Abmahungs-Mail, Zip geöffnet

Pfluft · 11.12.2013, 22:17

Hallo,

gestern habe ich eine Abmahnungs-Mail (wg. streaming) bekommen und total unbedacht den Anhang, eine Zip-Datei geöffnet.

Bei einem ersten Schnelldurchlauf von ZoneAlarm gab es 5 Funde die behandelt wurden - danach ist der Computer scheinbar selbstständig neugestartet - ich war währendessen an der Uni.

Ich starte einen Komplettdurchlauf bei dem 33 Infektionen gefunden wurden und scheinbar auch behandelt.

In den letzten 2 Std konnte ich normal am Laptop weiterarbeiten - doch die Sache ist sicher nicht vom Tisch, was soll ich tun ?

Email ist noch vorhanden - löschen ?

Danke bereits für die Hilfe!

cosinus · 11.12.2013, 23:14

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Pfluft · 11.12.2013, 23:29

Hallo

Ich habe das letzte Suchergebnis zwar noch offen, finde aber nicht heraus wie ich die Logdaten als Text bekomme.

cosinus · 11.12.2013, 23:34

Dann poste einen Screeshot davon

Pfluft · 11.12.2013, 23:37

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2013
Ran by pfluft (administrator) on PFLUFT-PC on 11-12-2013 23:33:20
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Spotify Ltd) C:\Users\pfluft\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Windows Net) C:\Users\pfluft\AppData\Roaming\Windows Net Data\net.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Dropbox, Inc.) C:\Users\pfluft\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\AutoCAD 2013\acad.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Autodesk, Inc.) C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\AutoCAD 2013\AdExchange\AcBrowserHost.exe
(Google, Inc.) C:\Program Files (x86)\Google\Google SketchUp 8\SketchUp.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Spotify Web Helper] - C:\Users\pfluft\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-09] (Spotify Ltd)
HKCU\...\Policies\Explorer: [] 
HKCU\...\Policies\Explorer: [DisallowRun] 1
MountPoints2: {fed7d6e1-f942-11e2-9f09-78929c047890} - F:\AutoRun.exe InFocusDisplayLinkManagerSetup.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [GPU TweakIt Server Execute] - C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe [1355936 2012-05-24] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [258880 2012-09-18] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [214336 2012-09-18] (NVIDIA Corporation)
Startup: C:\Users\pfluft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\pfluft\AppData\Roaming\Windows Net Data\net.exe (Windows Net)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4C3DC863D75FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/software/
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472F-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://vpn.uni-kl.de/CACHE/stc/2/binaries/vpnweb.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\pfluft\AppData\Roaming\Mozilla\Firefox\Profiles\sl258ywl.default
FF NewTab: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tbrId=v1_abb-channel-24_e7473af1ec3942a4bf5acf4cb97a7d26_39_1007_20131110_DE_ff_nt_
FF DefaultSearchEngine: Amazon 
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\pfluft\AppData\Roaming\Mozilla\Firefox\Profiles\sl258ywl.default\searchplugins\zonealarm.xml
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

Chrome: 
=======
CHR HomePage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_cr_de_display?ie=UTF8&tagbase=bds-p24&tbrId=v1_abb-channel-24_e7473af1ec3942a4bf5acf4cb97a7d26_39_1007_20131110_DE_cr_sp_
CHR RestoreOnStartup: "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_cr_de_display?ie=UTF8&tagbase=bds-p24&tbrId=v1_abb-channel-24_e7473af1ec3942a4bf5acf4cb97a7d26_39_1007_20131110_DE_cr_sp_"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Amazon
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR Extension: (Docs) - C:\Users\pfluft\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\pfluft\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\pfluft\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\pfluft\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Price Alarm) - C:\Users\pfluft\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
CHR Extension: (Gmail) - C:\Users\pfluft\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\pfluft\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx

==================== Services (Whitelisted) =================

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe [733544 2008-07-23] (DisplayLink Corp.)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)

==================== Drivers (Whitelisted) ====================

S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort.sys [16896 2008-07-23] (hxxp://libusb-win32.sourceforge.net)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
U0 KL1; 
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-11 23:33 - 2013-12-11 23:33 - 00000000 ____D C:\FRST
2013-12-11 23:10 - 2013-12-11 23:31 - 02355078 _____ C:\Users\pfluft\Desktop\Städtebau_Endzeichnungen.dwg
2013-12-10 20:16 - 2013-12-10 20:16 - 00000000 ____D C:\Users\pfluft\Desktop\SetupSkp8toAtl4.1
2013-12-10 11:05 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Rvdchndqh
2013-12-10 11:05 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Papurr
2013-12-10 11:05 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Nswk
2013-12-10 11:05 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Kivurfvfv
2013-12-10 11:05 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Iyzmlrpmzy
2013-12-10 11:03 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Xzyf
2013-12-10 11:03 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Whvumundfp
2013-12-10 11:03 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Qkjkj
2013-12-10 11:03 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Pfuvu
2013-12-10 11:03 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Frelnrnryr
2013-12-10 10:51 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Yywpfywfk
2013-12-10 10:51 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Qhrrpmrpn
2013-12-10 10:51 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Qhrhqkgrkwq
2013-12-09 18:33 - 2013-12-09 18:33 - 00000000 ____D C:\Users\Public\Documents\Abvent
2013-12-09 18:33 - 2013-12-09 18:33 - 00000000 ____D C:\ProgramData\Abvent
2013-12-09 17:57 - 2013-12-09 18:36 - 00000000 ____D C:\Program Files\Artlantis Studio 5
2013-12-09 11:46 - 2013-12-09 11:48 - 00000000 ____D C:\Users\pfluft\Desktop\Standart-Detail-Planung
2013-12-07 17:42 - 2013-12-07 17:42 - 92349181 _____ C:\Users\pfluft\Desktop\IMG_1489.psd
2013-12-07 09:59 - 2013-12-07 09:59 - 00000203 ____H C:\Users\pfluft\Documents\Zeichnung1.dwl2
2013-12-07 09:59 - 2013-12-07 09:59 - 00000053 ____H C:\Users\pfluft\Documents\Zeichnung1.dwl
2013-12-05 12:31 - 2013-12-05 12:31 - 00002140 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2013-12-05 12:31 - 2013-12-05 12:31 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2013-12-02 22:57 - 2013-12-09 17:53 - 00000000 ____D C:\Users\pfluft\Desktop\Druck
2013-11-26 10:20 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-26 10:16 - 2013-11-26 10:16 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 10:16 - 2013-11-26 10:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 10:16 - 2013-11-26 10:16 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 10:16 - 2013-11-26 10:16 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 10:16 - 2013-11-26 10:16 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 10:16 - 2013-11-26 10:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 10:16 - 2013-11-26 10:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 10:16 - 2013-11-26 10:16 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 10:16 - 2013-11-26 10:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 10:16 - 2013-11-26 10:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 10:16 - 2013-11-26 10:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 10:15 - 2013-11-26 10:20 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-16 16:13 - 2013-11-16 16:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 20:19 - 2013-11-14 20:19 - 00001762 _____ C:\Users\Public\Desktop\RC TweakIt.lnk
2013-11-14 20:18 - 2013-11-14 20:18 - 00000000 ____D C:\Users\pfluft\Downloads\ROGConnect_V10604_XPVistaWin7_8
2013-11-14 20:03 - 2013-11-14 20:19 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-11-14 20:03 - 2011-04-26 09:53 - 00192512 _____ (ASUSTeK Computer Inc.) C:\Windows\SysWOW64\Drivers\UpdateHelper.dll
2013-11-14 20:01 - 2013-11-14 20:01 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2013-11-14 19:57 - 2013-11-14 20:03 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2013-11-14 19:57 - 2008-01-04 13:34 - 00011832 _____ C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys
2013-11-14 19:57 - 2008-01-04 13:34 - 00010216 _____ C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys
2013-11-14 19:55 - 2013-11-14 19:55 - 00000000 ____D C:\Users\pfluft\Downloads\ROGConnectPlus_XPVistaWin7_8_VER10015
2013-11-14 19:45 - 2013-11-14 19:45 - 00000000 ____D C:\Users\pfluft\AppData\Roaming\ASUS
2013-11-14 19:44 - 2013-11-14 19:44 - 00030948 _____ C:\Windows\Ascd_tmp.ini
2013-11-14 19:44 - 2013-11-14 19:44 - 00001769 _____ C:\Windows\Language_trs.ini
2013-11-14 15:30 - 2013-11-14 15:34 - 60134336 _____ C:\Users\pfluft\Downloads\PS_AIO_07_B110_USW_Basic_Win_deu_140_126.exe
2013-11-14 15:28 - 2013-11-14 15:28 - 00000000 ____D C:\Users\pfluft\Downloads\HP-Photosmart-Wireless-B110a-Treiber
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\ChromeExtensions
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\AppData\Roaming\Windows Net Data
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c
2013-11-14 15:01 - 2013-11-14 15:01 - 00669952 _____ C:\Users\pfluft\Downloads\HP-Photosmart-Wireless-B110a-Treiber-Setup.exe
2013-11-14 13:41 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 13:41 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 13:41 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 13:41 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 13:41 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 13:41 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 13:41 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 13:41 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 13:41 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 13:40 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 13:40 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 13:40 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 13:40 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 13:40 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 13:40 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 13:40 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 13:40 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 13:40 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 13:40 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 13:40 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 13:40 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 13:40 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 13:40 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 13:40 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 13:40 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 13:40 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 13:40 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 13:40 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 13:40 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 13:40 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 11:30 - 2013-11-25 12:14 - 00000000 ____D C:\Users\pfluft\Desktop\fotos
2013-11-11 14:54 - 2013-11-28 18:19 - 00000000 ____D C:\Users\pfluft\Desktop\FotoKalender

