| |
| |||||||
Log-Analyse und Auswertung: Download Protect in Firefox läßt sich nicht dauerhaft entfernen - Windows 8.1Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.06.2014, 14:50
| #1 |
| |  Download Protect in Firefox läßt sich nicht dauerhaft entfernen - Windows 8.1 Hallo Trojaner-Board-Team, ich bin neu hier, und auch nicht so beschlagen in der PC Welt, bitte etwas Nachsicht, wenn alles nicht gleich perfekt ist. Habe heute entdeckt, dass ich dieses üble Add-on eingefangen habe, keine Ahnung wobei. Und gleichzeitig Euer hilfreiches Board gesehen, offensichtlich gibt es hier nicht die eine Lösung, die für alles passt, sondern jedes Problem ist anderst. Habe wie verlangt die Logfiles erstellt, nur bei GMER bin ich mir unsicher, weil ich keinen dedizierten Virenscanner habe, sondern m.E. den von Windows8 nutze. Bitte von daher um Hinweise, wie ich den ggf. abschalten kann. Ich liefere das GMER dann nach. Vielen Dank vorab und Grüße aus dem Ruhrpott Ruhrnobi Hier das FRST-file: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2014 01
Ran by Norbert Haag (administrator) on NORBERTHAAG-HP on 09-06-2014 15:21:07
Running from C:\Users\Norbert Haag\Downloads
Platform: Windows 8.1 Pro with Media Center (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\Nlsdl64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\System32\DlProtectSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
() C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWE.EXE
() C:\Program Files (x86)\Medion AG\NSU\NSU.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Norbert Haag\AppData\Roaming\Dropbox\bin\Dropbox.exe
(sw4you, Siegfried Weckmann) C:\Program Files (x86)\Hardcopy\hardcopy.exe
(Adobe Sytems Incorporated) C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
() C:\ProgramData\dlprotect.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [EPSON Stylus DX4200] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIAEE.EXE [98304 2005-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Atheros Communications)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-05-31] (IDT, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-12-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2013-06-01] (Intel Corporation)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-28] (Memeo Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2013-11-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Version Cue CS2] => C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-03-13] (Sony Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-06-05] (PDF Complete Inc)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe [12800 2014-05-14] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWE.EXE [241280 2013-03-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWE.EXE [241280 2013-03-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [NSU] => C:\Program Files (x86)\Medion AG\NSU\NSU.exe [1789440 2011-10-20] ()
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-09-30] (Microsoft Corporation)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-07] (CyberLink Corp.)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-10-21] (TomTom)
HKU\S-1-5-21-2157886841-597143831-284766362-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk
ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.4.lnk -> C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 4.0.lnk
ShortcutTarget: TraXEx 4.0.lnk -> C:\Program Files (x86)\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
Startup: C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Norbert Haag\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - DefaultScope {12DEB332-337B-424F-B221-171F6B645E20} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {12DEB332-337B-424F-B221-171F6B645E20} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Norbert Haag\AppData\Roaming\Mozilla\Firefox\Profiles\vq1suljs.default-1400139493461
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Norbert Haag\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Norbert Haag\AppData\Roaming\Mozilla\Firefox\Profiles\vq1suljs.default-1400139493461\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-02-02]
FF Extension: Download Protect - C:\WINDOWS\Installer\{3AAD13D1-999B-4311-A006-2DDD704E13CF}\{BE274E68-3CF3-453A-8286-C08508EE8238}.xpi [2014-06-09]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-02-02]
FF HKLM-x32\...\Firefox\Extensions: [{BE274E68-3CF3-453A-8286-C08508EE8238}] - C:\WINDOWS\Installer\{3AAD13D1-999B-4311-A006-2DDD704E13CF}\{BE274E68-3CF3-453A-8286-C08508EE8238}.xpi
FF Extension: Download Protect - C:\WINDOWS\Installer\{3AAD13D1-999B-4311-A006-2DDD704E13CF}\{BE274E68-3CF3-453A-8286-C08508EE8238}.xpi [2014-06-09]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
