| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Festplatte zeigt 180gb weniger Speicher an, searchgol nicht löschbarWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.10.2013, 19:23
| #16 |
| /// the machine /// TB-Ausbilder    |  Festplatte zeigt 180gb weniger Speicher an, searchgol nicht löschbar FRST.txt ist unvollständig 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.10.2013, 19:12
| #17 |
 | Festplatte zeigt 180gb weniger Speicher an, searchgol nicht löschbarFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2013
Ran by Matro (administrator) on MATRO-PC on 20-10-2013 20:09:24
Running from C:\Users\Matro\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHKE.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-11-07] (Sun Microsystems, Inc.)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE [283232 2013-08-10] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {9FB3154A-6D4C-4890-920F-A47A96545F11} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52272 2009-11-07] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Matro\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Matro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Matro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Matro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Matro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\Matro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Matro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Matro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Matro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-22] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [164816 2013-09-12] (APN LLC.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe [240640 2009-08-13] (IDT, Inc.)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-22] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-20 20:08 - 2013-10-20 20:08 - 01954548 _____ (Farbar) C:\Users\Matro\Downloads\FRST64.exe
2013-10-20 19:43 - 2013-10-20 19:43 - 102068998 _____ C:\Windows\SysWOW64\鯞ᵌ
2013-10-18 13:45 - 2013-10-18 13:45 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-18 13:43 - 2013-10-20 19:53 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-18 13:43 - 2013-10-20 19:41 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-18 13:43 - 2013-10-18 13:48 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-18 13:43 - 2013-10-18 13:48 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-18 13:39 - 2013-10-18 13:39 - 00038446 _____ C:\Users\Matro\Desktop\bookmarks_18.10.13.html
2013-10-17 20:25 - 2013-10-17 20:25 - 00000000 ____D C:\ProgramData\Oracle
2013-10-17 20:25 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-17 20:25 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-17 20:25 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-17 20:25 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-17 20:24 - 2013-10-17 20:25 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-17 11:48 - 2013-10-17 11:48 - 00891167 _____ C:\Users\Matro\Downloads\SecurityCheck.exe
2013-10-16 15:20 - 2013-10-16 15:20 - 02347384 _____ (ESET) C:\Users\Matro\Downloads\esetsmartinstaller_enu.exe
2013-10-16 15:20 - 2013-10-16 15:20 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-14 16:46 - 2013-10-14 16:46 - 00001078 _____ C:\Users\Matro\Desktop\JRT.txt
2013-10-14 16:37 - 2013-10-14 16:37 - 00000000 ____D C:\Windows\ERUNT
2013-10-14 16:36 - 2013-10-14 16:36 - 01032220 _____ (Thisisu) C:\Users\Matro\Downloads\JRT.exe
2013-10-14 16:06 - 2013-10-14 16:29 - 00000000 ____D C:\Users\Matro\AppData\Local\LogMeIn Rescue Applet
2013-10-14 16:06 - 2013-10-14 16:06 - 01247072 _____ (LogMeIn, Inc.) C:\Users\Matro\Downloads\Support-LogMeInRescue.exe
2013-10-14 15:58 - 2013-10-14 15:58 - 01048960 _____ C:\Users\Matro\Downloads\adwcleaner.exe
2013-10-14 14:10 - 2013-10-14 14:10 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-14 14:10 - 2013-10-14 14:10 - 00000000 ____D C:\Users\Matro\AppData\Roaming\Malwarebytes
