CHR Extension: (Google-Suche) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-11]
CHR Extension: (Avira Browser Safety) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-05-11]
CHR Extension: (AdBlock Premium) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-05-11]
CHR Extension: (dict-cc) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2014-05-11]
CHR Extension: (Google Wallet) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-11]
CHR Extension: (Google Mail) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-11]
CHR HKLM-x32\...\Chrome\Extension: [pddpaeffbcajlcljkiniacbpkoipmeck] - C:\ProgramData\SaveByclick\pddpaeffbcajlcljkiniacbpkoipmeck.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 HPSLPSVC; C:\Users\MBPRIV~1\AppData\Local\Temp\7zS5486\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 16:09 - 2014-10-10 16:10 - 00000388 _____ () C:\Users\MB PRIVAT\Documents\Search.txt
2014-10-08 09:15 - 2014-10-08 09:15 - 00030405 _____ () C:\Users\MB PRIVAT\Documents\Addition.txt
2014-10-08 09:13 - 2014-10-10 16:10 - 00014438 _____ () C:\Users\MB PRIVAT\Documents\FRST.txt
2014-10-08 09:13 - 2014-10-10 16:10 - 00000000 ____D () C:\FRST
2014-10-08 08:57 - 2014-10-08 08:57 - 02109952 _____ (Farbar) C:\Users\MB PRIVAT\Documents\FRST64.exe
2014-10-07 21:09 - 2014-10-08 09:11 - 00000000 ____D () C:\AdwCleaner
2014-10-07 21:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-07 21:07 - 2014-10-07 21:07 - 01375089 _____ () C:\Users\MB PRIVAT\Documents\adwcleaner_3.311.exe
2014-10-07 15:28 - 2014-10-07 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-07 11:14 - 2014-10-07 11:14 - 04872304 _____ (Gougelet Pierre-e ) C:\Users\MB PRIVAT\Documents\XnView-win.exe
2014-10-07 10:26 - 2014-10-07 16:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-07 10:26 - 2014-10-07 15:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-07 10:26 - 2014-10-07 10:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-07 10:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-07 10:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-07 10:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-07 10:11 - 2014-10-07 10:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\MB PRIVAT\Documents\mbam-setup-2.0.2.1012.exe
2014-10-07 10:08 - 2014-10-07 10:10 - 17305656 _____ (Malwarebytes Corporation ) C:\Users\MB PRIVAT\Documents\mbam-setup.exe
2014-10-01 08:43 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 08:43 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-26 16:28 - 2014-09-26 16:28 - 00868264 _____ (Opera Software) C:\Users\MB PRIVAT\Documents\Opera_NI_stable.exe
2014-09-26 09:42 - 2014-09-26 09:42 - 00895120 _____ (Google Inc.) C:\Users\MB PRIVAT\Documents\ChromeSetup (1).exe
2014-09-25 14:41 - 2014-09-25 14:42 - 06917709 _____ () C:\Users\MB PRIVAT\Documents\JPG-Illuminator-x64_v45.zip
2014-09-24 08:14 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 08:14 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-19 16:47 - 2014-09-19 16:47 - 16205198 _____ (Mooii) C:\Users\MB PRIVAT\Documents\photoscape_3.4.exe
2014-09-17 09:59 - 2014-09-17 10:00 - 30504072 _____ (Opera Software ASA) C:\Users\MB PRIVAT\Documents\Opera_24.0.1558.61_Autoupdate.exe
2014-09-14 09:31 - 2014-09-14 09:31 - 00014987 _____ () C:\Users\MB PRIVAT\Documents\autorunsettings.zip
2014-09-13 09:56 - 2014-09-13 09:56 - 00511633 _____ () C:\Users\MB PRIVAT\Documents\Autoruns.zip
2014-09-11 16:38 - 2014-09-11 16:38 - 00000000 ____D () C:\Users\MB PRIVAT\AppData\Local\Brice_Lambson
2014-09-11 16:37 - 2014-09-11 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows
2014-09-11 16:37 - 2014-09-11 16:37 - 00000000 ____D () C:\Program Files\Image Resizer for Windows
2014-09-11 16:37 - 2014-09-11 16:37 - 00000000 ____D () C:\Program Files (x86)\Image Resizer for Windows
2014-09-11 16:36 - 2014-09-11 16:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 16:28 - 2014-09-11 16:28 - 00922057 _____ (Brice Lambson) C:\Users\MB PRIVAT\Documents\ImageResizerSetup.exe
2014-09-11 09:27 - 2014-09-11 09:27 - 01370467 _____ () C:\Users\MB PRIVAT\Documents\AdwCleaner.exe
2014-09-11 08:42 - 2014-09-11 08:42 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-11 08:42 - 2014-09-11 08:42 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-11 08:42 - 2014-09-11 08:42 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-11 08:42 - 2014-09-11 08:42 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-11 08:42 - 2014-09-11 08:42 - 00000000 ____D () C:\Program Files\Java
2014-09-11 08:39 - 2014-09-11 08:40 - 31013800 _____ (Oracle Corporation) C:\Users\MB PRIVAT\Documents\jre-7u67-windows-x64.exe