==================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-30] (Adobe Systems)
R2 Adobe Version Cue CS2; C:\Program Files (x86)\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
R2 DivXDodecVersionChecker; C:\WINDOWS\system32\Nlsdl64.exe [120832 2014-05-14] ()
R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [124928 2014-05-14] ()
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-10-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-10-25] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155856 2014-06-03] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-11-05] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-06-05] (PDF Complete Inc)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-02-16] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-02-03] (ArcSoft, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-05] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-11-05] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros)
S2 Update raving reyven; "C:\Program Files (x86)\raving reyven\updateravingreyven.exe" [X]
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-11-05] (Microsoft Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] ()
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-04-24] (StdLib)
U3 idsvc;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-09 15:21 - 2014-06-09 15:21 - 00030259 _____ () C:\Users\Norbert Haag\Downloads\FRST.txt
2014-06-09 15:20 - 2014-06-09 15:21 - 00000000 ____D () C:\FRST
2014-06-09 15:19 - 2014-06-09 15:19 - 02080768 _____ (Farbar) C:\Users\Norbert Haag\Downloads\FRST64.exe
2014-06-09 15:18 - 2014-06-09 15:18 - 00000486 _____ () C:\Users\Norbert Haag\Downloads\defogger_disable.log
2014-06-09 15:18 - 2014-06-09 15:18 - 00000000 _____ () C:\Users\Norbert Haag\defogger_reenable
2014-06-09 15:17 - 2014-06-09 15:17 - 00050477 _____ () C:\Users\Norbert Haag\Downloads\Defogger.exe
2014-06-09 13:46 - 2014-06-09 13:46 - 00544502 _____ () C:\Users\Norbert Haag\Desktop\bookmarks-2014-06-09.json
2014-06-02 16:48 - 2014-06-02 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-02 16:48 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-06-02 16:48 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-06-02 16:48 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-06-02 16:48 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-06-02 16:47 - 2014-06-02 16:48 - 00004563 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_60-b19.log
2014-05-30 07:37 - 2014-05-30 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-30 07:37 - 2014-05-30 07:37 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-26 21:58 - 2014-05-26 21:58 - 00001042 _____ () C:\Users\Public\Desktop\Roadkil's Unstoppable Copier.lnk
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Program Files (x86)\Roadkil.Net
2014-05-26 21:56 - 2014-05-26 21:57 - 00427256 _____ (Roadkil.Net ) C:\Users\Norbert Haag\Downloads\UnstopCpy_5_2_Win2K_UP_Setup(1).exe
2014-05-26 19:28 - 2014-05-26 19:28 - 00012267 _____ () C:\Users\Norbert Haag\Desktop\AdwCleaner[S1].txt
2014-05-26 19:09 - 2014-05-26 19:25 - 00000000 ____D () C:\AdwCleaner
2014-05-26 19:08 - 2014-05-26 19:08 - 01327971 _____ () C:\Users\Norbert Haag\Downloads\adwcleaner_3.211.exe
2014-05-26 14:13 - 2014-05-26 14:13 - 00002081 _____ () C:\Users\Norbert Haag\Desktop\Reader for PC.lnk
2014-05-26 14:13 - 2014-05-26 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc
2014-05-26 12:25 - 2014-05-26 12:25 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-26 12:25 - 2014-05-26 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-26 12:24 - 2014-05-26 12:25 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-26 12:24 - 2014-05-26 12:25 - 00000000 ____D () C:\Program Files\iTunes
2014-05-26 12:24 - 2014-05-26 12:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-26 12:24 - 2014-05-26 12:24 - 00000000 ____D () C:\Program Files\iPod
2014-05-26 12:21 - 2014-05-26 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-26 12:20 - 2014-05-26 12:21 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-26 08:53 - 2014-05-26 08:53 - 00098822 _____ () C:\Users\Norbert Haag\Downloads\DesktopOK_393.zip
2014-05-24 11:19 - 2014-05-24 11:19 - 00001085 _____ () C:\Users\Norbert Haag\Desktop\Exifsorter - Bilder Titel.lnk
2014-05-20 08:41 - 2014-06-07 17:46 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-05-17 16:41 - 2014-05-17 16:51 - 405405696 _____ () C:\Users\Norbert Haag\Desktop\2001 bis 2009 Rückblick mit Fotos.iso
2014-05-15 09:38 - 2014-05-15 09:38 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Alte Firefox-Daten