2013-10-14 14:10 - 2013-10-14 14:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-14 14:10 - 2013-10-14 14:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-14 14:10 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-14 14:09 - 2013-10-14 14:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Matro\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-11 18:02 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 18:02 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 18:02 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 18:02 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 18:02 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 18:02 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 18:02 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 18:02 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 18:02 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 18:02 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 18:02 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 18:02 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 18:02 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 18:02 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 18:02 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 18:02 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 18:02 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 18:02 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 18:02 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 18:02 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 18:02 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 18:02 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 18:02 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 18:02 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 18:02 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 18:02 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 18:02 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 18:02 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 18:02 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 18:02 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 18:02 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 12:53 - 2013-10-11 12:53 - 00027182 _____ C:\ComboFix.txt
2013-10-11 12:40 - 2013-10-11 12:53 - 00000000 ____D C:\Qoobox
2013-10-11 12:40 - 2013-10-11 12:51 - 00000000 ____D C:\Windows\erdnt
2013-10-11 12:40 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-11 12:40 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-11 12:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-11 12:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-11 12:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-11 12:40 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-11 12:40 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-11 12:40 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-11 12:35 - 2013-10-11 12:36 - 05131844 ____R (Swearware) C:\Users\Matro\Downloads\ComboFix.exe
2013-10-11 10:38 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 10:38 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 10:38 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 10:38 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-11 10:38 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 10:38 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 10:38 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 10:38 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-11 10:38 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 10:38 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-11 10:38 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-11 10:38 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-11 10:38 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-11 10:38 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-11 10:38 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-11 10:38 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-11 10:38 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-11 10:38 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-11 10:38 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-11 10:38 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 10:38 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-11 10:38 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 10:38 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 10:38 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 10:38 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 10:38 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-11 