2014-09-10 09:54 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 09:54 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 09:54 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 09:54 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 09:54 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 09:54 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 09:54 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 09:54 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 09:54 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 09:54 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 09:54 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 09:54 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 09:54 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 09:54 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 09:54 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 09:54 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 09:54 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 09:54 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 09:54 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 09:54 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 09:54 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 09:54 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 09:54 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 09:54 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 09:54 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 09:54 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 09:54 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 09:54 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 09:54 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 09:54 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 09:54 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 09:54 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 09:54 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 09:54 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 09:54 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 09:54 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 09:54 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 09:54 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 09:54 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 09:54 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 09:54 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 09:54 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 09:54 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 09:54 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 09:54 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 09:54 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 09:54 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 09:54 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 09:54 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 09:54 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 09:54 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 09:54 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 09:54 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 09:54 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 09:54 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 09:54 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 09:47 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 09:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 09:45 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 09:45 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 09:45 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 09:45 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 09:45 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 09:45 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 09:45 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 09:44 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 09:44 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 09:44 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 09:44 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 16:07 - 2012-07-04 13:12 - 00000000 ___RD () C:\Users\MB PRIVAT\Arbeitsordner
2014-10-10 16:03 - 2012-07-04 11:51 - 00000000 ____D () C:\Users\MB PRIVAT
2014-10-10 16:00 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-10 16:00 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-10 15:52 - 2014-05-11 09:31 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-10 15:52 - 2013-01-23 09:43 - 00000396 ____H () C:\Windows\Tasks\{4800C9E1-FBE9-4D85-9007-D5B2694634C0}.job
2014-10-10 15:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 15:52 - 2009-07-14 06:51 - 00258261 _____ () C:\Windows\setupact.log
2014-10-10 14:49 - 2012-07-04 11:49 - 01938607 _____ () C:\Windows\WindowsUpdate.log
2014-10-10 14:41 - 2012-07-04 13:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 14:36 - 2014-05-11 09:31 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-10 14:23 - 2012-07-04 11:51 - 00000000 ___RD () C:\Users\MB PRIVAT\Eigene Bilder
2014-10-10 14:23 - 2011-06-28 04:12 - 00702398 _____ () C:\Windows\system32\perfh007.dat
2014-10-10 14:23 - 2011-06-28 04:12 - 00151190 _____ () C:\Windows\system32\perfc007.dat
2014-10-10 14:23 - 2009-07-14 07:13 - 01629926 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-10 10:36 - 2014-02-05 10:58 - 00400896 ___SH () C:\Users\MB PRIVAT\Documents\Thumbs.db
2014-10-09 19:10 - 2014-08-26 21:37 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForMB PRIVAT.job
2014-10-09 14:14 - 2014-08-26 21:37 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMB PRIVAT