2014-05-14 21:21 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-14 21:21 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 13:06 - 2014-04-24 12:33 - 00061120 _____ (StdLib) C:\WINDOWS\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-14 11:40 - 2014-05-17 16:40 - 00000026 _____ () C:\Users\Norbert Haag\AppData\Local\isoworkshop.ini
2014-05-14 11:39 - 2014-05-14 11:39 - 00001211 _____ () C:\Users\Public\Desktop\ISO Workshop.lnk
2014-05-14 11:39 - 2014-05-14 11:39 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\dlg
2014-05-14 11:36 - 2014-05-14 11:36 - 00124928 _____ () C:\WINDOWS\system32\DlProtectSvc.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00120832 _____ () C:\WINDOWS\system32\Nlsdl64.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-05-14 11:35 - 2014-05-14 11:35 - 00000000 ____D () C:\Program Files (x86)\PlusSHD-9.9
2014-05-14 11:32 - 2014-05-14 11:32 - 00468104 _____ () C:\Users\Norbert Haag\Downloads\isoworkshop-Downloader.exe
2014-05-14 08:02 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 08:02 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 08:02 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 08:02 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 08:02 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 08:02 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 08:02 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 08:02 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 08:02 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 08:02 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 08:02 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 08:02 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 08:02 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 08:01 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 08:01 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 08:01 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 08:01 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 08:01 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 08:01 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 08:01 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 08:01 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 08:01 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 08:01 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 08:01 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 08:01 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 08:01 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 08:01 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 08:01 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 08:01 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 08:01 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 08:01 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 08:01 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 08:01 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 08:01 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 08:01 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 08:01 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 08:01 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 08:01 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 08:01 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 08:01 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 07:59 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 07:59 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-13 23:59 - 2014-05-13 23:59 - 00001019 _____ () C:\Users\Public\Desktop\UltraISO.lnk
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\Users\Norbert Haag\Documents\My ISO Files
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\Program Files (x86)\UltraISO
2014-05-13 23:51 - 2014-05-13 23:51 - 00000991 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\WinRAR
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-13 23:50 - 2014-05-13 23:51 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-13 23:50 - 2014-05-13 23:50 - 02087600 _____ () C:\Users\Norbert Haag\Downloads\winrar-x64-501d.exe
2014-05-13 22:52 - 2014-05-13 23:57 - 00000000 ____D () C:\Users\Norbert Haag\Downloads\UltraISO Premium Edition v9.6.0.3000
2014-05-13 21:44 - 2014-05-13 21:45 - 04313108 _____ () C:\Users\Norbert Haag\Downloads\UltraISO Premium Edition v9.6.0.3000.rar
2014-05-13 20:25 - 2014-05-13 20:25 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\ImgBurn