10:38 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-11 10:38 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 10:38 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-11 10:38 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-11 10:38 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 10:38 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 10:38 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 10:38 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 10:38 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 10:38 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 10:38 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 10:38 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 10:38 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 10:38 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 10:38 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 10:38 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 10:38 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-11 10:37 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 10:37 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 10:37 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 10:37 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 13:14 - 2013-10-19 13:26 - 00019567 _____ C:\Users\Matro\Downloads\Addition.txt
2013-10-10 13:12 - 2013-10-10 13:12 - 00000000 ____D C:\FRST
2013-09-30 16:57 - 2013-09-30 16:57 - 00000000 ____D C:\Users\Matro\Desktop\zu verkaufen
2013-09-26 15:47 - 2013-09-26 15:47 - 00268264 _____ (Citrix Online) C:\Users\Matro\Downloads\Citrix Online Launcher.exe
2013-09-26 13:16 - 2013-09-26 13:17 - 02828552 _____ (AVAST Software) C:\Users\Matro\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-09-25 17:59 - 2013-09-25 17:59 - 00090283 _____ C:\Users\Matro\Documents\Unbenannt (3).wma
2013-09-25 17:59 - 2013-09-25 17:59 - 00067833 _____ C:\Users\Matro\Documents\Unbenannt (2).wma
2013-09-25 17:58 - 2013-09-25 17:58 - 00090283 _____ C:\Users\Matro\Documents\Unbenannt.wma
2013-09-25 17:57 - 2013-09-25 17:57 - 20586496 _____ C:\Users\Matro\Downloads\SkypeSetup [1].exe
2013-09-25 17:57 - 2013-09-25 17:57 - 00003232 _____ C:\Windows\System32\Tasks\UpdaterEX
2013-09-25 17:57 - 2013-09-25 17:57 - 00000000 ____D C:\Users\Matro\AppData\Roaming\UpdaterEX
2013-09-25 17:56 - 2013-09-25 17:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-25 17:55 - 2013-09-26 12:56 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-25 17:54 - 2013-09-25 17:54 - 00676072 _____ C:\Users\Matro\Downloads\SkypeSetup.exe
2013-09-25 17:51 - 2013-10-10 12:11 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-09-25 17:50 - 2013-09-26 12:54 - 00000000 ____D C:\Users\Matro\AppData\Local\Citrix
2013-09-24 13:34 - 2013-09-24 13:34 - 00008423 _____ C:\Users\Matro\Downloads\industry_quadrupler.zip
2013-09-24 12:57 - 2013-09-24 12:57 - 00000000 ____D C:\Program Files (x86)\Traffic Simulator Configuration Tool
2013-09-24 12:54 - 2013-09-24 12:54 - 00000000 ____D C:\Users\Matro\Downloads\Dokumentation
2013-09-24 12:54 - 2011-12-25 23:49 - 22403861 _____ C:\Users\Matro\Downloads\NetworkAddonMod_Setup.exe
2013-09-24 12:54 - 2011-12-23 22:14 - 00014142 _____ C:\Users\Matro\Downloads\Bitte zuerst lesen.htm
2013-09-24 12:54 - 2011-02-08 12:14 - 00016790 _____ C:\Users\Matro\Downloads\Cleanitol_NetworkAddonMod.txt
2013-09-24 12:49 - 2013-09-24 12:51 - 17915242 _____ C:\Users\Matro\Downloads\SimCity_4_Rush_Hour_v116380_Patch_International.exe
2013-09-24 12:49 - 2013-09-24 12:50 - 09390527 _____ C:\Users\Matro\Downloads\SimCity_4_Patch_v102720_European.exe
2013-09-24 12:47 - 2013-09-24 12:49 - 23140223 _____ C:\Users\Matro\Downloads\NetworkAddonMod_Setup_v30de.zip
2013-09-23 16:43 - 2013-10-20 19:44 - 00000000 ____D C:\Users\Matro\AppData\Local\CrashDumps
2013-09-22 20:02 - 2013-09-22 20:01 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-22 14:42 - 2013-10-04 15:56 - 00000000 ____D C:\Users\Matro\Documents\SimCity 4
2013-09-22 14:26 - 2013-09-22 14:26 - 00000534 _____ C:\Windows\eReg.dat
2013-09-22 14:26 - 2013-09-22 14:26 - 00000000 ____D C:\Program Files (x86)\Maxis
2013-09-22 14:07 - 2013-04-02 20:42 - 00000000 ____D C:\Users\Matro\Downloads\Sim.City.Crack.Only.OFFLINE.Mode