2014-10-09 14:14 - 2012-07-10 14:13 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-09 14:14 - 2012-07-05 15:21 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-09 14:04 - 2014-08-28 12:02 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-09 14:04 - 2014-08-23 10:03 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-09 14:04 - 2014-08-23 10:03 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-08 21:08 - 2012-07-04 15:57 - 00000000 ____D () C:\Users\MB PRIVAT\AppData\Roaming\XnView
2014-10-08 09:16 - 2012-07-04 13:19 - 00000000 ____D () C:\Users\MB PRIVAT\Sicherungskopien
2014-10-08 09:12 - 2010-11-21 05:47 - 01837372 _____ () C:\Windows\PFRO.log
2014-10-07 12:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-07 11:15 - 2012-07-04 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
2014-10-07 11:15 - 2012-07-04 13:31 - 00000000 ____D () C:\Program Files (x86)\XnView
2014-10-07 10:44 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2014-10-07 10:43 - 2012-07-04 13:32 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-26 16:50 - 2014-06-03 13:55 - 00003856 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401196384
2014-09-26 16:50 - 2012-07-04 13:20 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-24 19:41 - 2012-07-04 13:58 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 19:41 - 2012-07-04 13:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 19:41 - 2012-07-04 13:58 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-22 20:43 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-17 18:51 - 2012-10-17 09:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 10:32 - 2014-09-02 11:17 - 00000000 ____D () C:\Users\MB PRIVAT\Documents\resources
2014-09-17 10:32 - 2014-09-02 11:17 - 00000000 ____D () C:\Users\MB PRIVAT\Documents\localization
2014-09-12 12:57 - 2014-09-02 11:17 - 00002912 _____ () C:\Users\MB PRIVAT\Documents\files_list
2014-09-12 12:56 - 2014-09-02 11:17 - 48069240 _____ (Opera Software) C:\Users\MB PRIVAT\Documents\opera.exe
2014-09-12 12:56 - 2014-09-02 11:17 - 08932984 _____ () C:\Users\MB PRIVAT\Documents\pdf.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 03537016 _____ (Opera Software) C:\Users\MB PRIVAT\Documents\installer.exe
2014-09-12 12:56 - 2014-09-02 11:17 - 03222648 _____ (Microsoft Corporation) C:\Users\MB PRIVAT\Documents\d3dcompiler_46.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 03180152 _____ () C:\Users\MB PRIVAT\Documents\opera_autoupdate.exe
2014-09-12 12:56 - 2014-09-02 11:17 - 03024504 _____ () C:\Users\MB PRIVAT\Documents\osmesa.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 01543800 _____ () C:\Users\MB PRIVAT\Documents\launcher_lib.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 01372280 _____ () C:\Users\MB PRIVAT\Documents\opera_crashreporter.exe
2014-09-12 12:56 - 2014-09-02 11:17 - 00974968 _____ () C:\Users\MB PRIVAT\Documents\ffmpegsumo.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00774264 _____ (Microsoft Corporation) C:\Users\MB PRIVAT\Documents\msvcr100.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00466040 _____ (Opera Software) C:\Users\MB PRIVAT\Documents\launcher.exe
2014-09-12 12:56 - 2014-09-02 11:17 - 00421496 _____ (Microsoft Corporation) C:\Users\MB PRIVAT\Documents\msvcp100.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00155768 _____ () C:\Users\MB PRIVAT\Documents\message_center_win8.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00109176 _____ () C:\Users\MB PRIVAT\Documents\opera.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00094840 _____ () C:\Users\MB PRIVAT\Documents\win8_importing.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00073336 _____ () C:\Users\MB PRIVAT\Documents\wow_helper.exe
2014-09-12 12:56 - 2014-04-05 21:30 - 01378936 _____ () C:\Users\MB PRIVAT\Documents\libGLESv2.dll
2014-09-12 12:56 - 2014-04-05 21:30 - 00182392 _____ () C:\Users\MB PRIVAT\Documents\libEGL.dll
2014-09-12 01:59 - 2014-09-02 11:17 - 13108464 _____ () C:\Users\MB PRIVAT\Documents\opera.pak
2014-09-12 01:59 - 2014-09-02 11:17 - 02239594 _____ () C:\Users\MB PRIVAT\Documents\opera_200_percent.pak
2014-09-12 01:59 - 2014-09-02 11:17 - 01678697 _____ () C:\Users\MB PRIVAT\Documents\opera_100_percent.pak
2014-09-12 01:59 - 2014-09-02 11:17 - 01414523 _____ () C:\Users\MB PRIVAT\Documents\opera_150_percent.pak
2014-09-12 01:59 - 2014-09-02 11:17 - 01397094 _____ () C:\Users\MB PRIVAT\Documents\opera_125_percent.pak
2014-09-12 01:59 - 2014-09-02 11:17 - 00989481 _____ () C:\Users\MB PRIVAT\Documents\opera_250_percent.pak
2014-09-12 01:56 - 2014-09-02 11:17 - 10187968 _____ () C:\Users\MB PRIVAT\Documents\icudtl.dat
2014-09-11 08:50 - 2014-08-14 10:55 - 00000000 ____D () C:\Users\MB PRIVAT\AppData\Local\Adobe
2014-09-11 08:40 - 2013-03-31 11:14 - 00000000 ____D () C:\Users\MB PRIVAT\Documents\Abkürzungen im DSLR-Forum - DSLR-Forum_files
2014-09-10 19:42 - 2012-11-13 10:02 - 00003224 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMBPRIVAT-HP$
2014-09-10 19:42 - 2012-11-13 10:02 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForMBPRIVAT-HP$.job
2014-09-10 09:52 - 2011-02-11 19:15 - 01603270 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 09:51 - 2013-07-27 21:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 09:48 - 2012-07-05 09:43 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 09:47 - 2014-04-27 19:37 - 00000000 ___SD () C:\Windows\system32\CompatTel