==================== One Month Modified Files and Folders =======

2013-12-11 23:33 - 2013-12-11 23:33 - 00000000 ____D C:\FRST
2013-12-11 23:31 - 2013-12-11 23:10 - 02355078 _____ C:\Users\pfluft\Desktop\Städtebau_Endzeichnungen.dwg
2013-12-11 23:31 - 2013-06-02 23:23 - 00000000 ____D C:\Users\pfluft\AppData\Roaming\Dropbox
2013-12-11 23:31 - 2011-04-12 08:43 - 00699666 _____ C:\Windows\system32\perfh007.dat
2013-12-11 23:31 - 2011-04-12 08:43 - 00149774 _____ C:\Windows\system32\perfc007.dat
2013-12-11 23:31 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-11 23:26 - 2013-06-02 18:22 - 01719484 _____ C:\Windows\WindowsUpdate.log
2013-12-11 23:07 - 2013-06-26 07:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-11 22:59 - 2013-06-12 10:15 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-11 21:35 - 2013-12-10 11:05 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Rvdchndqh
2013-12-11 21:35 - 2013-12-10 11:05 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Papurr
2013-12-11 21:35 - 2013-12-10 11:05 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Nswk
2013-12-11 21:35 - 2013-12-10 11:05 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Kivurfvfv
2013-12-11 21:35 - 2013-12-10 11:05 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Iyzmlrpmzy
2013-12-11 21:35 - 2013-12-10 11:03 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Xzyf
2013-12-11 21:35 - 2013-12-10 11:03 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Whvumundfp
2013-12-11 21:35 - 2013-12-10 11:03 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Qkjkj
2013-12-11 21:35 - 2013-12-10 11:03 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Pfuvu
2013-12-11 21:35 - 2013-12-10 11:03 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Frelnrnryr
2013-12-11 21:35 - 2013-12-10 10:51 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Yywpfywfk
2013-12-11 21:35 - 2013-12-10 10:51 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Qhrrpmrpn
2013-12-11 21:35 - 2013-12-10 10:51 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Qhrhqkgrkwq
2013-12-11 20:39 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-11 20:39 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-11 20:36 - 2013-06-02 23:30 - 00000000 ___RD C:\Users\pfluft\Dropbox
2013-12-11 20:31 - 2013-06-12 10:15 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-11 20:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-11 20:31 - 2009-07-14 05:51 - 00060129 _____ C:\Windows\setupact.log
2013-12-11 20:07 - 2013-06-26 07:19 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 20:07 - 2013-06-03 20:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 20:07 - 2013-06-03 20:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 17:42 - 2013-06-04 13:50 - 00000000 ____D C:\Users\pfluft\AppData\Roaming\Spotify
2013-12-11 15:38 - 2013-10-11 18:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-11 14:26 - 2013-06-03 08:44 - 01594892 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-11 14:16 - 2013-06-02 22:52 - 00000000 ____D C:\Users\pfluft\AppData\Local\Adobe
2013-12-10 20:16 - 2013-12-10 20:16 - 00000000 ____D C:\Users\pfluft\Desktop\SetupSkp8toAtl4.1
2013-12-10 15:06 - 2013-06-12 10:21 - 00000600 _____ C:\Users\pfluft\AppData\Roaming\winscp.rnd
2013-12-10 15:06 - 2013-06-12 10:21 - 00000600 _____ C:\Users\pfluft\AppData\Local\PUTTY.RND
2013-12-10 08:25 - 2013-06-05 07:33 - 00039769 ____H C:\Windows\SysWOW64\BTImages.dat
2013-12-10 08:15 - 2010-11-21 04:47 - 00240742 _____ C:\Windows\PFRO.log
2013-12-09 18:36 - 2013-12-09 17:57 - 00000000 ____D C:\Program Files\Artlantis Studio 5
2013-12-09 18:33 - 2013-12-09 18:33 - 00000000 ____D C:\Users\Public\Documents\Abvent
2013-12-09 18:33 - 2013-12-09 18:33 - 00000000 ____D C:\ProgramData\Abvent
2013-12-09 17:53 - 2013-12-02 22:57 - 00000000 ____D C:\Users\pfluft\Desktop\Druck
2013-12-09 16:14 - 2013-06-06 08:44 - 00009162 _____ C:\Users\pfluft\Documents\plot.log
2013-12-09 13:20 - 2013-07-25 15:38 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-12-09 13:20 - 2013-07-25 15:37 - 00000000 ____D C:\ProgramData\Cisco
2013-12-09 11:48 - 2013-12-09 11:46 - 00000000 ____D C:\Users\pfluft\Desktop\Standart-Detail-Planung
2013-12-07 17:42 - 2013-12-07 17:42 - 92349181 _____ C:\Users\pfluft\Desktop\IMG_1489.psd
2013-12-07 17:41 - 2013-06-02 22:52 - 00000000 ____D C:\Users\pfluft\AppData\Roaming\Adobe
2013-12-07 14:11 - 2013-11-02 12:43 - 00000000 ____D C:\Users\pfluft\Desktop\WS1314
2013-12-07 09:59 - 2013-12-07 09:59 - 00000203 ____H C:\Users\pfluft\Documents\Zeichnung1.dwl2
2013-12-07 09:59 - 2013-12-07 09:59 - 00000053 ____H C:\Users\pfluft\Documents\Zeichnung1.dwl
2013-12-06 16:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-05 17:54 - 2013-06-12 10:15 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-05 17:54 - 2013-06-12 10:15 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-05 12:45 - 2013-06-02 20:39 - 00118568 _____ C:\Users\pfluft\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-05 12:43 - 2009-07-14 05:45 - 05037584 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-05 12:31 - 2013-12-05 12:31 - 00002140 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2013-12-05 12:31 - 2013-12-05 12:31 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2013-12-05 12:29 - 2013-06-03 08:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-05 12:29 - 2013-06-02 22:52 - 00000000 ____D C:\ProgramData\Adobe
2013-12-05 12:21 - 2013-06-03 08:16 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-12-02 22:23 - 2013-06-04 13:51 - 00000000 ____D C:\Users\pfluft\AppData\Local\Spotify
2013-11-28 18:19 - 2013-11-11 14:54 - 00000000 ____D C:\Users\pfluft\Desktop\FotoKalender
2013-11-27 16:29 - 2013-06-03 10:02 - 00000000 ____D C:\Users\pfluft\AppData\Local\cache
2013-11-26 13:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-26 12:18 - 2013-06-02 18:43 - 00001421 _____ C:\Users\pfluft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 12:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-26 10:20 - 2013-11-26 10:15 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-26 10:16 - 2013-11-26 10:16 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 10:16 - 2013-11-26 10:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 10:16 - 2013-11-26 10:16 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 10:16 - 2013-11-26 10:16 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 10:16 - 2013-11-26 10:16 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 10:16 - 2013-11-26 10:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 10:16 - 2013-11-26 10:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 10:16 - 2013-11-26 10:16 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 10:16 - 2013-11-26 10:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 10:16 - 2013-11-26 10:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 10:16 - 2013-11-26 10:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 08:03 - 2013-10-05 20:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-25 18:22 - 2013-06-03 19:56 - 00000000 ____D C:\Users\pfluft\Desktop\Maxwell Materials
2013-11-25 13:17 - 2013-06-03 19:58 - 00000000 ____D C:\Users\pfluft\Desktop\CAD Bibliothek
2013-11-25 12:14 - 2013-11-13 11:30 - 00000000 ____D C:\Users\pfluft\Desktop\fotos
2013-11-22 14:25 - 2013-06-02 22:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-21 21:40 - 2013-10-21 12:29 - 00000132 _____ C:\Users\pfluft\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-11-21 20:02 - 2013-10-20 17:37 - 00009013 _____ C:\Users\pfluft\Documents\Geschenkeliste.xlsx
2013-11-16 16:13 - 2013-11-16 16:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 23:15 - 2013-08-15 07:23 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 23:14 - 2013-06-02 21:41 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 20:19 - 2013-11-14 20:19 - 00001762 _____ C:\Users\Public\Desktop\RC TweakIt.lnk
2013-11-14 20:19 - 2013-11-14 20:03 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-11-14 20:18 - 2013-11-14 20:18 - 00000000 ____D C:\Users\pfluft\Downloads\ROGConnect_V10604_XPVistaWin7_8
2013-11-14 20:03 - 2013-11-14 19:57 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2013-11-14 20:03 - 2013-06-02 19:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-14 20:01 - 2013-11-14 20:01 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2013-11-14 19:55 - 2013-11-14 19:55 - 00000000 ____D C:\Users\pfluft\Downloads\ROGConnectPlus_XPVistaWin7_8_VER10015
2013-11-14 19:45 - 2013-11-14 19:45 - 00000000 ____D C:\Users\pfluft\AppData\Roaming\ASUS
2013-11-14 19:44 - 2013-11-14 19:44 - 00030948 _____ C:\Windows\Ascd_tmp.ini
2013-11-14 19:44 - 2013-11-14 19:44 - 00001769 _____ C:\Windows\Language_trs.ini
2013-11-14 15:34 - 2013-11-14 15:30 - 60134336 _____ C:\Users\pfluft\Downloads\PS_AIO_07_B110_USW_Basic_Win_deu_140_126.exe
2013-11-14 15:28 - 2013-11-14 15:28 - 00000000 ____D C:\Users\pfluft\Downloads\HP-Photosmart-Wireless-B110a-Treiber
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\ChromeExtensions
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\AppData\Roaming\Windows Net Data
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c
2013-11-14 15:27 - 2013-06-02 18:43 - 00000000 ___RD C:\Users\pfluft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-14 15:27 - 2013-06-02 18:42 - 00000000 ____D C:\Users\pfluft
2013-11-14 15:01 - 2013-11-14 15:01 - 00669952 _____ C:\Users\pfluft\Downloads\HP-Photosmart-Wireless-B110a-Treiber-Setup.exe
2013-11-12 08:09 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-11 20:12 - 2013-11-10 20:01 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.7316.dll


Some content of TEMP:
====================
C:\Users\pfluft\AppData\Local\Temp\AcDeltree.exe
C:\Users\pfluft\AppData\Local\Temp\amazonicon_v3.exe
C:\Users\pfluft\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\pfluft\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\pfluft\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\pfluft\AppData\Local\Temp\ose00000.exe
C:\Users\pfluft\AppData\Local\Temp\sdanircmdc.exe
C:\Users\pfluft\AppData\Local\Temp\sdapskill.exe
C:\Users\pfluft\AppData\Local\Temp\SetupAssistant.exe
C:\Users\pfluft\AppData\Local\Temp\SkypeSetup.exe
C:\Users\pfluft\AppData\Local\Temp\Uninstall.exe
C:\Users\pfluft\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 15:25

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

==================== Memory info =========================== 

Percentage of memory in use: 79%
Total physical RAM: 4003.4 MB
Available physical RAM: 837.37 MB
Total Pagefile: 8004.98 MB
Available Pagefile: 4670.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:488.86 GB) NTFS
Drive d: (HP_AND_THE_PRISONER_OF_AZKABAN) (CDROM) (Total:6.54 GB) (Free:0 GB) UDF
Drive e: (Marens Festplatte) (Fixed) (Total:931.51 GB) (Free:537.64 GB) NTFS
Drive f: (CORSAIR) (Removable) (Total:14.93 GB) (Free:12.73 GB) FAT32
Drive g: () (Removable) (Total:7.39 GB) (Free:3.92 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: AF4C0EFA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 005C315D)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================

Pfluft · 11.12.2013, 23:43

Zone Alarm - Screenshot

cosinus · 11.12.2013, 23:49

Ok, aber die additions.txt ist leider unvollständig...