2013-09-22 14:06 - 2013-09-22 14:06 - 00000000 ____D C:\Users\Matro\AppData\Roaming\Avira
2013-09-22 14:02 - 2013-09-22 14:04 - 26404527 _____ C:\Users\Matro\Downloads\Sim.City.Crack.Only.OFFLINE.Mode.rar
2013-09-22 14:01 - 2013-09-22 14:01 - 00000000 ____D C:\Users\Matro\AppData\Roaming\Mozilla
2013-09-22 14:01 - 2013-09-22 14:01 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-22 14:01 - 2013-09-22 14:01 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-09-22 14:00 - 2013-09-22 14:00 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-22 13:59 - 2013-09-22 14:00 - 00000000 ____D C:\ProgramData\Avira
2013-09-22 13:59 - 2013-09-22 13:59 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-22 13:59 - 2013-09-22 13:59 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-22 13:59 - 2013-09-22 13:59 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-22 13:59 - 2013-09-22 13:59 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-22 13:48 - 2013-09-22 13:48 - 02092792 _____ C:\Users\Matro\Downloads\avira_free_antivirus (1).exe
2013-09-22 13:44 - 2013-09-22 13:44 - 02092792 _____ C:\Users\Matro\Downloads\avira_free_antivirus.exe
2013-09-22 13:43 - 2013-10-14 16:24 - 00000000 ____D C:\AdwCleaner
2013-09-22 13:42 - 2013-09-22 13:43 - 01039554 _____ C:\Users\Matro\Downloads\adwcleaner004.exe
2013-09-22 13:35 - 2013-06-14 13:02 - 00000340 _____ C:\Users\Matro\Downloads\readme(password).txt
2013-09-22 13:32 - 2013-04-19 19:09 - 00000000 _____ C:\Users\Matro\Downloads\Simcity 5 crack.exe
2013-09-22 13:31 - 2013-09-22 13:32 - 07273696 _____ C:\Users\Matro\Downloads\Simcity+5+crack.rar
2013-09-22 13:17 - 2013-09-22 13:17 - 00509944 _____ C:\Users\Matro\Downloads\PricePeep_RocketFuelInstaller.exe
2013-09-21 19:46 - 2013-09-21 19:46 - 00000000 ____D C:\Users\Matro\AppData\Roaming\Apple Computer
2013-09-21 18:43 - 2013-09-21 18:44 - 00000000 ____D C:\Users\Matro\Desktop\Pkmn Schwarz
2013-09-21 18:42 - 2011-08-12 16:30 - 00000000 ____D C:\Users\Matro\Downloads\NO$GBA v2.6a + GBA BIOS + NDS BIOS + NDS Firmware (German)
2013-09-21 18:29 - 2013-09-21 18:34 - 73712376 _____ C:\Users\Matro\Downloads\Emu2011.rar
2013-09-21 18:24 - 2013-09-21 18:24 - 00313624 _____ C:\Users\Matro\Downloads\ideas1040.zip
2013-09-21 16:38 - 2013-09-21 16:41 - 39401336 _____ (Apple Inc.) C:\Users\Matro\Downloads\QuickTimeInstaller (1).exe
2013-09-21 16:37 - 2013-09-21 16:37 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-09-21 16:37 - 2013-09-21 16:37 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-21 16:37 - 2013-09-21 16:37 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-21 16:36 - 2013-09-21 16:36 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-09-21 16:36 - 2013-09-21 16:36 - 00000000 ____D C:\Users\Matro\AppData\Local\Apple
2013-09-21 16:36 - 2013-09-21 16:36 - 00000000 ____D C:\ProgramData\Apple
2013-09-21 16:36 - 2013-09-21 16:36 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-21 16:28 - 2013-09-21 16:31 - 41404760 _____ (Apple Inc.) C:\Users\Matro\Downloads\QuickTimeInstaller.exe
==================== One Month Modified Files and Folders =======
2013-10-20 20:08 - 2013-10-20 20:08 - 01954548 _____ (Farbar) C:\Users\Matro\Downloads\FRST64.exe
2013-10-20 19:53 - 2013-10-18 13:43 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-20 19:51 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-20 19:51 - 2009-07-14 06:45 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-20 19:44 - 2013-09-23 16:43 - 00000000 ____D C:\Users\Matro\AppData\Local\CrashDumps
2013-10-20 19:43 - 2013-10-20 19:43 - 102068998 _____ C:\Windows\SysWOW64\鯞ᵌ
2013-10-20 19:41 - 2013-10-18 13:43 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-20 19:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-20 19:41 - 2009-07-14 06:51 - 00061513 _____ C:\Windows\setupact.log
2013-10-19 20:23 - 2013-08-04 14:35 - 01201585 _____ C:\Windows\WindowsUpdate.log
2013-10-19 13:26 - 2013-10-10 13:14 - 00019567 _____ C:\Users\Matro\Downloads\Addition.txt
2013-10-19 11:12 - 2013-08-04 14:45 - 00209658 _____ C:\Windows\PFRO.log
2013-10-18 13:48 - 2013-10-18 13:43 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-18 13:48 - 2013-10-18 13:43 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-18 13:46 - 2013-08-04 15:41 - 00000000 ____D C:\Users\Matro\AppData\Local\Google