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2972.dll
C:\Windows\Tasks\{4800C9E1-FBE9-4D85-9007-D5B2694634C0}.job


Some content of TEMP:
====================
C:\Users\MB PRIVAT\AppData\Local\Temp\avgnt.exe
C:\Users\MB PRIVAT\AppData\Local\Temp\CARDINFO.DLL
C:\Users\MB PRIVAT\AppData\Local\Temp\GENIN.DLL
C:\Users\MB PRIVAT\AppData\Local\Temp\GENINMRI.DLL
C:\Users\MB PRIVAT\AppData\Local\Temp\MIDIMAP.DLL
C:\Users\MB PRIVAT\AppData\Local\Temp\Quarantine.exe
C:\Users\MB PRIVAT\AppData\Local\Temp\RecoveryMgr.exe
C:\Users\MB PRIVAT\AppData\Local\Temp\SHSetup.exe
C:\Users\MB PRIVAT\AppData\Local\Temp\sp64126.exe
C:\Users\MB PRIVAT\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 16:32

==================== End Of Log ============================

Gruß phoenix66
Win 7 professional(64bit); Linuxmint-19.1 cinnamon (64bit)
Benutzeravatar
phoenix66
Beiträge: 1140
Registriert: Mi 3. Sep 2014, 19:33
Betriebssystem: Windows 7 Prof (64bit) S ;
Virenscanner: Avast Zen Free
Wohnort: Gera

Re: MBAM-Funde

Beitrag von phoenix66 »

@Beate,

hier ist nun die neue FRST-Logdatei :
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by MB PRIVAT (administrator) on MBPRIVAT-HP on 10-10-2014 16:10:37
Running from C:\Users\MB PRIVAT\Documents
Loaded Profile: MB PRIVAT (Available profiles: MB PRIVAT)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/" onclick="window.open(this.href);return false;

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64_0\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [643168 2013-01-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-27] (Easybits)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3517970994-3013668129-2067591027-1001\...\Run: [DT Emphelungstool] => "C:\Users\MB PRIVAT\AppData\Local\Deutsche Telekom\Empfehlungstool\DTEmpfehlungstool.exe" 2
HKU\S-1-5-21-3517970994-3013668129-2067591027-1001\...\RunOnce: [Uninstall C:\Users\MB PRIVAT\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MB PRIVAT\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/4" onclick="window.open(this.href);return false;
SearchScopes: HKLM - {55F9F77C-E1A0-433A-B59A-ACC67CA90B18} URL = http://www.amazon.de/s/ref=azs_osd_iead ... -keywords=" onclick="window.open(this.href);return false;{searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/707-11107 ... com/?_nkw=" onclick="window.open(this.href);return false;{searchTerms}
SearchScopes: HKLM-x32 - {55F9F77C-E1A0-433A-B59A-ACC67CA90B18} URL = http://www.amazon.de/s/ref=azs_osd_iead ... -keywords=" onclick="window.open(this.href);return false;{searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/707-11107 ... com/?_nkw=" onclick="window.open(this.href);return false;{searchTerms}
SearchScopes: HKCU - {55F9F77C-E1A0-433A-B59A-ACC67CA90B18} URL = http://www.amazon.de/s/ref=azs_osd_iead ... -keywords=" onclick="window.open(this.href);return false;{searchTerms}
SearchScopes: HKCU - {C14EC139-D200-40E1-844F-9DF0CE01024C} URL = http://search.conduit.com/ResultsExt.aspx?q=" onclick="window.open(this.href);return false;{searchTerms}&SearchSource=4&ctid=CT1703539&CUI=UN40211413324385179&UM=2
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/707-11107 ... com/?_nkw=" onclick="window.open(this.href);return false;{searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @sun.com/npsopluginmi;version=1.0 -> C:\Program Files (x86)\OpenOffice.org 3\program No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MB PRIVAT\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-12-16]

