 | |
GVU/Interpol Trojaner Windows 7
Hi,
auch der Laptop von meinem Vater ist befallen. Bin sehr für Hilfe dankbar.
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2013
Ran by SYSTEM on MININT-5BA3LBM on 23-11-2013 12:46:41
Running from H:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKU\Hermann\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2013-04-29] (Google Inc.)
Startup: C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\amqrjwljt.lnk
ShortcutTarget: amqrjwljt.lnk -> C:\PROGRA~3\tjlwjrqma.dss (Корпорация Майкрософт)
Startup: C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lcj6djwhg.lnk
ShortcutTarget: lcj6djwhg.lnk -> C:\PROGRA~3\ghwjd6jcl.dss (Корпорация Майкрософт)
Startup: C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files\ZooskMessenger\ZooskMessenger.exe (No File)
========================== Services (Whitelisted) =================
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640 2013-05-11] (Adobe Systems Incorporated)
S4 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2013-11-02] (Adobe Systems Incorporated)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2012-06-14] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2012-06-14] (Google Inc.)
S3 gusvc; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2013-04-29] (Google)
S2 IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760 2012-11-20] ()
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-21] (Microsoft Corporation)
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [114144 2012-09-06] (Mozilla Foundation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [116560 2009-06-10] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 ose64; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [174440 2010-01-09] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)
S2 TeamViewer8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [3467768 2012-12-14] (TeamViewer GmbH)
S4 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2012-01-23] (TomTom)
S2 Winmgmt; C:\ProgramData\amqrjwljt.pss [60520 2013-11-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [78976 2011-03-05] (Advanced Micro Devices)
S0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [38528 2011-03-05] (Advanced Micro Devices)
S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2797056 2011-12-13] (Atheros Communications, Inc.)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [115216 2010-11-18] (Advanced Micro Devices)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [289704 2011-07-06] (Atheros)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [138024 2010-11-12] (ELAN Microelectronics Corp.)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [6108416 2009-06-10] (Intel Corporation)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2905320 2011-06-25] (Realtek Semiconductor Corp.)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [533096 2011-05-17] (Realtek )
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-09-16] (Windows (R) 2003 DDK 3790 provider)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-23 12:46 - 2013-11-23 12:46 - 00000000 ____D C:\FRST
2013-11-23 08:59 - 2013-11-23 09:06 - 00000291 _____ C:\ProgramData\amqrjwljt.reg
2013-11-23 08:54 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\System32\IEUDINIT.EXE
2013-11-23 08:50 - 2013-11-23 08:50 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-23 08:50 - 2013-11-23 08:50 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-23 08:50 - 2013-11-23 08:50 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-23 08:50 - 2013-11-23 08:50 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-23 08:50 - 2013-11-23 08:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-23 08:50 - 2013-11-23 08:50 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-23 08:50 - 2013-11-23 08:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-23 08:50 - 2013-11-23 08:50 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-23 08:50 - 2013-11-23 08:50 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-23 08:50 - 2013-11-23 08:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-23 08:50 - 2013-11-23 08:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-23 08:49 - 2013-11-23 08:50 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 23212032 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 12995584 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 05765120 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-23 08:49 - 2013-11-23 08:49 - 02332160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 01993728 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-23 08:49 - 2013-11-23 08:49 - 01394176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-11-23 08:49 - 2013-11-23 08:49 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-11-23 08:49 - 2013-11-23 08:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-11-23 08:49 - 2013-11-23 08:49 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-11-23 08:48 - 2013-11-23 08:54 - 00010006 _____ C:\Windows\IE11_main.log
2013-11-22 18:50 - 2013-11-23 12:34 - 00991476 _____ C:\ProgramData\amqrjwljt.bxx