2013-10-18 13:45 - 2013-10-18 13:45 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-18 13:45 - 2013-08-04 15:41 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-18 13:43 - 2013-08-04 15:41 - 00000000 ____D C:\Users\Matro\AppData\Local\Deployment
2013-10-18 13:42 - 2013-08-04 15:41 - 00000000 ____D C:\Users\Matro\AppData\Local\Apps\2.0
2013-10-18 13:39 - 2013-10-18 13:39 - 00038446 _____ C:\Users\Matro\Desktop\bookmarks_18.10.13.html
2013-10-17 20:25 - 2013-10-17 20:25 - 00000000 ____D C:\ProgramData\Oracle
2013-10-17 20:25 - 2013-10-17 20:24 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-17 20:25 - 2013-08-04 15:50 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-17 11:48 - 2013-10-17 11:48 - 00891167 _____ C:\Users\Matro\Downloads\SecurityCheck.exe
2013-10-16 15:20 - 2013-10-16 15:20 - 02347384 _____ (ESET) C:\Users\Matro\Downloads\esetsmartinstaller_enu.exe
2013-10-16 15:20 - 2013-10-16 15:20 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-16 11:48 - 2009-11-08 05:20 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-10-16 11:48 - 2009-11-08 05:20 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-10-16 11:48 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-14 16:46 - 2013-10-14 16:46 - 00001078 _____ C:\Users\Matro\Desktop\JRT.txt
2013-10-14 16:37 - 2013-10-14 16:37 - 00000000 ____D C:\Windows\ERUNT
2013-10-14 16:36 - 2013-10-14 16:36 - 01032220 _____ (Thisisu) C:\Users\Matro\Downloads\JRT.exe
2013-10-14 16:29 - 2013-10-14 16:06 - 00000000 ____D C:\Users\Matro\AppData\Local\LogMeIn Rescue Applet
2013-10-14 16:24 - 2013-09-22 13:43 - 00000000 ____D C:\AdwCleaner
2013-10-14 16:06 - 2013-10-14 16:06 - 01247072 _____ (LogMeIn, Inc.) C:\Users\Matro\Downloads\Support-LogMeInRescue.exe
2013-10-14 15:58 - 2013-10-14 15:58 - 01048960 _____ C:\Users\Matro\Downloads\adwcleaner.exe
2013-10-14 14:10 - 2013-10-14 14:10 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-14 14:10 - 2013-10-14 14:10 - 00000000 ____D C:\Users\Matro\AppData\Roaming\Malwarebytes
2013-10-14 14:10 - 2013-10-14 14:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-14 14:10 - 2013-10-14 14:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-14 14:09 - 2013-10-14 14:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Matro\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-12 17:01 - 2009-07-14 06:45 - 00348696 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 12:53 - 2013-10-11 12:53 - 00027182 _____ C:\ComboFix.txt
2013-10-11 12:53 - 2013-10-11 12:40 - 00000000 ____D C:\Qoobox
2013-10-11 12:53 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-10-11 12:51 - 2013-10-11 12:40 - 00000000 ____D C:\Windows\erdnt
2013-10-11 12:50 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-11 12:36 - 2013-10-11 12:35 - 05131844 ____R (Swearware) C:\Users\Matro\Downloads\ComboFix.exe
2013-10-10 13:12 - 2013-10-10 13:12 - 00000000 ____D C:\FRST
2013-10-10 12:11 - 2013-09-25 17:51 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-10-08 07:50 - 2013-10-17 20:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 07:46 - 2013-10-17 20:25 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-08 07:46 - 2013-10-17 20:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-08 07:46 - 2013-10-17 20:25 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-04 15:56 - 2013-09-22 14:42 - 00000000 ____D C:\Users\Matro\Documents\SimCity 4
2013-09-30 16:57 - 2013-09-30 16:57 - 00000000 ____D C:\Users\Matro\Desktop\zu verkaufen
2013-09-27 13:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-26 15:47 - 2013-09-26 15:47 - 00268264 _____ (Citrix Online) C:\Users\Matro\Downloads\Citrix Online Launcher.exe
2013-09-26 13:17 - 2013-09-26 13:16 - 02828552 _____ (AVAST Software) C:\Users\Matro\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-09-26 12:56 - 2013-09-25 17:55 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-26 12:54 - 2013-09-25 17:50 - 00000000 ____D C:\Users\Matro\AppData\Local\Citrix
2013-09-25 17:59 - 2013-09-25 17:59 - 00090283 _____ C:\Users\Matro\Documents\Unbenannt (3).wma
2013-09-25 17:59 - 2013-09-25 17:59 - 00067833 _____ C:\Users\Matro\Documents\Unbenannt (2).wma
2013-09-25 17:58 - 2013-09-25 17:58 - 00090283 _____ C:\Users\Matro\Documents\Unbenannt.wma
2013-09-25 17:57 - 2013-09-25 17:57 - 20586496 _____ C:\Users\Matro\Downloads\SkypeSetup [1].exe