2014-05-13 20:06 - 2014-05-13 20:06 - 00001889 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2014-05-13 20:06 - 2014-05-13 20:06 - 00001877 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-05-13 20:06 - 2014-05-13 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-05-13 20:05 - 2014-05-13 20:05 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-05-13 20:04 - 2014-05-13 20:04 - 03469871 _____ (LIGHTNING UK!) C:\Users\Norbert Haag\Downloads\SetupImgBurn_2.5.8.0.exe
2014-05-13 19:47 - 2014-06-07 17:13 - 00016072 _____ () C:\Users\Norbert Haag\Desktop\Sicherungen Film Musik sonst Überblick.xlsx
2014-05-13 18:48 - 2014-05-26 22:16 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\dvdcss
2014-05-13 18:20 - 2014-05-13 18:20 - 01029080 _____ (CyberLink) C:\Users\Norbert Haag\Downloads\CyberLink_PowerDirector_Downloader.exe
2014-05-11 11:09 - 2014-05-11 11:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-06-09 15:21 - 2014-06-09 15:21 - 00030259 _____ () C:\Users\Norbert Haag\Downloads\FRST.txt
2014-06-09 15:21 - 2014-06-09 15:20 - 00000000 ____D () C:\FRST
2014-06-09 15:21 - 2013-11-05 13:19 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Local\Temp
2014-06-09 15:20 - 2012-11-29 18:23 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Skype
2014-06-09 15:19 - 2014-06-09 15:19 - 02080768 _____ (Farbar) C:\Users\Norbert Haag\Downloads\FRST64.exe
2014-06-09 15:18 - 2014-06-09 15:18 - 00000486 _____ () C:\Users\Norbert Haag\Downloads\defogger_disable.log
2014-06-09 15:18 - 2014-06-09 15:18 - 00000000 _____ () C:\Users\Norbert Haag\defogger_reenable
2014-06-09 15:18 - 2013-11-05 13:19 - 00000000 ____D () C:\Users\Norbert Haag
2014-06-09 15:17 - 2014-06-09 15:17 - 00050477 _____ () C:\Users\Norbert Haag\Downloads\Defogger.exe
2014-06-09 15:07 - 2013-02-05 23:02 - 00000000 ____D () C:\Users\Norbert Haag\Documents\Outlook-Dateien
2014-06-09 15:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-09 14:49 - 2013-10-10 22:18 - 00001152 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-09 14:40 - 2013-11-05 13:17 - 01197751 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-09 14:28 - 2013-01-05 16:07 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-09 14:23 - 2013-09-30 06:14 - 02076070 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-09 14:23 - 2013-09-30 05:58 - 00882614 _____ () C:\WINDOWS\system32\perfh007.dat
2014-06-09 14:23 - 2013-09-30 05:58 - 00202666 _____ () C:\WINDOWS\system32\perfc007.dat
2014-06-09 14:22 - 2013-12-18 11:28 - 00000000 __RDO () C:\Users\Norbert Haag\SkyDrive
2014-06-09 14:21 - 2014-05-03 09:07 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\DropboxMaster
2014-06-09 14:21 - 2013-10-10 22:18 - 00001148 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 14:21 - 2013-03-01 16:54 - 00000000 ___RD () C:\Users\Norbert Haag\Dropbox
2014-06-09 14:21 - 2013-03-01 16:51 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Dropbox
2014-06-09 14:21 - 2012-12-09 15:58 - 00000000 ____D () C:\Users\Norbert Haag\NSU
2014-06-09 14:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-06-09 14:19 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-09 14:19 - 2012-04-16 05:16 - 00000000 ____D () C:\ProgramData\PDFC
2014-06-09 14:18 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-09 13:46 - 2014-06-09 13:46 - 00544502 _____ () C:\Users\Norbert Haag\Desktop\bookmarks-2014-06-09.json
2014-06-09 12:25 - 2013-02-07 14:00 - 00000000 ____D () C:\Users\Norbert Haag\Documents\WISO Mein Geld
2014-06-08 21:00 - 2012-11-29 12:52 - 00003982 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C158A91F-5486-490B-9002-3EA32ED42ED0}
2014-06-08 20:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-06-07 17:47 - 2014-02-27 16:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-07 17:47 - 2012-06-29 17:06 - 00000000 ____D () C:\ProgramData\Skype
2014-06-07 17:46 - 2014-05-20 08:41 - 00000728 __RSH () C:\ProgramData\ntuser.pol
2014-06-07 17:44 - 2013-09-29 21:05 - 00016498 _____ () C:\WINDOWS\PFRO.log
2014-06-07 17:44 - 2013-02-02 16:40 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-06-07 17:44 - 2012-12-09 13:29 - 00000390 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForNorbert Haag.job
2014-06-07 17:13 - 2014-05-13 19:47 - 00016072 _____ () C:\Users\Norbert Haag\Desktop\Sicherungen Film Musik sonst Überblick.xlsx
2014-06-06 18:19 - 2013-02-07 12:39 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Persönlich
2014-06-06 15:44 - 2013-08-22 16:46 - 00331948 _____ () C:\WINDOWS\setupact.log
2014-06-06 12:23 - 2012-12-09 13:29 - 00003218 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForNorbert Haag
2014-06-06 12:23 - 2012-11-29 18:32 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-06-06 12:22 - 2013-02-15 13:50 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-03 19:37 - 2013-10-09 13:53 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\vlc