Edit: ich glaub FRST hat gerade nen Fehler...lad FRST morgen nochmal neu runter und erstell die Logs mit der neuen FRST-Version nochmal. Haken setzen bei additions.txt nicht vergessen.

Pfluft · 12.12.2013, 12:50

In der Textfile ist sonst nichts - das war einmal strg+a und strg+c

@EDIT: Gut, danke - dann gehts morgen weiter.

Erneuter Versuch

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-12-2013
Ran by pfluft (administrator) on PFLUFT-PC on 12-12-2013 09:19:13
Running from C:\Users\pfluft\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Spotify Ltd) C:\Users\pfluft\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Windows Net) C:\Users\pfluft\AppData\Roaming\Windows Net Data\net.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\AutoCAD 2013\acad.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Autodesk, Inc.) C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\AutoCAD 2013\AdExchange\AcBrowserHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
(Spotify Ltd) C:\Users\pfluft\AppData\Roaming\Spotify\spotify.exe
() C:\Users\pfluft\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\pfluft\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\pfluft\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\pfluft\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\pfluft\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Spotify Web Helper] - C:\Users\pfluft\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-09] (Spotify Ltd)
HKCU\...\Policies\Explorer: [] 
HKCU\...\Policies\Explorer: [DisallowRun] 1
MountPoints2: {fed7d6e1-f942-11e2-9f09-78929c047890} - F:\AutoRun.exe InFocusDisplayLinkManagerSetup.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [GPU TweakIt Server Execute] - C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe [1355936 2012-05-24] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [258880 2012-09-18] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [214336 2012-09-18] (NVIDIA Corporation)
Startup: C:\Users\pfluft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\pfluft\AppData\Roaming\Windows Net Data\net.exe (Windows Net)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4C3DC863D75FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/software/
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472F-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://vpn.uni-kl.de/CACHE/stc/2/binaries/vpnweb.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\pfluft\AppData\Roaming\Mozilla\Firefox\Profiles\sl258ywl.default
FF NewTab: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tbrId=v1_abb-channel-24_e7473af1ec3942a4bf5acf4cb97a7d26_39_1007_20131110_DE_ff_nt_
FF DefaultSearchEngine: Amazon 
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\pfluft\AppData\Roaming\Mozilla\Firefox\Profiles\sl258ywl.default\searchplugins\zonealarm.xml
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

Chrome: 
=======
CHR HomePage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_cr_de_display?ie=UTF8&tagbase=bds-p24&tbrId=v1_abb-channel-24_e7473af1ec3942a4bf5acf4cb97a7d26_39_1007_20131110_DE_cr_sp_
CHR RestoreOnStartup: "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_cr_de_display?ie=UTF8&tagbase=bds-p24&tbrId=v1_abb-channel-24_e7473af1ec3942a4bf5acf4cb97a7d26_39_1007_20131110_DE_cr_sp_"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Amazon
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR Extension: (Docs) - C:\Users\pfluft\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\pfluft\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\pfluft\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\pfluft\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Price Alarm) - C:\Users\pfluft\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
CHR Extension: (Gmail) - C:\Users\pfluft\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\pfluft\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx

==================== Services (Whitelisted) =================

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe [733544 2008-07-23] (DisplayLink Corp.)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)

==================== Drivers (Whitelisted) ====================

S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort.sys [16896 2008-07-23] (hxxp://libusb-win32.sourceforge.net)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
U0 KL1; 
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-12 09:20 - 2013-12-12 09:20 - 02465368 _____ (Check Point Software Technologies LTD) C:\Users\pfluft\Downloads\zaSetupWeb_120_104_000.exe
2013-12-12 09:19 - 2013-12-12 09:20 - 00017463 _____ C:\Users\pfluft\Downloads\FRST.txt
2013-12-12 09:18 - 2013-12-12 09:18 - 01927106 _____ (Farbar) C:\Users\pfluft\Downloads\FRST64.exe
2013-12-12 09:02 - 2013-12-12 09:02 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-11 23:33 - 2013-12-11 23:33 - 00000000 ____D C:\FRST
2013-12-11 23:10 - 2013-12-11 23:31 - 02355078 _____ C:\Users\pfluft\Desktop\Städtebau_Endzeichnungen.dwg
2013-12-11 15:38 - 2013-12-12 09:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-10 20:16 - 2013-12-10 20:16 - 00000000 ____D C:\Users\pfluft\Desktop\SetupSkp8toAtl4.1
2013-12-10 11:05 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Rvdchndqh
2013-12-10 11:05 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Papurr
2013-12-10 11:05 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Nswk
2013-12-10 11:05 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Kivurfvfv
2013-12-10 11:05 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Iyzmlrpmzy
2013-12-10 11:03 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Xzyf
2013-12-10 11:03 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Whvumundfp
2013-12-10 11:03 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Qkjkj
2013-12-10 11:03 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Pfuvu
2013-12-10 11:03 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Frelnrnryr
2013-12-10 10:51 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Yywpfywfk
2013-12-10 10:51 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Qhrrpmrpn
2013-12-10 10:51 - 2013-12-11 21:35 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Qhrhqkgrkwq
2013-12-09 18:33 - 2013-12-09 18:33 - 00000000 ____D C:\Users\Public\Documents\Abvent
2013-12-09 18:33 - 2013-12-09 18:33 - 00000000 ____D C:\ProgramData\Abvent
2013-12-09 17:57 - 2013-12-09 18:36 - 00000000 ____D C:\Program Files\Artlantis Studio 5
2013-12-09 11:46 - 2013-12-09 11:48 - 00000000 ____D C:\Users\pfluft\Desktop\Standart-Detail-Planung
2013-12-07 17:42 - 2013-12-07 17:42 - 92349181 _____ C:\Users\pfluft\Desktop\IMG_1489.psd
2013-12-07 09:59 - 2013-12-07 09:59 - 00000203 ____H C:\Users\pfluft\Documents\Zeichnung1.dwl2
2013-12-07 09:59 - 2013-12-07 09:59 - 00000053 ____H C:\Users\pfluft\Documents\Zeichnung1.dwl
2013-12-05 12:31 - 2013-12-05 12:31 - 00002140 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2013-12-05 12:31 - 2013-12-05 12:31 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2013-12-02 22:57 - 2013-12-09 17:53 - 00000000 ____D C:\Users\pfluft\Desktop\Druck
2013-11-26 10:20 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-26 10:16 - 2013-11-26 10:16 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 10:16 - 2013-11-26 10:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 10:16 - 2013-11-26 10:16 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 10:16 - 2013-11-26 10:16 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 10:16 - 2013-11-26 10:16 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 10:16 - 2013-11-26 10:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 10:16 - 2013-11-26 10:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 10:16 - 2013-11-26 10:16 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 10:16 - 2013-11-26 10:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 10:16 - 2013-11-26 10:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 10:16 - 2013-11-26 10:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 10:15 - 2013-11-26 10:20 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-16 16:13 - 2013-11-16 16:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 20:19 - 2013-11-14 20:19 - 00001762 _____ C:\Users\Public\Desktop\RC TweakIt.lnk
2013-11-14 20:18 - 2013-11-14 20:18 - 00000000 ____D C:\Users\pfluft\Downloads\ROGConnect_V10604_XPVistaWin7_8
2013-11-14 20:03 - 2013-11-14 20:19 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-11-14 20:03 - 2011-04-26 09:53 - 00192512 _____ (ASUSTeK Computer Inc.) C:\Windows\SysWOW64\Drivers\UpdateHelper.dll
2013-11-14 20:01 - 2013-11-14 20:01 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2013-11-14 19:57 - 2013-11-14 20:03 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2013-11-14 19:57 - 2008-01-04 13:34 - 00011832 _____ C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys
2013-11-14 19:57 - 2008-01-04 13:34 - 00010216 _____ C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys
2013-11-14 19:55 - 2013-11-14 19:55 - 00000000 ____D C:\Users\pfluft\Downloads\ROGConnectPlus_XPVistaWin7_8_VER10015
2013-11-14 19:45 - 2013-11-14 19:45 - 00000000 ____D C:\Users\pfluft\AppData\Roaming\ASUS
2013-11-14 19:44 - 2013-11-14 19:44 - 00030948 _____ C:\Windows\Ascd_tmp.ini
2013-11-14 19:44 - 2013-11-14 19:44 - 00001769 _____ C:\Windows\Language_trs.ini
2013-11-14 15:30 - 2013-11-14 15:34 - 60134336 _____ C:\Users\pfluft\Downloads\PS_AIO_07_B110_USW_Basic_Win_deu_140_126.exe
2013-11-14 15:28 - 2013-11-14 15:28 - 00000000 ____D C:\Users\pfluft\Downloads\HP-Photosmart-Wireless-B110a-Treiber
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\ChromeExtensions
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\AppData\Roaming\Windows Net Data
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c
2013-11-14 15:01 - 2013-11-14 15:01 - 00669952 _____ C:\Users\pfluft\Downloads\HP-Photosmart-Wireless-B110a-Treiber-Setup.exe
2013-11-14 13:41 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 13:41 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 13:41 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 13:41 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 13:41 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 13:41 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 13:41 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 13:41 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 13:41 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 13:40 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 13:40 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 13:40 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 13:40 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 13:40 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 13:40 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 13:40 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 13:40 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 13:40 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 13:40 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 13:40 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 13:40 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 13:40 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 13:40 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 13:40 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 13:40 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 13:40 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 13:40 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 13:40 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 13:40 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 13:40 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 11:30 - 2013-11-25 12:14 - 00000000 ____D C:\Users\pfluft\Desktop\fotos