2013-09-25 17:57 - 2013-09-25 17:57 - 00003232 _____ C:\Windows\System32\Tasks\UpdaterEX
2013-09-25 17:57 - 2013-09-25 17:57 - 00000000 ____D C:\Users\Matro\AppData\Roaming\UpdaterEX
2013-09-25 17:56 - 2013-09-25 17:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-25 17:54 - 2013-09-25 17:54 - 00676072 _____ C:\Users\Matro\Downloads\SkypeSetup.exe
2013-09-24 13:34 - 2013-09-24 13:34 - 00008423 _____ C:\Users\Matro\Downloads\industry_quadrupler.zip
2013-09-24 12:57 - 2013-09-24 12:57 - 00000000 ____D C:\Program Files (x86)\Traffic Simulator Configuration Tool
2013-09-24 12:54 - 2013-09-24 12:54 - 00000000 ____D C:\Users\Matro\Downloads\Dokumentation
2013-09-24 12:51 - 2013-09-24 12:49 - 17915242 _____ C:\Users\Matro\Downloads\SimCity_4_Rush_Hour_v116380_Patch_International.exe
2013-09-24 12:50 - 2013-09-24 12:49 - 09390527 _____ C:\Users\Matro\Downloads\SimCity_4_Patch_v102720_European.exe
2013-09-24 12:49 - 2013-09-24 12:47 - 23140223 _____ C:\Users\Matro\Downloads\NetworkAddonMod_Setup_v30de.zip
2013-09-23 01:28 - 2013-10-11 18:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-11 18:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-11 18:02 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-11 18:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-11 18:02 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-11 18:02 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-11 18:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-11 18:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-11 18:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-11 18:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-11 18:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-11 18:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 01:27 - 2013-10-11 18:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 00:55 - 2013-10-11 18:02 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-11 18:02 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-11 18:02 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-11 18:02 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-11 18:02 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-11 18:02 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-11 18:02 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-11 18:02 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-11 18:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-11 18:02 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-11 18:02 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-11 18:02 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-11 18:02 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 00:54 - 2013-10-11 18:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-22 20:01 - 2013-09-22 20:02 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-22 19:38 - 2013-08-04 15:36 - 00000000 ____D C:\Users\Matro\AppData\Local\VirtualStore
2013-09-22 19:37 - 2013-08-04 15:36 - 00000000 ____D C:\Users\Matro\AppData\Local\Hewlett-Packard
2013-09-22 19:37 - 2013-08-04 15:33 - 00000000 ____D C:\Users\Matro\AppData\Roaming\Hewlett-Packard
2013-09-22 14:26 - 2013-09-22 14:26 - 00000534 _____ C:\Windows\eReg.dat
2013-09-22 14:26 - 2013-09-22 14:26 - 00000000 ____D C:\Program Files (x86)\Maxis
2013-09-22 14:06 - 2013-09-22 14:06 - 00000000 ____D C:\Users\Matro\AppData\Roaming\Avira
2013-09-22 14:04 - 2013-09-22 14:02 - 26404527 _____ C:\Users\Matro\Downloads\Sim.City.Crack.Only.OFFLINE.Mode.rar
2013-09-22 14:01 - 2013-09-22 14:01 - 00000000 ____D C:\Users\Matro\AppData\Roaming\Mozilla
2013-09-22 14:01 - 2013-09-22 14:01 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-09-22 14:01 - 2013-09-22 14:01 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-09-22 14:00 - 2013-09-22 14:00 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-09-22 14:00 - 2013-09-22 13:59 - 00000000 ____D C:\ProgramData\Avira
2013-09-22 13:59 - 2013-09-22 13:59 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-22 13:59 - 2013-09-22 13:59 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-22 13:59 - 2013-09-22 13:59 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-22 13:59 - 2013-09-22 13:59 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-22 13:48 - 2013-09-22 13:48 - 02092792 _____ C:\Users\Matro\Downloads\avira_free_antivirus (1).exe