2013-11-22 18:48 - 2013-11-23 12:13 - 00000000 _____ C:\ProgramData\amqrjwljt.fvv
2013-11-22 18:48 - 2013-11-22 18:48 - 00060520 ____T (Microsoft Corporation) C:\ProgramData\amqrjwljt.pss
2013-11-22 18:47 - 2013-11-22 18:47 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\tjlwjrqma.dss
2013-11-22 15:44 - 2013-11-23 12:31 - 00012600 _____ C:\ProgramData\lcj6djwhg.bxx
2013-11-22 15:44 - 2013-11-23 12:13 - 00000000 _____ C:\ProgramData\lcj6djwhg.fvv
2013-11-22 15:44 - 2013-11-22 15:44 - 00060520 ____T (Microsoft Corporation) C:\ProgramData\lcj6djwhg.pss
2013-11-22 15:43 - 2013-11-22 15:43 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\ghwjd6jcl.dss
2013-11-13 11:30 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-13 11:30 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 11:29 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-13 11:29 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-13 11:29 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 11:29 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 11:29 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 11:29 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 11:29 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-13 11:29 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-13 11:29 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 11:29 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 11:29 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 11:29 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-13 11:29 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 11:29 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-13 11:29 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-13 11:29 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-13 11:29 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-13 11:29 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-13 11:29 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-13 11:29 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-13 11:29 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-13 11:29 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-13 11:29 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 11:29 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 11:29 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 11:29 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 11:29 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-13 11:29 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-02 15:48 - 2013-11-02 15:48 - 00000000 ____D C:\Program Files\GMX MailCheck
==================== One Month Modified Files and Folders =======
2013-11-23 12:46 - 2013-11-23 12:46 - 00000000 ____D C:\FRST
2013-11-23 12:34 - 2013-11-22 18:50 - 00991476 _____ C:\ProgramData\amqrjwljt.bxx
2013-11-23 12:31 - 2013-11-22 15:44 - 00012600 _____ C:\ProgramData\lcj6djwhg.bxx
2013-11-23 12:18 - 2009-07-14 05:45 - 00020992 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-23 12:18 - 2009-07-14 05:45 - 00020992 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-23 12:13 - 2013-11-22 18:48 - 00000000 _____ C:\ProgramData\amqrjwljt.fvv
2013-11-23 12:13 - 2013-11-22 15:44 - 00000000 _____ C:\ProgramData\lcj6djwhg.fvv
2013-11-23 12:10 - 2009-07-14 05:51 - 00063398 _____ C:\Windows\setupact.log
2013-11-23 09:40 - 2011-07-21 20:51 - 01285486 _____ C:\Windows\WindowsUpdate.log
2013-11-23 09:06 - 2013-11-23 08:59 - 00000291 _____ C:\ProgramData\amqrjwljt.reg
2013-11-23 09:03 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-23 08:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\de-DE
2013-11-23 08:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64
2013-11-23 08:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\de-DE
2013-11-23 08:54 - 2013-11-23 08:48 - 00010006 _____ C:\Windows\IE11_main.log
2013-11-23 08:50 - 2013-11-23 08:50 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-23 08:50 - 2013-11-23 08:50 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-23 08:50 - 2013-11-23 08:50 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-23 08:50 - 2013-11-23 08:50 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-23 08:50 - 2013-11-23 08:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-23 08:50 - 2013-11-23 08:50 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-23 08:50 - 2013-11-23 08:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-23 08:50 - 2013-11-23 08:50 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-23 08:50 - 2013-11-23 08:50 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-23 08:50 - 2013-11-23 08:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-23 08:50 - 2013-11-23 08:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-23 08:50 - 2013-11-23 08:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-23 08:50 - 2013-11-23 08:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 23212032 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 12995584 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 05765120 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-23 08:49 - 2013-11-23 08:49 - 02332160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 01993728 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-23 08:49 - 2013-11-23 08:49 - 01394176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-11-23 08:49 - 2013-11-23 08:49 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-11-23 08:49 - 2013-11-23 08:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-11-23 08:49 - 2013-11-23 08:49 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-11-23 08:49 - 2013-11-23 08:49 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-23 08:49 - 2013-11-23 08:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-11-23 08:48 - 2011-10-18 20:10 - 00001912 _____ C:\Windows\epplauncher.mif