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Übersetzer) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-05-29]
CHR Extension: (Google Docs) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-11]
CHR Extension: (Google Drive) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23]
CHR Extension: (YouTube) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-11]
CHR Extension: (Google-Suche) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-11]
CHR Extension: (Avira Browser Safety) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-05-11]
CHR Extension: (AdBlock Premium) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-05-11]
CHR Extension: (dict-cc) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2014-05-11]
CHR Extension: (Google Wallet) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-11]
CHR Extension: (Google Mail) - C:\Users\MB PRIVAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-11]
CHR HKLM-x32\...\Chrome\Extension: [pddpaeffbcajlcljkiniacbpkoipmeck] - C:\ProgramData\SaveByclick\pddpaeffbcajlcljkiniacbpkoipmeck.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 HPSLPSVC; C:\Users\MBPRIV~1\AppData\Local\Temp\7zS5486\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 16:09 - 2014-10-10 16:10 - 00000388 _____ () C:\Users\MB PRIVAT\Documents\Search.txt
2014-10-08 09:15 - 2014-10-08 09:15 - 00030405 _____ () C:\Users\MB PRIVAT\Documents\Addition.txt
2014-10-08 09:13 - 2014-10-10 16:10 - 00014438 _____ () C:\Users\MB PRIVAT\Documents\FRST.txt
2014-10-08 09:13 - 2014-10-10 16:10 - 00000000 ____D () C:\FRST
2014-10-08 08:57 - 2014-10-08 08:57 - 02109952 _____ (Farbar) C:\Users\MB PRIVAT\Documents\FRST64.exe
2014-10-07 21:09 - 2014-10-08 09:11 - 00000000 ____D () C:\AdwCleaner
2014-10-07 21:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-07 21:07 - 2014-10-07 21:07 - 01375089 _____ () C:\Users\MB PRIVAT\Documents\adwcleaner_3.311.exe
2014-10-07 15:28 - 2014-10-07 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-07 11:14 - 2014-10-07 11:14 - 04872304 _____ (Gougelet Pierre-e ) C:\Users\MB PRIVAT\Documents\XnView-win.exe
2014-10-07 10:26 - 2014-10-07 16:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-07 10:26 - 2014-10-07 15:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-07 10:26 - 2014-10-07 10:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-07 10:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-07 10:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-07 10:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-07 10:11 - 2014-10-07 10:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\MB PRIVAT\Documents\mbam-setup-2.0.2.1012.exe
2014-10-07 10:08 - 2014-10-07 10:10 - 17305656 _____ (Malwarebytes Corporation ) C:\Users\MB PRIVAT\Documents\mbam-setup.exe
2014-10-01 08:43 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 08:43 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-26 16:28 - 2014-09-26 16:28 - 00868264 _____ (Opera Software) C:\Users\MB PRIVAT\Documents\Opera_NI_stable.exe
2014-09-26 09:42 - 2014-09-26 09:42 - 00895120 _____ (Google Inc.) C:\Users\MB PRIVAT\Documents\ChromeSetup (1).exe
2014-09-25 14:41 - 2014-09-25 14:42 - 06917709 _____ () C:\Users\MB PRIVAT\Documents\JPG-Illuminator-x64_v45.zip
2014-09-24 08:14 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 08:14 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-19 16:47 - 2014-09-19 16:47 - 16205198 _____ (Mooii) C:\Users\MB PRIVAT\Documents\photoscape_3.4.exe
2014-09-17 09:59 - 2014-09-17 10:00 - 30504072 _____ (Opera Software ASA) C:\Users\MB PRIVAT\Documents\Opera_24.0.1558.61_Autoupdate.exe
2014-09-14 09:31 - 2014-09-14 09:31 - 00014987 _____ () C:\Users\MB PRIVAT\Documents\autorunsettings.zip
2014-09-13 09:56 - 2014-09-13 09:56 - 00511633 _____ () C:\Users\MB PRIVAT\Documents\Autoruns.zip
2014-09-11 16:38 - 2014-09-11 16:38 - 00000000 ____D () C:\Users\MB PRIVAT\AppData\Local\Brice_Lambson
2014-09-11 16:37 - 2014-09-11 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows
2014-09-11 16:37 - 2014-09-11 16:37 - 00000000 ____D () C:\Program Files\Image Resizer for Windows
2014-09-11 16:37 - 2014-09-11 16:37 - 00000000 ____D () C:\Program Files (x86)\Image Resizer for Windows
2014-09-11 16:36 - 2014-09-11 16:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 16:28 - 2014-09-11 16:28 - 00922057 _____ (Brice Lambson) C:\Users\MB PRIVAT\Documents\ImageResizerSetup.exe
2014-09-11 09:27 - 2014-09-11 09:27 - 01370467 _____ () C:\Users\MB PRIVAT\Documents\AdwCleaner.exe
2014-09-11 08:42 - 2014-09-11 08:42 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-11 08:42 - 2014-09-11 08:42 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-11 08:42 - 2014-09-11 08:42 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-11 08:42 - 2014-09-11 08:42 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-11 08:42 - 2014-09-11 08:42 - 00000000 ____D () C:\Program Files\Java
2014-09-11 08:39 - 2014-09-11 08:40 - 31013800 _____ (Oracle Corporation) C:\Users\MB PRIVAT\Documents\jre-7u67-windows-x64.exe