2013-09-22 13:44 - 2013-09-22 13:44 - 02092792 _____ C:\Users\Matro\Downloads\avira_free_antivirus.exe
2013-09-22 13:44 - 2013-08-06 08:50 - 00000995 _____ C:\Users\Matro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-22 13:43 - 2013-09-22 13:42 - 01039554 _____ C:\Users\Matro\Downloads\adwcleaner004.exe
2013-09-22 13:39 - 2013-08-04 15:37 - 00000000 ___RD C:\Users\Matro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-22 13:32 - 2013-09-22 13:31 - 07273696 _____ C:\Users\Matro\Downloads\Simcity+5+crack.rar
2013-09-22 13:17 - 2013-09-22 13:17 - 00509944 _____ C:\Users\Matro\Downloads\PricePeep_RocketFuelInstaller.exe
2013-09-21 19:46 - 2013-09-21 19:46 - 00000000 ____D C:\Users\Matro\AppData\Roaming\Apple Computer
2013-09-21 18:44 - 2013-09-21 18:43 - 00000000 ____D C:\Users\Matro\Desktop\Pkmn Schwarz
2013-09-21 18:34 - 2013-09-21 18:29 - 73712376 _____ C:\Users\Matro\Downloads\Emu2011.rar
2013-09-21 18:24 - 2013-09-21 18:24 - 00313624 _____ C:\Users\Matro\Downloads\ideas1040.zip
2013-09-21 16:41 - 2013-09-21 16:38 - 39401336 _____ (Apple Inc.) C:\Users\Matro\Downloads\QuickTimeInstaller (1).exe
2013-09-21 16:37 - 2013-09-21 16:37 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-09-21 16:37 - 2013-09-21 16:37 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-21 16:37 - 2013-09-21 16:37 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-21 16:36 - 2013-09-21 16:36 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-09-21 16:36 - 2013-09-21 16:36 - 00000000 ____D C:\Users\Matro\AppData\Local\Apple
2013-09-21 16:36 - 2013-09-21 16:36 - 00000000 ____D C:\ProgramData\Apple
2013-09-21 16:36 - 2013-09-21 16:36 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-21 16:31 - 2013-09-21 16:28 - 41404760 _____ (Apple Inc.) C:\Users\Matro\Downloads\QuickTimeInstaller.exe
2013-09-21 16:11 - 2013-08-04 14:59 - 00000000 ____D C:\ProgramData\Norton
2013-09-21 05:38 - 2013-10-11 18:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-11 18:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-11 18:02 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-11 18:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
Some content of TEMP:
====================
C:\Users\Matro\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Matro\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-27 13:16
==================== End Of Log ============================
sollte jetzt komplett sein^^ Kleine Info, ich bin die nächsten 2 Wochen im urlaub. Werde mich frühestens am 01.11 wieder melden. LG |
|
21.10.2013, 10:52
| #18 | |
| /// the machine /// TB-Ausbilder | Festplatte zeigt 180gb weniger Speicher an, searchgol nicht löschbarZitat:
__________________ |
|
11.11.2013, 15:05
| #19 |
| | Festplatte zeigt 180gb weniger Speicher an, searchgol nicht löschbar Hi! Bin wieder zurück vom Urlaub. Wenn ich jetzt richtig geschaut habe, dann zeigt Sie 74 880 MB an. |
|
12.11.2013, 10:04
| #20 |
| /// the machine /// TB-Ausbilder | Festplatte zeigt 180gb weniger Speicher an, searchgol nicht löschbar Strange. Die sind wirklich weg. Man könnte jetzt mit Partedmagic oder Diskpart dran rumfingern, aber das ist in einem laufenden System, vor allem bei der Windows-Partition, ungeil.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.11.2013, 10:27
| #21 |
| | Festplatte zeigt 180gb weniger Speicher an, searchgol nicht löschbar Sowas passiert doch auch nur mir :-/ Wie kann sowas überhaupt passieren? Wäre dann also die letzte Möglichkeit die Festplatte zu formatieren und alles wieder neu aufzuspielen? |
|
12.11.2013, 13:31
| #22 |
| /// the machine /// TB-Ausbilder | Festplatte zeigt 180gb weniger Speicher an, searchgol nicht löschbar Ich würde das so machen, ja. daten sichern. Da ist die Partitionstabelle verrutscht denke ich.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Festplatte zeigt 180gb weniger Speicher an, searchgol nicht löschbar |
| festplattenspeicher, löschbar, nicht löschbar, problem, pup.optional.babylon.a, pup.optional.bonanzadeals.a, pup.optional.browsefox.a, pup.optional.delta.a, pup.optional.dprotect.a, pup.optional.elex.a, pup.optional.installcore.a, pup.optional.optimizerpro.a, pup.optional.startpage.a, speicher, trojan.dropper, trojan.staser, wenig |
Linear-Darstellung