==================== One Month Modified Files and Folders =======

2013-12-12 09:20 - 2013-12-12 09:20 - 02465368 _____ (Check Point Software Technologies LTD) C:\Users\pfluft\Downloads\zaSetupWeb_120_104_000.exe
2013-12-12 09:20 - 2013-12-12 09:19 - 00017463 _____ C:\Users\pfluft\Downloads\FRST.txt
2013-12-12 09:18 - 2013-12-12 09:18 - 01927106 _____ (Farbar) C:\Users\pfluft\Downloads\FRST64.exe
2013-12-12 09:14 - 2013-12-11 15:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-12 09:14 - 2013-06-02 22:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-12 09:11 - 2013-06-02 18:22 - 01753040 _____ C:\Windows\WindowsUpdate.log
2013-12-12 09:07 - 2013-06-26 07:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-12 09:06 - 2009-07-14 05:51 - 00060241 _____ C:\Windows\setupact.log
2013-12-12 09:05 - 2013-06-04 13:51 - 00000000 ____D C:\Users\pfluft\AppData\Local\Spotify
2013-12-12 09:05 - 2013-06-04 13:50 - 00000000 ____D C:\Users\pfluft\AppData\Roaming\Spotify
2013-12-12 09:02 - 2013-12-12 09:02 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-12 09:02 - 2013-06-12 10:15 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-12 09:02 - 2013-06-02 23:32 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-12 08:38 - 2013-06-06 08:44 - 00009301 _____ C:\Users\pfluft\Documents\plot.log
2013-12-12 08:37 - 2013-06-02 22:52 - 00000000 ____D C:\Users\pfluft\AppData\Local\Adobe
2013-12-12 08:34 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-12 08:34 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-12 08:33 - 2013-06-12 10:15 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-12 08:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-12 00:06 - 2013-06-02 23:23 - 00000000 ____D C:\Users\pfluft\AppData\Roaming\Dropbox
2013-12-11 23:42 - 2013-06-02 23:30 - 00000000 ___RD C:\Users\pfluft\Dropbox
2013-12-11 23:33 - 2013-12-11 23:33 - 00000000 ____D C:\FRST
2013-12-11 23:31 - 2013-12-11 23:10 - 02355078 _____ C:\Users\pfluft\Desktop\Städtebau_Endzeichnungen.dwg
2013-12-11 23:31 - 2011-04-12 08:43 - 00699666 _____ C:\Windows\system32\perfh007.dat
2013-12-11 23:31 - 2011-04-12 08:43 - 00149774 _____ C:\Windows\system32\perfc007.dat
2013-12-11 23:31 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-11 21:35 - 2013-12-10 11:05 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Rvdchndqh
2013-12-11 21:35 - 2013-12-10 11:05 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Papurr
2013-12-11 21:35 - 2013-12-10 11:05 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Nswk
2013-12-11 21:35 - 2013-12-10 11:05 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Kivurfvfv
2013-12-11 21:35 - 2013-12-10 11:05 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Iyzmlrpmzy
2013-12-11 21:35 - 2013-12-10 11:03 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Xzyf
2013-12-11 21:35 - 2013-12-10 11:03 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Whvumundfp
2013-12-11 21:35 - 2013-12-10 11:03 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Qkjkj
2013-12-11 21:35 - 2013-12-10 11:03 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Pfuvu
2013-12-11 21:35 - 2013-12-10 11:03 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Frelnrnryr
2013-12-11 21:35 - 2013-12-10 10:51 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Yywpfywfk
2013-12-11 21:35 - 2013-12-10 10:51 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Qhrrpmrpn
2013-12-11 21:35 - 2013-12-10 10:51 - 00000000 ___HD C:\Users\pfluft\AppData\Roaming\Qhrhqkgrkwq
2013-12-11 20:07 - 2013-06-26 07:19 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 20:07 - 2013-06-03 20:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 20:07 - 2013-06-03 20:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 14:26 - 2013-06-03 08:44 - 01594892 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-10 20:16 - 2013-12-10 20:16 - 00000000 ____D C:\Users\pfluft\Desktop\SetupSkp8toAtl4.1
2013-12-10 15:06 - 2013-06-12 10:21 - 00000600 _____ C:\Users\pfluft\AppData\Roaming\winscp.rnd
2013-12-10 15:06 - 2013-06-12 10:21 - 00000600 _____ C:\Users\pfluft\AppData\Local\PUTTY.RND
2013-12-10 08:25 - 2013-06-05 07:33 - 00039769 ____H C:\Windows\SysWOW64\BTImages.dat
2013-12-10 08:15 - 2010-11-21 04:47 - 00240742 _____ C:\Windows\PFRO.log
2013-12-09 18:36 - 2013-12-09 17:57 - 00000000 ____D C:\Program Files\Artlantis Studio 5
2013-12-09 18:33 - 2013-12-09 18:33 - 00000000 ____D C:\Users\Public\Documents\Abvent
2013-12-09 18:33 - 2013-12-09 18:33 - 00000000 ____D C:\ProgramData\Abvent
2013-12-09 17:53 - 2013-12-02 22:57 - 00000000 ____D C:\Users\pfluft\Desktop\Druck
2013-12-09 13:20 - 2013-07-25 15:38 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-12-09 13:20 - 2013-07-25 15:37 - 00000000 ____D C:\ProgramData\Cisco
2013-12-09 11:48 - 2013-12-09 11:46 - 00000000 ____D C:\Users\pfluft\Desktop\Standart-Detail-Planung
2013-12-07 17:42 - 2013-12-07 17:42 - 92349181 _____ C:\Users\pfluft\Desktop\IMG_1489.psd
2013-12-07 17:41 - 2013-06-02 22:52 - 00000000 ____D C:\Users\pfluft\AppData\Roaming\Adobe
2013-12-07 14:11 - 2013-11-02 12:43 - 00000000 ____D C:\Users\pfluft\Desktop\WS1314
2013-12-07 09:59 - 2013-12-07 09:59 - 00000203 ____H C:\Users\pfluft\Documents\Zeichnung1.dwl2
2013-12-07 09:59 - 2013-12-07 09:59 - 00000053 ____H C:\Users\pfluft\Documents\Zeichnung1.dwl
2013-12-06 16:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-05 17:54 - 2013-06-12 10:15 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-05 17:54 - 2013-06-12 10:15 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-05 12:45 - 2013-06-02 20:39 - 00118568 _____ C:\Users\pfluft\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-05 12:43 - 2009-07-14 05:45 - 05037584 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-05 12:31 - 2013-12-05 12:31 - 00002140 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2013-12-05 12:31 - 2013-12-05 12:31 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2013-12-05 12:29 - 2013-06-03 08:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-05 12:29 - 2013-06-02 22:52 - 00000000 ____D C:\ProgramData\Adobe
2013-12-05 12:21 - 2013-06-03 08:16 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-11-28 18:19 - 2013-11-11 14:54 - 00000000 ____D C:\Users\pfluft\Desktop\FotoKalender
2013-11-27 16:29 - 2013-06-03 10:02 - 00000000 ____D C:\Users\pfluft\AppData\Local\cache
2013-11-26 13:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-26 12:18 - 2013-06-02 18:43 - 00001421 _____ C:\Users\pfluft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 12:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-26 10:20 - 2013-11-26 10:15 - 00010277 _____ C:\Windows\IE11_main.log
2013-11-26 10:16 - 2013-11-26 10:16 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 10:16 - 2013-11-26 10:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 10:16 - 2013-11-26 10:16 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 10:16 - 2013-11-26 10:16 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 10:16 - 2013-11-26 10:16 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 10:16 - 2013-11-26 10:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 10:16 - 2013-11-26 10:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 10:16 - 2013-11-26 10:16 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 10:16 - 2013-11-26 10:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 10:16 - 2013-11-26 10:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 10:16 - 2013-11-26 10:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 10:16 - 2013-11-26 10:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 10:16 - 2013-11-26 10:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 08:03 - 2013-10-05 20:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-25 18:22 - 2013-06-03 19:56 - 00000000 ____D C:\Users\pfluft\Desktop\Maxwell Materials
2013-11-25 13:17 - 2013-06-03 19:58 - 00000000 ____D C:\Users\pfluft\Desktop\CAD Bibliothek
2013-11-25 12:14 - 2013-11-13 11:30 - 00000000 ____D C:\Users\pfluft\Desktop\fotos
2013-11-21 21:40 - 2013-10-21 12:29 - 00000132 _____ C:\Users\pfluft\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-11-21 20:02 - 2013-10-20 17:37 - 00009013 _____ C:\Users\pfluft\Documents\Geschenkeliste.xlsx
2013-11-16 16:13 - 2013-11-16 16:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 23:15 - 2013-08-15 07:23 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 23:14 - 2013-06-02 21:41 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 20:19 - 2013-11-14 20:19 - 00001762 _____ C:\Users\Public\Desktop\RC TweakIt.lnk
2013-11-14 20:19 - 2013-11-14 20:03 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-11-14 20:18 - 2013-11-14 20:18 - 00000000 ____D C:\Users\pfluft\Downloads\ROGConnect_V10604_XPVistaWin7_8
2013-11-14 20:03 - 2013-11-14 19:57 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2013-11-14 20:03 - 2013-06-02 19:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-14 20:01 - 2013-11-14 20:01 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2013-11-14 19:55 - 2013-11-14 19:55 - 00000000 ____D C:\Users\pfluft\Downloads\ROGConnectPlus_XPVistaWin7_8_VER10015
2013-11-14 19:45 - 2013-11-14 19:45 - 00000000 ____D C:\Users\pfluft\AppData\Roaming\ASUS
2013-11-14 19:44 - 2013-11-14 19:44 - 00030948 _____ C:\Windows\Ascd_tmp.ini
2013-11-14 19:44 - 2013-11-14 19:44 - 00001769 _____ C:\Windows\Language_trs.ini
2013-11-14 15:34 - 2013-11-14 15:30 - 60134336 _____ C:\Users\pfluft\Downloads\PS_AIO_07_B110_USW_Basic_Win_deu_140_126.exe
2013-11-14 15:28 - 2013-11-14 15:28 - 00000000 ____D C:\Users\pfluft\Downloads\HP-Photosmart-Wireless-B110a-Treiber
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\ChromeExtensions
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\AppData\Roaming\Windows Net Data
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c
2013-11-14 15:27 - 2013-06-02 18:43 - 00000000 ___RD C:\Users\pfluft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-14 15:27 - 2013-06-02 18:42 - 00000000 ____D C:\Users\pfluft
2013-11-14 15:01 - 2013-11-14 15:01 - 00669952 _____ C:\Users\pfluft\Downloads\HP-Photosmart-Wireless-B110a-Treiber-Setup.exe
2013-11-12 08:09 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.7316.dll