2013-11-23 08:47 - 2011-10-18 20:11 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-22 18:48 - 2013-11-22 18:48 - 00060520 ____T (Microsoft Corporation) C:\ProgramData\amqrjwljt.pss
2013-11-22 18:47 - 2013-11-22 18:47 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\tjlwjrqma.dss
2013-11-22 15:44 - 2013-11-22 15:44 - 00060520 ____T (Microsoft Corporation) C:\ProgramData\lcj6djwhg.pss
2013-11-22 15:43 - 2013-11-22 15:43 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\ghwjd6jcl.dss
2013-11-19 11:21 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-11-14 18:04 - 2011-10-19 19:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 18:01 - 2013-08-16 12:26 - 00000000 ____D C:\Windows\System32\MRT
2013-11-14 18:01 - 2011-10-19 01:53 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-14 14:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-12 15:46 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2013-11-12 15:39 - 2011-10-18 23:38 - 00000000 ____D C:\users\Hermann
2013-11-12 15:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\wfp
2013-11-12 15:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-11 12:52 - 2011-10-21 11:13 - 00000000 ____D C:\Users\Hermann\AppData\Local\CrashDumps
2013-11-02 15:50 - 2012-04-15 19:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-02 15:50 - 2011-10-18 20:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-02 15:48 - 2013-11-02 15:48 - 00000000 ____D C:\Program Files\GMX MailCheck
2013-11-02 15:48 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)
2013-11-02 15:47 - 2009-07-14 05:45 - 00428216 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-02 15:46 - 2010-11-21 04:47 - 00316674 _____ C:\Windows\PFRO.log
Files to move or delete:
====================
C:\ProgramData\amqrjwljt.bxx
C:\ProgramData\amqrjwljt.fvv
C:\ProgramData\amqrjwljt.pss
C:\ProgramData\amqrjwljt.reg
C:\ProgramData\ghwjd6jcl.dss
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\lcj6djwhg.bxx
C:\ProgramData\lcj6djwhg.fvv
C:\ProgramData\lcj6djwhg.pss
C:\ProgramData\tjlwjrqma.dss
Some content of TEMP:
====================
C:\Users\Hermann\AppData\Local\Temp\bpuninstall.exe
C:\Users\Hermann\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Hermann\AppData\Local\Temp\GMX_Toolbar_IE_Setup.exe
C:\Users\Hermann\AppData\Local\Temp\ose00000.exe
C:\Users\Hermann\AppData\Local\Temp\ResetDevice.exe
C:\Users\Hermann\AppData\Local\Temp\tbIncr.dll
C:\Users\Hermann\AppData\Local\Temp\~tmf3763187803500727431.dll
C:\Users\Hermann\AppData\Local\Temp\~tmf413572174899020541.dll
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2011-07-21 05:42] - [2011-02-25 07:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\System32\winlogon.exe
[2010-11-21 04:24] - [2010-11-21 04:24] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457
C:\Windows\System32\wininit.exe
[2009-07-14 00:52] - [2009-07-14 02:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA
C:\Windows\System32\svchost.exe
[2009-07-14 00:31] - [2009-07-14 02:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\User32.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B
C:\Windows\System32\userinit.exe
[2010-11-21 04:24] - [2010-11-21 04:24] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53
C:\Windows\System32\Drivers\volsnap.sys
[2010-11-21 04:23] - [2010-11-21 04:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
12
Restore point made on: 2013-11-04 00:42:33
Restore point made on: 2013-11-05 16:06:53
Restore point made on: 2013-11-09 11:57:19
Restore point made on: 2013-11-10 19:00:17
Restore point made on: 2013-11-12 15:35:02
Restore point made on: 2013-11-12 15:44:27
Restore point made on: 2013-11-12 15:49:48
Restore point made on: 2013-11-14 17:59:59
Restore point made on: 2013-11-17 19:00:29
Restore point made on: 2013-11-18 15:14:21
Restore point made on: 2013-11-22 00:40:54
Restore point made on: 2013-11-23 08:47:07
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 5611.81 MB
Available physical RAM: 5020.37 MB
Total Pagefile: 5610.09 MB
Available Pagefile: 5021.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.2 MB
==================== Drives ================================
Drive c: (Windows 7 Home Premium) (Fixed) (Total:230 GB) (Free:176.68 GB) NTFS
Drive d: (Eigene Dateien) (Fixed) (Total:342.9 GB) (Free:160.84 GB) NTFS
Drive f: (SAMSUNG_REC) (Fixed) (Total:23.17 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (GRMCPRFRER_DE_DVD) (CDROM) (Total:2.29 GB) (Free:0 GB) UDF