2014-09-10 09:54 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 09:54 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 09:54 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 09:54 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 09:54 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 09:54 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 09:54 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 09:54 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 09:54 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 09:54 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 09:54 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 09:54 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 09:54 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 09:54 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 09:54 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 09:54 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 09:54 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 09:54 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 09:54 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 09:54 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 09:54 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 09:54 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 09:54 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 09:54 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 09:54 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 09:54 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 09:54 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 09:54 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 09:54 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 09:54 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 09:54 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 09:54 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 09:54 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 09:54 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 09:54 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 09:54 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 09:54 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 09:54 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 09:54 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 09:54 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 09:54 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 09:54 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 09:54 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 09:54 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 09:54 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 09:54 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 09:54 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 09:54 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 09:54 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 09:54 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 09:54 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 09:54 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 09:54 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 09:54 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 09:54 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 09:54 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 09:47 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 09:47 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 09:45 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 09:45 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 09:45 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 09:45 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 09:45 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 09:45 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 09:45 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 09:44 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 09:44 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 09:44 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 09:44 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 16:07 - 2012-07-04 13:12 - 00000000 ___RD () C:\Users\MB PRIVAT\Arbeitsordner
2014-10-10 16:03 - 2012-07-04 11:51 - 00000000 ____D () C:\Users\MB PRIVAT
2014-10-10 16:00 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-10 16:00 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-10 15:52 - 2014-05-11 09:31 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-10 15:52 - 2013-01-23 09:43 - 00000396 ____H () C:\Windows\Tasks\{4800C9E1-FBE9-4D85-9007-D5B2694634C0}.job
2014-10-10 15:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 15:52 - 2009-07-14 06:51 - 00258261 _____ () C:\Windows\setupact.log
2014-10-10 14:49 - 2012-07-04 11:49 - 01938607 _____ () C:\Windows\WindowsUpdate.log
2014-10-10 14:41 - 2012-07-04 13:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 14:36 - 2014-05-11 09:31 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-10 14:23 - 2012-07-04 11:51 - 00000000 ___RD () C:\Users\MB PRIVAT\Eigene Bilder
2014-10-10 14:23 - 2011-06-28 04:12 - 00702398 _____ () C:\Windows\system32\perfh007.dat
2014-10-10 14:23 - 2011-06-28 04:12 - 00151190 _____ () C:\Windows\system32\perfc007.dat
2014-10-10 14:23 - 2009-07-14 07:13 - 01629926 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-10 10:36 - 2014-02-05 10:58 - 00400896 ___SH () C:\Users\MB PRIVAT\Documents\Thumbs.db
2014-10-09 19:10 - 2014-08-26 21:37 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForMB PRIVAT.job
2014-10-09 14:14 - 2014-08-26 21:37 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMB PRIVAT