Some content of TEMP:
====================
C:\Users\pfluft\AppData\Local\Temp\AcDeltree.exe
C:\Users\pfluft\AppData\Local\Temp\amazonicon_v3.exe
C:\Users\pfluft\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\pfluft\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\pfluft\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\pfluft\AppData\Local\Temp\ose00000.exe
C:\Users\pfluft\AppData\Local\Temp\sdanircmdc.exe
C:\Users\pfluft\AppData\Local\Temp\sdapskill.exe
C:\Users\pfluft\AppData\Local\Temp\SetupAssistant.exe
C:\Users\pfluft\AppData\Local\Temp\SkypeSetup.exe
C:\Users\pfluft\AppData\Local\Temp\Uninstall.exe
C:\Users\pfluft\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 15:25

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

==================== Memory info =========================== 

Percentage of memory in use: 62%
Total physical RAM: 4003.4 MB
Available physical RAM: 1506.88 MB
Total Pagefile: 8004.98 MB
Available Pagefile: 5047.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:488.73 GB) NTFS
Drive d: (HP_AND_THE_PRISONER_OF_AZKABAN) (CDROM) (Total:6.54 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:7.39 GB) (Free:3.92 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: AF4C0EFA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================

Was mach ich denn jetzt falsch...das sollte eigentlich ein neuer Beitrag werden.

Also neuer Versuch von heute morgen siehe oben.

Ach menno, das ist schon wieder im Edit gelandet

cosinus · 12.12.2013, 14:52

Zitat:

Ach menno, das ist schon wieder im Edit gelandet

Das ist eine gewollte Einstellung, nicht dein Fehler

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Pfluft · 12.12.2013, 15:14

Ich habe eben das Programm nochmal gestoppt, weil ich im Hintergrund noch ein Programm offen hatte, was vielleicht nicht so gut ist. jetzt kommt allerdings die Meldung: Fehler beim überschreiben der Datei: C:\32788R22FWJFW\License\iexplorer.exe

cosinus · 12.12.2013, 18:23

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.

Pfluft · 12.12.2013, 18:59

Lief alles ohne Zwischenmeldungen

Code:

ATTFilter

ComboFix 13-12-12.03 - pfluft 12.12.2013  18:42:35.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4003.2421 [GMT 1:00]
ausgeführt von:: c:\users\pfluft\Desktop\ComboFix.exe
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-12 bis 2013-12-12  ))))))))))))))))))))))))))))))
.
.
2013-12-12 08:48 . 2013-07-17 01:02	7717984	----a-w-	c:\windows\system32\drivers\kl1.sys
2013-12-12 08:48 . 2013-10-09 00:31	90208	----a-w-	c:\windows\system32\drivers\klflt.sys
2013-12-12 08:48 . 2013-10-09 00:31	489568	----a-w-	c:\windows\system32\drivers\klif.sys
2013-12-11 22:33 . 2013-12-11 22:33	--------	d-----w-	C:\FRST
2013-12-11 14:38 . 2013-12-12 08:14	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-12-10 10:05 . 2013-12-11 20:35	--------	d--h--w-	c:\users\pfluft\AppData\Roaming\Rvdchndqh
2013-12-10 10:05 . 2013-12-11 20:35	--------	d--h--w-	c:\users\pfluft\AppData\Roaming\Papurr
2013-12-10 10:05 . 2013-12-11 20:35	--------	d--h--w-	c:\users\pfluft\AppData\Roaming\Nswk
2013-12-10 10:05 . 2013-12-11 20:35	--------	d--h--w-	c:\users\pfluft\AppData\Roaming\Kivurfvfv
2013-12-10 10:05 . 2013-12-11 20:35	--------	d--h--w-	c:\users\pfluft\AppData\Roaming\Iyzmlrpmzy
2013-12-10 10:03 . 2013-12-11 20:35	--------	d--h--w-	c:\users\pfluft\AppData\Roaming\Xzyf
2013-12-10 10:03 . 2013-12-11 20:35	--------	d--h--w-	c:\users\pfluft\AppData\Roaming\Whvumundfp
2013-12-10 10:03 . 2013-12-11 20:35	--------	d--h--w-	c:\users\pfluft\AppData\Roaming\Qkjkj
2013-12-10 10:03 . 2013-12-11 20:35	--------	d--h--w-	c:\users\pfluft\AppData\Roaming\Pfuvu
2013-12-10 10:03 . 2013-12-11 20:35	--------	d--h--w-	c:\users\pfluft\AppData\Roaming\Frelnrnryr
2013-12-10 09:51 . 2013-12-11 20:35	--------	d--h--w-	c:\users\pfluft\AppData\Roaming\Yywpfywfk
2013-12-10 09:51 . 2013-12-11 20:35	--------	d--h--w-	c:\users\pfluft\AppData\Roaming\Qhrrpmrpn
2013-12-10 09:51 . 2013-12-11 20:35	--------	d--h--w-	c:\users\pfluft\AppData\Roaming\Qhrhqkgrkwq
2013-12-10 07:25 . 2013-11-08 03:12	10285968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AB0CAF3-A0D1-4246-93D2-ABBBFD20C37B}\mpengine.dll
2013-12-09 17:33 . 2013-12-09 17:33	--------	d-----w-	c:\programdata\Abvent
2013-12-09 16:57 . 2013-12-09 17:36	--------	d-----w-	c:\program files\Artlantis Studio 5
2013-12-05 21:14 . 2013-12-05 21:14	--------	d-----w-	c:\program files (x86)\Common Files\PDF Architect
2013-11-26 09:20 . 2013-10-14 17:00	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
2013-11-14 19:03 . 2011-04-26 08:53	192512	----a-w-	c:\windows\SysWow64\drivers\UpdateHelper.dll
2013-11-14 19:03 . 2013-11-14 19:19	--------	d-----w-	c:\program files (x86)\ASUS
2013-11-14 19:01 . 2013-11-14 19:01	16896	----a-w-	c:\windows\AsTaskSched.dll
2013-11-14 18:57 . 2008-01-04 12:34	11832	----a-w-	c:\windows\SysWow64\drivers\AsInsHelp64.sys
2013-11-14 18:57 . 2008-01-04 12:34	10216	----a-w-	c:\windows\SysWow64\drivers\AsInsHelp32.sys
2013-11-14 18:45 . 2013-11-14 18:45	--------	d-----w-	c:\users\pfluft\AppData\Roaming\ASUS
2013-11-14 18:45 . 2013-11-14 18:45	--------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2013-11-14 14:27 . 2013-11-14 14:27	--------	d-----w-	c:\users\pfluft\AppData\Roaming\Windows Net Data
2013-11-14 14:27 . 2013-11-14 14:27	--------	d-----w-	c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c
2013-11-14 14:27 . 2013-11-14 14:27	--------	d-----w-	c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228
2013-11-14 14:27 . 2013-11-14 14:27	--------	d-----w-	c:\users\pfluft\ChromeExtensions
2013-11-14 14:27 . 2013-11-14 14:27	--------	d-----w-	c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f
2013-11-14 12:41 . 2013-10-05 20:25	1474048	----a-w-	c:\windows\system32\crypt32.dll
2013-11-14 12:41 . 2013-10-05 19:57	1168384	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-11-14 12:41 . 2013-09-28 01:09	497152	----a-w-	c:\windows\system32\drivers\afd.sys
2013-11-14 12:41 . 2013-10-04 02:28	190464	----a-w-	c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-14 12:41 . 2013-10-04 02:25	197120	----a-w-	c:\windows\system32\credui.dll
2013-11-14 12:41 . 2013-10-04 02:24	1930752	----a-w-	c:\windows\system32\authui.dll
2013-11-14 12:41 . 2013-10-04 01:58	152576	----a-w-	c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-14 12:41 . 2013-10-04 01:56	168960	----a-w-	c:\windows\SysWow64\credui.dll
2013-11-14 12:41 . 2013-10-04 01:56	1796096	----a-w-	c:\windows\SysWow64\authui.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 19:07 . 2013-06-03 19:21	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 19:07 . 2013-06-03 19:21	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-14 22:14 . 2013-06-02 20:41	82896128	----a-w-	c:\windows\system32\MRT.exe
2013-11-11 04:50 . 2010-11-21 03:27	267936	------w-	c:\windows\system32\MpSigStub.exe
2013-11-10 19:01 . 2013-11-10 19:01	129536	----a-w-	c:\users\Public\AlexaNSISPlugin.7316.dll
2013-10-23 10:00 . 2012-12-13 09:49	454168	----a-w-	c:\windows\system32\drivers\vsdatant.sys
2013-10-20 15:35 . 2013-10-20 15:35	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2013-10-20 15:35 . 2013-10-20 15:35	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2013-10-20 15:35 . 2013-10-20 15:35	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2013-10-20 15:35 . 2013-10-20 15:35	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2013-10-10 21:48 . 2013-10-10 21:48	11152	----a-w-	c:\windows\SysWow64\vpncategories.dll
2013-10-10 21:48 . 2013-10-10 21:48	34192	----a-w-	c:\windows\SysWow64\vpnevents.dll
2013-10-10 21:31 . 2013-10-10 21:31	52080	----a-w-	c:\windows\system32\drivers\vpnva64-6.sys
2013-10-10 21:29 . 2013-06-19 14:40	112496	----a-r-	c:\windows\system32\drivers\acsock64.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\pfluft\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-09 1168896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-25 73832]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]
"GPU TweakIt Server Execute"="c:\program files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe" [2012-05-24 1355936]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-09-05 3478392]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-10-10 707984]
.
c:\users\pfluft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
net.lnk - c:\users\pfluft\AppData\Roaming\Windows Net Data\net.exe [2013-11-14 709120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort.sys [x]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-04 20:55	1210320	----a-w-	c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-03 19:07]
.
2013-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 09:15]
.
2013-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 09:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: uni-kl.de\vpn
TCP: DhcpNameServer = 192.168.178.1
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vpn.uni-kl.de/CACHE/stc/2/binaries/vpnweb.cab
FF - ProfilePath - c:\users\pfluft\AppData\Roaming\Mozilla\Firefox\Profiles\sl258ywl.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Updater Service - c:\programdata\IBUpdaterService\ibsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-12-12  18:56:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-12-12 17:56
.
Vor Suchlauf: 14 Verzeichnis(se), 537.415.204.864 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 539.376.730.112 Bytes frei
.
- - End Of File - - B7EE0DAD9F4D4488F43FE49C4BC3458C