Drive h: (TOSHIBA) (Removable) (Total:7.45 GB) (Free:4.46 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: C469F6B2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=343 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23 GB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7 GB) (Disk ID: 29940F6A)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)
LastRegBack: 2013-11-15 11:26
==================== End Of Log ============================
--- --- --- |
| schrauber | 23.11.2013 15:35 |
hi,
Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
Startup: C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\amqrjwljt.lnk
ShortcutTarget: amqrjwljt.lnk -> C:\PROGRA~3\tjlwjrqma.dss (Корпорация Майкрософт)
Startup: C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lcj6djwhg.lnk
ShortcutTarget: lcj6djwhg.lnk -> C:\PROGRA~3\ghwjd6jcl.dss (Корпорация Майкрософт)
S2 Winmgmt; C:\ProgramData\amqrjwljt.pss [60520 2013-11-22] (Microsoft Corporation)
2013-11-23 08:59 - 2013-11-23 09:06 - 00000291 _____ C:\ProgramData\amqrjwljt.reg
C:\ProgramData\amqrjwljt.bxx
C:\ProgramData\amqrjwljt.fvv
C:\ProgramData\amqrjwljt.pss
C:\ProgramData\amqrjwljt.reg
C:\ProgramData\ghwjd6jcl.dss
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\lcj6djwhg.bxx
C:\ProgramData\lcj6djwhg.fvv
C:\ProgramData\lcj6djwhg.pss
C:\ProgramData\tjlwjrqma.dss
Speichere diese bitte als Fixlist.txt auf deinem USB Stick. - Starte deinen Rechner erneut in die Reparaturoptionen
- Starte nun die FRST.exe erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
Rechner normal starten. |
Wunderbar! Vielen, vielen Dank :)
Hier noch die Fixlog.txt: Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2013
Ran by SYSTEM at 2013-11-23 19:09:51 Run:1
Running from H:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
Startup: C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\amqrjwljt.lnk
ShortcutTarget: amqrjwljt.lnk -> C:\PROGRA~3\tjlwjrqma.dss (?????????? ??????????)
Startup: C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lcj6djwhg.lnk
ShortcutTarget: lcj6djwhg.lnk -> C:\PROGRA~3\ghwjd6jcl.dss (?????????? ??????????)
S2 Winmgmt; C:\ProgramData\amqrjwljt.pss [60520 2013-11-22] (Microsoft Corporation)
2013-11-23 08:59 - 2013-11-23 09:06 - 00000291 _____ C:\ProgramData\amqrjwljt.reg
C:\ProgramData\amqrjwljt.bxx
C:\ProgramData\amqrjwljt.fvv
C:\ProgramData\amqrjwljt.pss
C:\ProgramData\amqrjwljt.reg
C:\ProgramData\ghwjd6jcl.dss
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\lcj6djwhg.bxx
C:\ProgramData\lcj6djwhg.fvv
C:\ProgramData\lcj6djwhg.pss
C:\ProgramData\tjlwjrqma.dss
*****************
C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\amqrjwljt.lnk => Moved successfully.
C:\PROGRA~3\tjlwjrqma.dss => Moved successfully.
C:\Users\Hermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lcj6djwhg.lnk => Moved successfully.
C:\PROGRA~3\ghwjd6jcl.dss => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\amqrjwljt.reg => Moved successfully.
C:\ProgramData\amqrjwljt.bxx => Moved successfully.
C:\ProgramData\amqrjwljt.fvv => Moved successfully.
C:\ProgramData\amqrjwljt.pss => Moved successfully.
"C:\ProgramData\amqrjwljt.reg" => File/Directory not found.
"C:\ProgramData\ghwjd6jcl.dss" => File/Directory not found.
C:\ProgramData\ism_0_llatsni.pad => Moved successfully.
C:\ProgramData\lcj6djwhg.bxx => Moved successfully.
C:\ProgramData\lcj6djwhg.fvv => Moved successfully.
C:\ProgramData\lcj6djwhg.pss => Moved successfully.
"C:\ProgramData\tjlwjrqma.dss" => File/Directory not found.
==== End of Fixlog ====
|
| schrauber | 24.11.2013 08:52 |
Kontrollscans im normalen Modus :)
Downloade Dir bitte  Malwarebytes Anti-Malware - Installiere das Programm in den vorgegebenen Pfad.
(Bebilderte Anleitung zu MBAM)
- Starte Malwarebytes' Anti-Malware (MBAM).
- Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
- Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
- Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
- Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
- Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
- Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
- Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
- Starte die AdwCleaner.exe mit einem Doppelklick.
- Stimme den Nutzungsbedingungen zu.
- Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
- Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
- Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
- Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
- Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade  Junkware Removal Tool auf Deinen Desktop - Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
- Drücke eine beliebige Taste, um das Tool zu starten.
- Je nach System kann der Scan eine Weile dauern.
- Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
- Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
- Starte jetzt FRST.
- Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
- Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
- Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 06:45 Uhr. | |
Copyright ©2000-2025, Trojaner-Board
Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.