2014-06-02 17:30 - 2012-12-30 17:22 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2157886841-597143831-284766362-1002
2014-06-02 16:48 - 2014-06-02 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-02 16:48 - 2014-06-02 16:47 - 00004563 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-02 16:48 - 2014-01-08 11:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-02 16:48 - 2013-10-16 22:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-30 14:15 - 2013-10-05 23:23 - 00007680 _____ () C:\Users\Norbert Haag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-30 13:43 - 2014-02-05 12:24 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Transfer auf NAS
2014-05-30 13:43 - 2013-07-05 17:37 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Programme
2014-05-30 07:37 - 2014-05-30 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-30 07:37 - 2014-05-30 07:37 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-30 07:37 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-05-30 07:37 - 2013-04-11 13:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-05-29 17:55 - 2013-04-05 12:23 - 00000000 ____D () C:\ProgramData\AAV
2014-05-29 13:49 - 2012-11-29 12:53 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Local\PDFC
2014-05-29 12:34 - 2013-05-22 12:48 - 00000718 _____ () C:\Users\Norbert Haag\Documents\OuProxy.log
2014-05-29 09:02 - 2014-04-29 11:23 - 00002221 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2014-05-26 22:16 - 2014-05-13 18:48 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\dvdcss
2014-05-26 21:58 - 2014-05-26 21:58 - 00001042 _____ () C:\Users\Public\Desktop\Roadkil's Unstoppable Copier.lnk
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Program Files (x86)\Roadkil.Net
2014-05-26 21:57 - 2014-05-26 21:56 - 00427256 _____ (Roadkil.Net ) C:\Users\Norbert Haag\Downloads\UnstopCpy_5_2_Win2K_UP_Setup(1).exe
2014-05-26 19:28 - 2014-05-26 19:28 - 00012267 _____ () C:\Users\Norbert Haag\Desktop\AdwCleaner[S1].txt
2014-05-26 19:25 - 2014-05-26 19:09 - 00000000 ____D () C:\AdwCleaner
2014-05-26 19:08 - 2014-05-26 19:08 - 01327971 _____ () C:\Users\Norbert Haag\Downloads\adwcleaner_3.211.exe
2014-05-26 16:58 - 2013-08-22 16:44 - 00470984 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-26 14:13 - 2014-05-26 14:13 - 00002081 _____ () C:\Users\Norbert Haag\Desktop\Reader for PC.lnk
2014-05-26 14:13 - 2014-05-26 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc
2014-05-26 14:13 - 2013-03-16 17:12 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Local\Sony Corporation
2014-05-26 12:25 - 2014-05-26 12:25 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-26 12:25 - 2014-05-26 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-26 12:25 - 2014-05-26 12:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-26 12:25 - 2014-05-26 12:24 - 00000000 ____D () C:\Program Files\iTunes
2014-05-26 12:25 - 2014-05-26 12:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-26 12:24 - 2014-05-26 12:24 - 00000000 ____D () C:\Program Files\iPod
2014-05-26 12:21 - 2014-05-26 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-26 12:21 - 2014-05-26 12:20 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-26 12:21 - 2013-05-21 12:48 - 00000000 ____D () C:\ProgramData\Apple
2014-05-26 08:53 - 2014-05-26 08:53 - 00098822 _____ () C:\Users\Norbert Haag\Downloads\DesktopOK_393.zip
2014-05-24 22:49 - 2013-03-01 16:52 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 22:49 - 2012-11-29 12:52 - 00000000 ___RD () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 11:19 - 2014-05-24 11:19 - 00001085 _____ () C:\Users\Norbert Haag\Desktop\Exifsorter - Bilder Titel.lnk
2014-05-18 18:59 - 2013-04-27 11:30 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-17 16:51 - 2014-05-17 16:41 - 405405696 _____ () C:\Users\Norbert Haag\Desktop\2001 bis 2009 Rückblick mit Fotos.iso
2014-05-17 16:40 - 2014-05-14 11:40 - 00000026 _____ () C:\Users\Norbert Haag\AppData\Local\isoworkshop.ini
2014-05-17 16:16 - 2014-04-11 19:08 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\2014 Renovierung
2014-05-16 06:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-15 09:38 - 2014-05-15 09:38 - 00000000 ____D () C:\Users\Norbert Haag\Desktop\Alte Firefox-Daten
2014-05-14 21:26 - 2012-11-29 12:52 - 00000000 ___RD () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-14 21:18 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 11:39 - 2014-05-14 11:39 - 00001211 _____ () C:\Users\Public\Desktop\ISO Workshop.lnk
2014-05-14 11:39 - 2014-05-14 11:39 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\dlg
2014-05-14 11:36 - 2014-05-14 11:36 - 00124928 _____ () C:\WINDOWS\system32\DlProtectSvc.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00120832 _____ () C:\WINDOWS\system32\Nlsdl64.exe