cosinus · 13.12.2013, 14:39

Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
Folder::
c:\users\pfluft\AppData\Roaming\Rvdchndqh
c:\users\pfluft\AppData\Roaming\Papurr
c:\users\pfluft\AppData\Roaming\Nswk
c:\users\pfluft\AppData\Roaming\Kivurfvfv
c:\users\pfluft\AppData\Roaming\Iyzmlrpmzy
c:\users\pfluft\AppData\Roaming\Xzyf
c:\users\pfluft\AppData\Roaming\Whvumundfp
c:\users\pfluft\AppData\Roaming\Qkjkj
c:\users\pfluft\AppData\Roaming\Pfuvu
c:\users\pfluft\AppData\Roaming\Frelnrnryr
c:\users\pfluft\AppData\Roaming\Yywpfywfk
c:\users\pfluft\AppData\Roaming\Qhrrpmrpn
c:\users\pfluft\AppData\Roaming\Qhrhqkgrkwq
c:\users\pfluft\AppData\Roaming\Windows Net Data
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f

File::
c:\users\pfluft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
         
Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.
Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Pfluft · 13.12.2013, 21:58

Nur um sicher zu gehen, dass ich da nichts falsch mache:

Zitat:

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Hab ich - kann ich dann auch die Internetverbindung trennen ?

Und dann ComboFix starten (computer in ruhe lassen) und dann die CFScript-datei in die .exe-datei ziehen -- ODER startet der Vorgang durch das rüberziehen von allein ?

Habe die Textdatei in die .exe gezogen...

Das läuft nu schon ne gute Stunde und dort steht: Fertiggestellte Stufe_27
Am Anfang hieß es etwa 10 min, bei großer Infizierung kann es auch doppelt so lange dauern.
Etwas beunruhigend :-S

Nicht erschrecken ich schreibe von einem anderen Laptop

Code:

ATTFilter

ComboFix 13-12-13.01 - pfluft 13.12.2013  17:14:38.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4003.2463 [GMT 1:00]
ausgeführt von:: c:\users\pfluft\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\pfluft\Desktop\CFScript.txt
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
FILE ::
"c:\users\pfluft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\._bootstrap.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\._harness-options.json
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\._icon.png
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\._icon64.png
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\._install.rdf
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\._locales.json
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\._options.xul
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\defaults\preferences\._prefs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._base64.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._page-mod.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._private-browsing.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._querystring.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._request.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._self.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._simple-prefs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._simple-storage.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._system.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._tabs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._timers.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._url.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._windows.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\addon\._runner.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\console\._plain-text.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\console\._traceback.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\content\._content-proxy.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\content\._content-worker.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\content\._loader.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\content\._thumbnail.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\content\._worker.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\core\._heritage.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\core\._namespace.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\core\._promise.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._api-utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._cortex.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._errors.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._events.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._light-traits.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._list.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._memory.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._observer-service.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._traits.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._window-utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\events\._assembler.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\traits\._core.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\dom\._events.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\event\._core.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\event\._target.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\io\._byte-streams.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\io\._data.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\io\._file.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\io\._text-streams.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\l10n\._core.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\l10n\._html.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\l10n\._loader.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\l10n\._locale.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\l10n\._prefs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\lang\._functional.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\loader\._cuddlefish.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\loader\._sandbox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\net\._url.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\net\._xhr.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\page-mod\._match-pattern.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\platform\._xpcom.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\preferences\._event-target.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\preferences\._service.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\private-browsing\._utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\private-browsing\window\._utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\system\._environment.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\system\._events.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\system\._globals.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\system\._runtime.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\system\._unload.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\system\._xul-app.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._common.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._events.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._helpers.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._namespace.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._observer.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._tab-fennec.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._tab-firefox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._tab.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._tabs-firefox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._tabs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._worker.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\util\._array.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\util\._deprecate.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\util\._list.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\util\._object.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\util\._registry.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\util\._uuid.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\window\._browser.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\window\._namespace.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\window\._utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\windows\._dom.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\windows\._fennec.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\windows\._firefox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\windows\._loader.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\windows\._observer.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\windows\._tabs-fennec.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\windows\._tabs-firefox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\toolkit\._loader.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\sparpilot\data\._icon48.png
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\sparpilot\data\._icon64.png
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\sparpilot\data\._jquery.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\sparpilot\data\._toolbar.css
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\sparpilot\data\._toolbar.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\sparpilot\lib\._main.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\bootstrap.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\defaults\preferences\prefs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\harness-options.json
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\icon.png
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\icon64.png
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\install.rdf
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\locales.json
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\options.xul
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\addon\runner.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\base64.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\console\plain-text.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\console\traceback.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\content\content-proxy.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\content\content-worker.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\content\loader.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\content\thumbnail.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\content\worker.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\core\heritage.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\core\namespace.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\core\promise.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\api-utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\cortex.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\errors.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\events.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\events\assembler.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\light-traits.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\list.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\memory.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\observer-service.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\traits.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\traits\core.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\window-utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\dom\events.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\event\core.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\event\target.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\io\byte-streams.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\io\data.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\io\file.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\io\text-streams.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\l10n\core.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\l10n\html.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\l10n\loader.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\l10n\locale.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\l10n\prefs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\lang\functional.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\loader\cuddlefish.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\loader\sandbox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\net\url.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\net\xhr.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\page-mod.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\page-mod\match-pattern.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\platform\xpcom.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\preferences\event-target.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\preferences\service.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\private-browsing.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\private-browsing\utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\private-browsing\window\utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\querystring.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\request.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\self.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\simple-prefs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\simple-storage.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\system.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\system\environment.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\system\events.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\system\globals.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\system\runtime.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\system\unload.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\system\xul-app.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\common.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\events.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\helpers.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\namespace.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\observer.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\tab-fennec.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\tab-firefox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\tab.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\tabs-firefox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\tabs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\worker.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\timers.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\url.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\util\array.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\util\deprecate.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\util\list.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\util\object.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\util\registry.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\util\uuid.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\window\browser.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\window\namespace.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\window\utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\windows.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\windows\dom.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\windows\fennec.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\windows\firefox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\windows\loader.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\windows\observer.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\windows\tabs-fennec.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\windows\tabs-firefox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\toolkit\loader.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\sparpilot\data\icon48.png
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\sparpilot\data\icon64.png
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\sparpilot\data\jquery.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\sparpilot\data\toolbar.css
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\sparpilot\data\toolbar.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\sparpilot\lib\main.js
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f\background.html
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f\background.js
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f\icon.png
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f\icon128.png
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f\icon16.png
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f\icon48.png
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f\manifest.json
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228\chrome.manifest
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228\chrome\content\econa-amazon-icon.css
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228\chrome\content\econa-amazon-icon.js
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228\chrome\content\econa-amazon-icon.xul
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228\chrome\content\icon.png
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228\chrome\locale\de-DE\econa-amazon-icon.dtd
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228\components\cmdline.js
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228\install.rdf
c:\users\pfluft\AppData\Roaming\Frelnrnryr
c:\users\pfluft\AppData\Roaming\Iyzmlrpmzy
c:\users\pfluft\AppData\Roaming\Kivurfvfv
c:\users\pfluft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
c:\users\pfluft\AppData\Roaming\Nswk
c:\users\pfluft\AppData\Roaming\Papurr
c:\users\pfluft\AppData\Roaming\Pfuvu
c:\users\pfluft\AppData\Roaming\Qhrhqkgrkwq
c:\users\pfluft\AppData\Roaming\Qhrrpmrpn
c:\users\pfluft\AppData\Roaming\Qkjkj
c:\users\pfluft\AppData\Roaming\Rvdchndqh
c:\users\pfluft\AppData\Roaming\Whvumundfp
c:\users\pfluft\AppData\Roaming\Windows Net Data
c:\users\pfluft\AppData\Roaming\Windows Net Data\id.dat
c:\users\pfluft\AppData\Roaming\Windows Net Data\net.exe
c:\users\pfluft\AppData\Roaming\Windows Net Data\uninstaller.exe
c:\users\pfluft\AppData\Roaming\Windows Net Data\well.dat
c:\users\pfluft\AppData\Roaming\Xzyf
c:\users\pfluft\AppData\Roaming\Yywpfywfk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-13 bis 2013-12-13  ))))))))))))))))))))))))))))))
.
.
2013-12-13 20:49 . 2013-12-13 20:49	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-12-13 20:49 . 2013-12-13 20:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-12-13 15:22 . 2013-11-08 03:12	10285968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{185455C4-C470-4CB8-90BA-9854D1DDB52E}\mpengine.dll
2013-12-13 06:46 . 2013-05-10 04:30	167424	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2013-12-13 06:46 . 2013-05-10 03:48	164864	----a-w-	c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-13 06:46 . 2013-05-10 05:56	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2013-12-13 06:46 . 2013-05-10 04:56	12625408	----a-w-	c:\windows\SysWow64\wmploc.DLL
2013-12-13 06:46 . 2013-05-10 05:56	14631424	----a-w-	c:\windows\system32\wmp.dll
2013-12-12 08:48 . 2013-07-17 01:02	7717984	----a-w-	c:\windows\system32\drivers\kl1.sys
2013-12-12 08:48 . 2013-10-09 00:31	90208	----a-w-	c:\windows\system32\drivers\klflt.sys
2013-12-12 08:48 . 2013-10-09 00:31	489568	----a-w-	c:\windows\system32\drivers\klif.sys
2013-12-11 22:33 . 2013-12-11 22:33	--------	d-----w-	C:\FRST
2013-12-11 14:38 . 2013-12-12 08:14	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-12-09 17:33 . 2013-12-09 17:33	--------	d-----w-	c:\programdata\Abvent
2013-12-09 16:57 . 2013-12-09 17:36	--------	d-----w-	c:\program files\Artlantis Studio 5
2013-12-05 21:14 . 2013-12-05 21:14	--------	d-----w-	c:\program files (x86)\Common Files\PDF Architect
2013-11-26 09:20 . 2013-10-14 17:00	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
2013-11-14 19:03 . 2011-04-26 08:53	192512	----a-w-	c:\windows\SysWow64\drivers\UpdateHelper.dll
2013-11-14 19:03 . 2013-11-14 19:19	--------	d-----w-	c:\program files (x86)\ASUS
2013-11-14 19:01 . 2013-11-14 19:01	16896	----a-w-	c:\windows\AsTaskSched.dll
2013-11-14 18:57 . 2008-01-04 12:34	11832	----a-w-	c:\windows\SysWow64\drivers\AsInsHelp64.sys
2013-11-14 18:57 . 2008-01-04 12:34	10216	----a-w-	c:\windows\SysWow64\drivers\AsInsHelp32.sys
2013-11-14 18:45 . 2013-11-14 18:45	--------	d-----w-	c:\users\pfluft\AppData\Roaming\ASUS
2013-11-14 18:45 . 2013-11-14 18:45	--------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2013-11-14 14:27 . 2013-11-14 14:27	--------	d-----w-	c:\users\pfluft\ChromeExtensions
2013-11-14 12:41 . 2013-10-05 20:25	1474048	----a-w-	c:\windows\system32\crypt32.dll
2013-11-14 12:41 . 2013-10-05 19:57	1168384	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-11-14 12:41 . 2013-09-28 01:09	497152	----a-w-	c:\windows\system32\drivers\afd.sys
2013-11-14 12:41 . 2013-10-04 02:28	190464	----a-w-	c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-14 12:41 . 2013-10-04 02:25	197120	----a-w-	c:\windows\system32\credui.dll
2013-11-14 12:41 . 2013-10-04 02:24	1930752	----a-w-	c:\windows\system32\authui.dll
2013-11-14 12:41 . 2013-10-04 01:58	152576	----a-w-	c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-14 12:41 . 2013-10-04 01:56	168960	----a-w-	c:\windows\SysWow64\credui.dll
2013-11-14 12:41 . 2013-10-04 01:56	1796096	----a-w-	c:\windows\SysWow64\authui.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 19:07 . 2013-06-03 19:21	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 19:07 . 2013-06-03 19:21	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-14 22:14 . 2013-06-02 20:41	82896128	----a-w-	c:\windows\system32\MRT.exe
2013-11-11 04:50 . 2010-11-21 03:27	267936	------w-	c:\windows\system32\MpSigStub.exe
2013-11-10 19:01 . 2013-11-10 19:01	129536	----a-w-	c:\users\Public\AlexaNSISPlugin.7316.dll
2013-10-23 10:00 . 2012-12-13 09:49	454168	----a-w-	c:\windows\system32\drivers\vsdatant.sys
2013-10-20 15:35 . 2013-10-20 15:35	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2013-10-20 15:35 . 2013-10-20 15:35	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2013-10-20 15:35 . 2013-10-20 15:35	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2013-10-20 15:35 . 2013-10-20 15:35	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2013-10-10 21:48 . 2013-10-10 21:48	11152	----a-w-	c:\windows\SysWow64\vpncategories.dll
2013-10-10 21:48 . 2013-10-10 21:48	34192	----a-w-	c:\windows\SysWow64\vpnevents.dll
2013-10-10 21:31 . 2013-10-10 21:31	52080	----a-w-	c:\windows\system32\drivers\vpnva64-6.sys
2013-10-10 21:29 . 2013-06-19 14:40	112496	----a-r-	c:\windows\system32\drivers\acsock64.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\pfluft\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-09 1168896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-25 73832]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]
"GPU TweakIt Server Execute"="c:\program files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe" [2012-05-24 1355936]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-09-05 3478392]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-10-10 707984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort.sys [x]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-04 20:55	1210320	----a-w-	c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-03 19:07]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 09:15]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 09:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: uni-kl.de\vpn
TCP: DhcpNameServer = 192.168.178.1
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vpn.uni-kl.de/CACHE/stc/2/binaries/vpnweb.cab
FF - ProfilePath - c:\users\pfluft\AppData\Roaming\Mozilla\Firefox\Profiles\sl258ywl.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-12-13 00:17; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\pfluft\AppData\Roaming\Mozilla\Firefox\Profiles\sl258ywl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Updater Service - c:\programdata\IBUpdaterService\ibsvc.exe
AddRemove-Windows Utils - c:\users\pfluft\AppData\Roaming\Windows Net Data\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-12-13  21:51:35
ComboFix-quarantined-files.txt  2013-12-13 20:51
ComboFix2.txt  2013-12-12 17:56
.
Vor Suchlauf: 17 Verzeichnis(se), 542.522.134.528 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 542.212.608.000 Bytes frei
.
- - End Of File - - 2FCA3B3B649A3E558600F25B8F8040A5