2014-10-09 14:14 - 2012-07-10 14:13 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-09 14:14 - 2012-07-05 15:21 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-09 14:04 - 2014-08-28 12:02 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-09 14:04 - 2014-08-23 10:03 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-09 14:04 - 2014-08-23 10:03 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-08 21:08 - 2012-07-04 15:57 - 00000000 ____D () C:\Users\MB PRIVAT\AppData\Roaming\XnView
2014-10-08 09:16 - 2012-07-04 13:19 - 00000000 ____D () C:\Users\MB PRIVAT\Sicherungskopien
2014-10-08 09:12 - 2010-11-21 05:47 - 01837372 _____ () C:\Windows\PFRO.log
2014-10-07 12:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-07 11:15 - 2012-07-04 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
2014-10-07 11:15 - 2012-07-04 13:31 - 00000000 ____D () C:\Program Files (x86)\XnView
2014-10-07 10:44 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2014-10-07 10:43 - 2012-07-04 13:32 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-26 16:50 - 2014-06-03 13:55 - 00003856 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401196384
2014-09-26 16:50 - 2012-07-04 13:20 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-24 19:41 - 2012-07-04 13:58 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 19:41 - 2012-07-04 13:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 19:41 - 2012-07-04 13:58 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-22 20:43 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-17 18:51 - 2012-10-17 09:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 10:32 - 2014-09-02 11:17 - 00000000 ____D () C:\Users\MB PRIVAT\Documents\resources
2014-09-17 10:32 - 2014-09-02 11:17 - 00000000 ____D () C:\Users\MB PRIVAT\Documents\localization
2014-09-12 12:57 - 2014-09-02 11:17 - 00002912 _____ () C:\Users\MB PRIVAT\Documents\files_list
2014-09-12 12:56 - 2014-09-02 11:17 - 48069240 _____ (Opera Software) C:\Users\MB PRIVAT\Documents\opera.exe
2014-09-12 12:56 - 2014-09-02 11:17 - 08932984 _____ () C:\Users\MB PRIVAT\Documents\pdf.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 03537016 _____ (Opera Software) C:\Users\MB PRIVAT\Documents\installer.exe
2014-09-12 12:56 - 2014-09-02 11:17 - 03222648 _____ (Microsoft Corporation) C:\Users\MB PRIVAT\Documents\d3dcompiler_46.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 03180152 _____ () C:\Users\MB PRIVAT\Documents\opera_autoupdate.exe
2014-09-12 12:56 - 2014-09-02 11:17 - 03024504 _____ () C:\Users\MB PRIVAT\Documents\osmesa.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 01543800 _____ () C:\Users\MB PRIVAT\Documents\launcher_lib.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 01372280 _____ () C:\Users\MB PRIVAT\Documents\opera_crashreporter.exe
2014-09-12 12:56 - 2014-09-02 11:17 - 00974968 _____ () C:\Users\MB PRIVAT\Documents\ffmpegsumo.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00774264 _____ (Microsoft Corporation) C:\Users\MB PRIVAT\Documents\msvcr100.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00466040 _____ (Opera Software) C:\Users\MB PRIVAT\Documents\launcher.exe
2014-09-12 12:56 - 2014-09-02 11:17 - 00421496 _____ (Microsoft Corporation) C:\Users\MB PRIVAT\Documents\msvcp100.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00155768 _____ () C:\Users\MB PRIVAT\Documents\message_center_win8.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00109176 _____ () C:\Users\MB PRIVAT\Documents\opera.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00094840 _____ () C:\Users\MB PRIVAT\Documents\win8_importing.dll
2014-09-12 12:56 - 2014-09-02 11:17 - 00073336 _____ () C:\Users\MB PRIVAT\Documents\wow_helper.exe
2014-09-12 12:56 - 2014-04-05 21:30 - 01378936 _____ () C:\Users\MB PRIVAT\Documents\libGLESv2.dll
2014-09-12 12:56 - 2014-04-05 21:30 - 00182392 _____ () C:\Users\MB PRIVAT\Documents\libEGL.dll
2014-09-12 01:59 - 2014-09-02 11:17 - 13108464 _____ () C:\Users\MB PRIVAT\Documents\opera.pak
2014-09-12 01:59 - 2014-09-02 11:17 - 02239594 _____ () C:\Users\MB PRIVAT\Documents\opera_200_percent.pak
2014-09-12 01:59 - 2014-09-02 11:17 - 01678697 _____ () C:\Users\MB PRIVAT\Documents\opera_100_percent.pak
2014-09-12 01:59 - 2014-09-02 11:17 - 01414523 _____ () C:\Users\MB PRIVAT\Documents\opera_150_percent.pak
2014-09-12 01:59 - 2014-09-02 11:17 - 01397094 _____ () C:\Users\MB PRIVAT\Documents\opera_125_percent.pak
2014-09-12 01:59 - 2014-09-02 11:17 - 00989481 _____ () C:\Users\MB PRIVAT\Documents\opera_250_percent.pak
2014-09-12 01:56 - 2014-09-02 11:17 - 10187968 _____ () C:\Users\MB PRIVAT\Documents\icudtl.dat
2014-09-11 08:50 - 2014-08-14 10:55 - 00000000 ____D () C:\Users\MB PRIVAT\AppData\Local\Adobe
2014-09-11 08:40 - 2013-03-31 11:14 - 00000000 ____D () C:\Users\MB PRIVAT\Documents\Abkürzungen im DSLR-Forum - DSLR-Forum_files
2014-09-10 19:42 - 2012-11-13 10:02 - 00003224 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMBPRIVAT-HP$
2014-09-10 19:42 - 2012-11-13 10:02 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForMBPRIVAT-HP$.job
2014-09-10 09:52 - 2011-02-11 19:15 - 01603270 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 09:51 - 2013-07-27 21:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 09:48 - 2012-07-05 09:43 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 09:47 - 2014-04-27 19:37 - 00000000 ___SD () C:\Windows\system32\CompatTel