2014-05-14 11:36 - 2014-05-14 11:36 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-05-14 11:35 - 2014-05-14 11:35 - 00000000 ____D () C:\Program Files (x86)\PlusSHD-9.9
2014-05-14 11:32 - 2014-05-14 11:32 - 00468104 _____ () C:\Users\Norbert Haag\Downloads\isoworkshop-Downloader.exe
2014-05-14 09:31 - 2013-01-30 20:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 09:30 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-05-14 09:23 - 2013-07-13 21:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 09:19 - 2012-12-02 13:50 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-13 23:59 - 2014-05-13 23:59 - 00001019 _____ () C:\Users\Public\Desktop\UltraISO.lnk
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\Users\Norbert Haag\Documents\My ISO Files
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2014-05-13 23:59 - 2014-05-13 23:59 - 00000000 ____D () C:\Program Files (x86)\UltraISO
2014-05-13 23:57 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Norbert Haag\Downloads\UltraISO Premium Edition v9.6.0.3000
2014-05-13 23:51 - 2014-05-13 23:51 - 00000991 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\WinRAR
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-13 23:51 - 2014-05-13 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-13 23:51 - 2014-05-13 23:50 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-13 23:50 - 2014-05-13 23:50 - 02087600 _____ () C:\Users\Norbert Haag\Downloads\winrar-x64-501d.exe
2014-05-13 22:17 - 2012-11-29 18:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-13 21:45 - 2014-05-13 21:44 - 04313108 _____ () C:\Users\Norbert Haag\Downloads\UltraISO Premium Edition v9.6.0.3000.rar
2014-05-13 20:28 - 2013-01-05 16:07 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-13 20:25 - 2014-05-13 20:25 - 00000000 ____D () C:\Users\Norbert Haag\AppData\Roaming\ImgBurn
2014-05-13 20:06 - 2014-05-13 20:06 - 00001889 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2014-05-13 20:06 - 2014-05-13 20:06 - 00001877 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-05-13 20:06 - 2014-05-13 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-05-13 20:05 - 2014-05-13 20:05 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-05-13 20:04 - 2014-05-13 20:04 - 03469871 _____ (LIGHTNING UK!) C:\Users\Norbert Haag\Downloads\SetupImgBurn_2.5.8.0.exe
2014-05-13 18:35 - 2013-07-26 13:07 - 00000000 ____D () C:\Users\Norbert Haag\Downloads\Cyberlink
2014-05-13 18:25 - 2012-04-16 05:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-13 18:24 - 2012-12-31 12:19 - 00000000 ____D () C:\ProgramData\Temp
2014-05-13 18:21 - 2012-12-31 12:22 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-13 18:20 - 2014-05-13 18:20 - 01029080 _____ (CyberLink) C:\Users\Norbert Haag\Downloads\CyberLink_PowerDirector_Downloader.exe
2014-05-12 19:00 - 2014-03-20 13:32 - 00000000 ___RD () C:\Users\Norbert Haag\Desktop\2014 Reisen
2014-05-11 11:09 - 2014-05-11 11:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 13:44 - 2013-10-10 22:18 - 00004124 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 13:44 - 2013-10-10 22:18 - 00003888 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
Files to move or delete:
====================
C:\ProgramData\dlprotect.exe
Some content of TEMP:
====================
C:\Users\Norbert Haag\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgng30i.dll
C:\Users\Norbert Haag\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Norbert Haag\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Norbert Haag\AppData\Local\Temp\Quarantine.exe
C:\Users\Norbert Haag\AppData\Local\Temp\sp64126.exe
C:\Users\Norbert Haag\AppData\Local\Temp\tmp57AC.exe
C:\Users\Norbert Haag\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Norbert Haag\AppData\Local\Temp\unrar.dll
C:\Users\Norbert Haag\AppData\Local\Temp\vlc-2.1.4-win64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-07 05:02
==================== End Of Log ============================
Deswegen als Text angehängt. |
| Themen zu Download Protect in Firefox läßt sich nicht dauerhaft entfernen - Windows 8.1 |
| bingbar, defender, download protect, entfernen, explorer, flash player, installation, js/toolbar.crossrider.b, lightning, pup.optional.breitschopp, pup.optional.hdplus.a, pup.optional.opencandy, pup.optional.ravingreyven.a, pup.optional.searchgoltb.a, registry, services.exe, siteadvisor, trojan.downloader, win32/toolbar.babylon.f, win32/toolbar.babylon.i, win32/toolbar.escort.a, win32/toolbar.funmoods, win32/toolbar.montiera.a, win32/toolbar.montiera.b, win32/toolbar.montiera.f, winlogon.exe |
Baum-Darstellung