Der Marathon ist durch
Es gab keine Zwischenfälle - allerdings saß ich eben nicht die ganze Zeit am Laptop.

Entschuldige, du hattest einen anderen Pfad angeben:

Code:

ATTFilter

ComboFix 13-12-13.01 - pfluft 13.12.2013  17:14:38.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4003.2463 [GMT 1:00]
ausgeführt von:: c:\users\pfluft\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\pfluft\Desktop\CFScript.txt
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
FILE ::
"c:\users\pfluft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\._bootstrap.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\._harness-options.json
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\._icon.png
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\._icon64.png
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\._install.rdf
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\._locales.json
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\._options.xul
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\defaults\preferences\._prefs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._base64.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._page-mod.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._private-browsing.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._querystring.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._request.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._self.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._simple-prefs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._simple-storage.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._system.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._tabs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._timers.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._url.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\._windows.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\addon\._runner.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\console\._plain-text.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\console\._traceback.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\content\._content-proxy.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\content\._content-worker.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\content\._loader.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\content\._thumbnail.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\content\._worker.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\core\._heritage.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\core\._namespace.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\core\._promise.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._api-utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._cortex.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._errors.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._events.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._light-traits.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._list.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._memory.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._observer-service.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._traits.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\._window-utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\events\._assembler.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\deprecated\traits\._core.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\dom\._events.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\event\._core.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\event\._target.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\io\._byte-streams.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\io\._data.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\io\._file.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\io\._text-streams.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\l10n\._core.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\l10n\._html.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\l10n\._loader.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\l10n\._locale.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\l10n\._prefs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\lang\._functional.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\loader\._cuddlefish.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\loader\._sandbox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\net\._url.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\net\._xhr.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\page-mod\._match-pattern.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\platform\._xpcom.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\preferences\._event-target.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\preferences\._service.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\private-browsing\._utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\private-browsing\window\._utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\system\._environment.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\system\._events.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\system\._globals.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\system\._runtime.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\system\._unload.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\system\._xul-app.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._common.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._events.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._helpers.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._namespace.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._observer.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._tab-fennec.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._tab-firefox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._tab.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._tabs-firefox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._tabs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\tabs\._worker.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\util\._array.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\util\._deprecate.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\util\._list.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\util\._object.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\util\._registry.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\util\._uuid.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\window\._browser.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\window\._namespace.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\window\._utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\windows\._dom.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\windows\._fennec.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\windows\._firefox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\windows\._loader.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\windows\._observer.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\windows\._tabs-fennec.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\sdk\windows\._tabs-firefox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\addon-sdk\lib\toolkit\._loader.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\sparpilot\data\._icon48.png
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\sparpilot\data\._icon64.png
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\sparpilot\data\._jquery.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\sparpilot\data\._toolbar.css
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\sparpilot\data\._toolbar.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\__MACOSX\resources\sparpilot\lib\._main.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\bootstrap.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\defaults\preferences\prefs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\harness-options.json
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\icon.png
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\icon64.png
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\install.rdf
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\locales.json
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\options.xul
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\addon\runner.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\base64.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\console\plain-text.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\console\traceback.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\content\content-proxy.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\content\content-worker.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\content\loader.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\content\thumbnail.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\content\worker.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\core\heritage.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\core\namespace.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\core\promise.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\api-utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\cortex.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\errors.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\events.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\events\assembler.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\light-traits.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\list.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\memory.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\observer-service.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\traits.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\traits\core.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\deprecated\window-utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\dom\events.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\event\core.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\event\target.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\io\byte-streams.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\io\data.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\io\file.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\io\text-streams.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\l10n\core.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\l10n\html.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\l10n\loader.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\l10n\locale.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\l10n\prefs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\lang\functional.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\loader\cuddlefish.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\loader\sandbox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\net\url.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\net\xhr.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\page-mod.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\page-mod\match-pattern.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\platform\xpcom.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\preferences\event-target.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\preferences\service.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\private-browsing.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\private-browsing\utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\private-browsing\window\utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\querystring.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\request.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\self.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\simple-prefs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\simple-storage.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\system.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\system\environment.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\system\events.