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2972.dll
C:\Windows\Tasks\{4800C9E1-FBE9-4D85-9007-D5B2694634C0}.job


Some content of TEMP:
====================
C:\Users\MB PRIVAT\AppData\Local\Temp\avgnt.exe
C:\Users\MB PRIVAT\AppData\Local\Temp\CARDINFO.DLL
C:\Users\MB PRIVAT\AppData\Local\Temp\GENIN.DLL
C:\Users\MB PRIVAT\AppData\Local\Temp\GENINMRI.DLL
C:\Users\MB PRIVAT\AppData\Local\Temp\MIDIMAP.DLL
C:\Users\MB PRIVAT\AppData\Local\Temp\Quarantine.exe
C:\Users\MB PRIVAT\AppData\Local\Temp\RecoveryMgr.exe
C:\Users\MB PRIVAT\AppData\Local\Temp\SHSetup.exe
C:\Users\MB PRIVAT\AppData\Local\Temp\sp64126.exe
C:\Users\MB PRIVAT\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 16:32

==================== End Of Log ============================

ich hoffe, daß alleas geklappt hat. Einen Mailclienten habe ich nicht, wäre auch überflüssig.

Gruß phoenix66
Win 7 professional(64bit); Linuxmint-19.1 cinnamon (64bit)
boston
Beiträge: 44
Registriert: Di 23. Sep 2014, 18:36

Re: MBAM-Funde

Beitrag von boston »

Hallo,
das mit der Fixlist.txt hat offensichtlich nicht funktioniert.
SaveByClick bitte deinstallieren und es dann mit dieser "aktualisierten";) Fixlist.txt(mittels Editor nach C:\Users\MB PRIVAT\Documents speichern und bei FRST auf "Fix" klicken) versuchen und Fixlog.txt posten:

Code: Alles auswählen

SearchScopes: HKCU - {C14EC139-D200-40E1-844F-9DF0CE01024C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1703539&CUI=UN40211413324385179&UM=2
CHR HKLM-x32\...\Chrome\Extension: [pddpaeffbcajlcljkiniacbpkoipmeck] - C:\ProgramData\SaveByclick\pddpaeffbcajlcljkiniacbpkoipmeck.crx []
C:\ProgramData\SaveByclick
C:\ProgramData\BetterSoft
HKLM-x32\...\Run: [] => [X]
Toolbar: HKCU - No Name - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Public\AlexaNSISPlugin.2972.dll
Task: {A4261E6A-5A00-4468-91B5-8599269EFBDC} - System32\Tasks\{4800C9E1-FBE9-4D85-9007-D5B2694634C0} => C:\ProgramData\BetterSoft\SaveByClick\SaveByClick.exe <==== ATTENTION
C:\Windows\Tasks\{4800C9E1-FBE9-4D85-9007-D5B2694634C0}.job
Benutzeravatar
beate67
Beiträge: 1199
Registriert: So 24. Aug 2014, 15:16
Wohnort: am wunderschönen Niederrhein

Re: MBAM-Funde

Beitrag von beate67 »

Hallo boston und alle anderen,

doch es hat funktioniert:

Hier das Fixlog:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by MB PRIVAT at 2014-10-11 14:39:39 Run:2
Running from C:\Users\MB PRIVAT\Documents
Loaded Profile: MB PRIVAT (Available profiles: MB PRIVAT)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************

HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
SearchScopes: HKCU - {C14EC139-D200-40E1-844F-9DF0CE01024C} URL = http://search.conduit.com/ResultsExt.aspx?q=" onclick="window.open(this.href);return false;{searchTerms}&SearchSource=4&ctid=CT1703539&CUI=UN40211413324385179&UM=2
CHR HKLM-x32\...\Chrome\Extension: [pddpaeffbcajlcljkiniacbpkoipmeck] - C:\ProgramData\SaveByclick\pddpaeffbcajlcljkiniacbpkoipmeck.crx []
MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
Reboot:
*****************
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C14EC139-D200-40E1-844F-9DF0CE01024C}" => Key deleted successfully.
"HKCR\CLSID\{C14EC139-D200-40E1-844F-9DF0CE01024C}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pddpaeffbcajlcljkiniacbpkoipmeck" => Key deleted successfully.
"C:\ProgramData\SaveByclick\pddpaeffbcajlcljkiniacbpkoipmeck.crx" => File/Directory not found.
MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe => Error: No automatic fix found for this entry.

The system needed a reboot.
==== End of Fixlog ====

Gruß, Beate :)
"Wenn du eine weise Antwort willst, mußt du vernünftig fragen." (Johann Wolfgang von Goethe)
NoG
Moderator
Beiträge: 7383
Registriert: So 24. Aug 2014, 15:02
Betriebssystem: Windows 8.1
Virenscanner: GData
Wohnort: Pinneberg

Re: MBAM-Funde

Beitrag von NoG »

Boston hatte die Fixlist aber noch ein wenig erweitert. ;)
We have bugs the likes of which even God has never seen!
boston
Beiträge: 44
Registriert: Di 23. Sep 2014, 18:36

Re: MBAM-Funde

Beitrag von boston »

Waren ja nur Adware-Überbleibsel.
Wenn die Kiste wieder zur Zufriedenheit des Benutzers läuft...
NoG
Moderator
Beiträge: 7383
Registriert: So 24. Aug 2014, 15:02
Betriebssystem: Windows 8.1
Virenscanner: GData
Wohnort: Pinneberg

Re: MBAM-Funde

Beitrag von NoG »

Nichts tragisches, das stimmt.
We have bugs the likes of which even God has never seen!
Antworten