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\system\globals.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\system\runtime.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\system\unload.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\system\xul-app.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\common.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\events.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\helpers.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\namespace.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\observer.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\tab-fennec.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\tab-firefox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\tab.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\tabs-firefox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\tabs.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\tabs\worker.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\timers.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\url.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\util\array.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\util\deprecate.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\util\list.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\util\object.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\util\registry.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\util\uuid.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\window\browser.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\window\namespace.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\window\utils.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\windows.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\windows\dom.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\windows\fennec.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\windows\firefox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\windows\loader.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\windows\observer.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\windows\tabs-fennec.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\sdk\windows\tabs-firefox.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\addon-sdk\lib\toolkit\loader.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\sparpilot\data\icon48.png
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\sparpilot\data\icon64.png
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\sparpilot\data\jquery.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\sparpilot\data\toolbar.css
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\sparpilot\data\toolbar.js
c:\users\pfluft\AppData\Local\Temp2d89834258ef0d9368ef076a37e4212c\resources\sparpilot\lib\main.js
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f\background.html
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f\background.js
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f\icon.png
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f\icon128.png
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f\icon16.png
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f\icon48.png
c:\users\pfluft\AppData\Local\Temp3f8893ea9dc690859dd42badb13bf26f\manifest.json
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228\chrome.manifest
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228\chrome\content\econa-amazon-icon.css
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228\chrome\content\econa-amazon-icon.js
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228\chrome\content\econa-amazon-icon.xul
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228\chrome\content\icon.png
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228\chrome\locale\de-DE\econa-amazon-icon.dtd
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228\components\cmdline.js
c:\users\pfluft\AppData\Local\Tempc3105e72956278e0d8d593d0eb227228\install.rdf
c:\users\pfluft\AppData\Roaming\Frelnrnryr
c:\users\pfluft\AppData\Roaming\Iyzmlrpmzy
c:\users\pfluft\AppData\Roaming\Kivurfvfv
c:\users\pfluft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
c:\users\pfluft\AppData\Roaming\Nswk
c:\users\pfluft\AppData\Roaming\Papurr
c:\users\pfluft\AppData\Roaming\Pfuvu
c:\users\pfluft\AppData\Roaming\Qhrhqkgrkwq
c:\users\pfluft\AppData\Roaming\Qhrrpmrpn
c:\users\pfluft\AppData\Roaming\Qkjkj
c:\users\pfluft\AppData\Roaming\Rvdchndqh
c:\users\pfluft\AppData\Roaming\Whvumundfp
c:\users\pfluft\AppData\Roaming\Windows Net Data
c:\users\pfluft\AppData\Roaming\Windows Net Data\id.dat
c:\users\pfluft\AppData\Roaming\Windows Net Data\net.exe
c:\users\pfluft\AppData\Roaming\Windows Net Data\uninstaller.exe
c:\users\pfluft\AppData\Roaming\Windows Net Data\well.dat
c:\users\pfluft\AppData\Roaming\Xzyf
c:\users\pfluft\AppData\Roaming\Yywpfywfk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-13 bis 2013-12-13  ))))))))))))))))))))))))))))))
.
.
2013-12-13 20:49 . 2013-12-13 20:49	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-12-13 20:49 . 2013-12-13 20:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-12-13 15:22 . 2013-11-08 03:12	10285968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{185455C4-C470-4CB8-90BA-9854D1DDB52E}\mpengine.dll
2013-12-13 06:46 . 2013-05-10 04:30	167424	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2013-12-13 06:46 . 2013-05-10 03:48	164864	----a-w-	c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-13 06:46 . 2013-05-10 05:56	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2013-12-13 06:46 . 2013-05-10 04:56	12625408	----a-w-	c:\windows\SysWow64\wmploc.DLL
2013-12-13 06:46 . 2013-05-10 05:56	14631424	----a-w-	c:\windows\system32\wmp.dll
2013-12-12 08:48 . 2013-07-17 01:02	7717984	----a-w-	c:\windows\system32\drivers\kl1.sys
2013-12-12 08:48 . 2013-10-09 00:31	90208	----a-w-	c:\windows\system32\drivers\klflt.sys
2013-12-12 08:48 . 2013-10-09 00:31	489568	----a-w-	c:\windows\system32\drivers\klif.sys
2013-12-11 22:33 . 2013-12-11 22:33	--------	d-----w-	C:\FRST
2013-12-11 14:38 . 2013-12-12 08:14	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-12-09 17:33 . 2013-12-09 17:33	--------	d-----w-	c:\programdata\Abvent
2013-12-09 16:57 . 2013-12-09 17:36	--------	d-----w-	c:\program files\Artlantis Studio 5
2013-12-05 21:14 . 2013-12-05 21:14	--------	d-----w-	c:\program files (x86)\Common Files\PDF Architect
2013-11-26 09:20 . 2013-10-14 17:00	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
2013-11-14 19:03 . 2011-04-26 08:53	192512	----a-w-	c:\windows\SysWow64\drivers\UpdateHelper.dll
2013-11-14 19:03 . 2013-11-14 19:19	--------	d-----w-	c:\program files (x86)\ASUS
2013-11-14 19:01 . 2013-11-14 19:01	16896	----a-w-	c:\windows\AsTaskSched.dll
2013-11-14 18:57 . 2008-01-04 12:34	11832	----a-w-	c:\windows\SysWow64\drivers\AsInsHelp64.sys
2013-11-14 18:57 . 2008-01-04 12:34	10216	----a-w-	c:\windows\SysWow64\drivers\AsInsHelp32.sys
2013-11-14 18:45 . 2013-11-14 18:45	--------	d-----w-	c:\users\pfluft\AppData\Roaming\ASUS
2013-11-14 18:45 . 2013-11-14 18:45	--------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2013-11-14 14:27 . 2013-11-14 14:27	--------	d-----w-	c:\users\pfluft\ChromeExtensions
2013-11-14 12:41 . 2013-10-05 20:25	1474048	----a-w-	c:\windows\system32\crypt32.dll
2013-11-14 12:41 . 2013-10-05 19:57	1168384	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-11-14 12:41 . 2013-09-28 01:09	497152	----a-w-	c:\windows\system32\drivers\afd.sys
2013-11-14 12:41 . 2013-10-04 02:28	190464	----a-w-	c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-14 12:41 . 2013-10-04 02:25	197120	----a-w-	c:\windows\system32\credui.dll
2013-11-14 12:41 . 2013-10-04 02:24	1930752	----a-w-	c:\windows\system32\authui.dll
2013-11-14 12:41 . 2013-10-04 01:58	152576	----a-w-	c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-14 12:41 . 2013-10-04 01:56	168960	----a-w-	c:\windows\SysWow64\credui.dll
2013-11-14 12:41 . 2013-10-04 01:56	1796096	----a-w-	c:\windows\SysWow64\authui.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 19:07 . 2013-06-03 19:21	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 19:07 . 2013-06-03 19:21	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-14 22:14 . 2013-06-02 20:41	82896128	----a-w-	c:\windows\system32\MRT.exe
2013-11-11 04:50 . 2010-11-21 03:27	267936	------w-	c:\windows\system32\MpSigStub.exe
2013-11-10 19:01 . 2013-11-10 19:01	129536	----a-w-	c:\users\Public\AlexaNSISPlugin.7316.dll
2013-10-23 10:00 . 2012-12-13 09:49	454168	----a-w-	c:\windows\system32\drivers\vsdatant.sys
2013-10-20 15:35 . 2013-10-20 15:35	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2013-10-20 15:35 . 2013-10-20 15:35	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2013-10-20 15:35 . 2013-10-20 15:35	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2013-10-20 15:35 . 2013-10-20 15:35	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2013-10-10 21:48 . 2013-10-10 21:48	11152	----a-w-	c:\windows\SysWow64\vpncategories.dll
2013-10-10 21:48 . 2013-10-10 21:48	34192	----a-w-	c:\windows\SysWow64\vpnevents.dll
2013-10-10 21:31 . 2013-10-10 21:31	52080	----a-w-	c:\windows\system32\drivers\vpnva64-6.sys
2013-10-10 21:29 . 2013-06-19 14:40	112496	----a-r-	c:\windows\system32\drivers\acsock64.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\pfluft\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-09 1168896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-25 73832]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]
"GPU TweakIt Server Execute"="c:\program files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe" [2012-05-24 1355936]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-09-05 3478392]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-10-10 707984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort.sys [x]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-04 20:55	1210320	----a-w-	c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-03 19:07]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 09:15]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 09:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\pfluft\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: uni-kl.de\vpn
TCP: DhcpNameServer = 192.168.178.1
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vpn.uni-kl.de/CACHE/stc/2/binaries/vpnweb.cab
FF - ProfilePath - c:\users\pfluft\AppData\Roaming\Mozilla\Firefox\Profiles\sl258ywl.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-12-13 00:17; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\pfluft\AppData\Roaming\Mozilla\Firefox\Profiles\sl258ywl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Updater Service - c:\programdata\IBUpdaterService\ibsvc.exe
AddRemove-Windows Utils - c:\users\pfluft\AppData\Roaming\Windows Net Data\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-12-13  21:51:35
ComboFix-quarantined-files.txt  2013-12-13 20:51
ComboFix2.txt  2013-12-12 17:56
.
Vor Suchlauf: 17 Verzeichnis(se), 542.522.134.528 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 542.212.608.000 Bytes frei
.
- - End Of File - - 2FCA3B3B649A3E558600F25B8F8040A5

Pfluft · 14.12.2013, 23:36

---

Hallo Cosinus, ist es gefährlich wenn ich per Dropbox oder Email Dateien verschicke ? Kann ich damit jemanden schaden ? Ich muss für die Uni in Teamarbeit arbeiten und dazu müssen wir Dateien austauschen. Geht das ?

11.12.2013, 23:34	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Abmahungs-Mail, Zip geöffnet Dann poste einen Screeshot davon __________________ Logfiles bitte immer in CODE-Tags posten

11.12.2013, 23:49	#7
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Abmahungs-Mail, Zip geöffnet Ok, aber die additions.txt ist leider unvollständig... Edit: ich glaub FRST hat gerade nen Fehler...lad FRST morgen nochmal neu runter und erstell die Logs mit der neuen FRST-Version nochmal. Haken setzen bei additions.txt nicht vergessen. __________________ Logfiles bitte immer in CODE-Tags posten

12.12.2013, 18:23	#11
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Abmahungs-Mail, Zip geöffnet Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal. __________________ Logfiles bitte immer in CODE-Tags posten

Abmahungs-Mail, Zip geöffnet

Plagegeister aller Art und deren Bekämpfung: Abmahungs-Mail, Zip geöffnet