Win7: Interpol Trojaner - Logfile Farbar Recovery Scan Tool

Merkur76

Auf dem Notebook einer Freundin hat sich leider der Interpol Trojaner festgesetzt.

Ich habe im abgesicherten Modus den frst64.exe scan ausgeführt und keine Meldung mit "Attention" gefunden.
Bei "Files to move or delete" 2 Dateien gefunden.
(kenne mich nicht wirklich aus, aber leite das als Fehler von den anderen Posts her ab)


Würde nun gerne eure Hilfe in Anspruch nehmen, um ein korrektes fixlist.txt zu erstellen.

Vielen Dank!

(Ich weiss jetzt leider auch nicht wie ich das Log so schön wie die anderen posten kann )

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-08-2013 04
Ran by SYSTEM on 08-08-2013 20:45:50
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-09] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [UfSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022904 2010-02-23] (Trend Micro Inc.)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-01-18] (Alcor Micro Corp.)
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-09-09] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-03-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [EEventManager] - C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [887976 2011-08-23] (Ask)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-27] (Avira Operations GmbH & Co. KG)
HKU\Kleine Familie\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Kleine Familie\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\Kleine Familie\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\Kleine Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yuhrxsyivolepgekjwg.lnk
ShortcutTarget: yuhrxsyivolepgekjwg.lnk -> C:\Users\KLEINE~1\AppData\Local\Temp\gwjkegpeloviysxrhuy.bfg (Oracle)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-27] (Avira Operations GmbH & Co. KG)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859712 2010-10-09] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-02-23] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-02-23] (Trend Micro Inc.)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-27] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-27] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-27] (Avira Operations GmbH & Co. KG)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
S2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-02-23] (Trend Micro Inc.)
S2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
S2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
S3 tmlwf;
S3 tmwfp;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-08 10:22 - 2013-08-08 10:22 - 00000165 _____ C:\ProgramData\yuhrxsyivolepgekjwg.reg
2013-08-08 10:22 - 2013-08-08 10:22 - 00000070 _____ C:\ProgramData\yuhrxsyivolepgekjwg.bat
2013-08-07 20:53 - 2013-08-07 20:53 - 00000000 ____D C:\FRST
2013-08-07 10:44 - 2013-08-07 10:45 - 01789561 _____ (Farbar) C:\Users\Kleine Familie\Downloads\FRST64.exe
2013-08-07 10:15 - 2013-08-07 10:16 - 01229794 _____ (Farbar) C:\Users\Kleine Familie\Downloads\FRST.exe
2013-08-07 10:08 - 2013-08-07 10:08 - 00000207 _____ C:\Users\Kleine Familie\Desktop\Fixlist.txt
2013-08-07 10:00 - 2013-08-07 10:00 - 00000000 ____D C:\Users\Kleine Familie\AppData\Roaming\TeamViewer
2013-07-29 09:23 - 2013-07-29 09:24 - 00010795 _____ C:\Users\Kleine Familie\Desktop\USA TRIP DezJan2013.xlsx
2013-07-28 04:56 - 2013-07-28 04:55 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-27 23:00 - 2013-07-27 23:00 - 00000000 ____D C:\Users\Kleine Familie\AppData\Roaming\Avira
2013-07-27 22:55 - 2013-07-27 22:55 - 00001996 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-27 22:54 - 2013-07-27 22:54 - 00000000 ____D C:\ProgramData\Avira
2013-07-27 22:54 - 2013-07-27 22:54 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-27 22:54 - 2013-07-27 22:31 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-07-27 22:54 - 2013-07-27 22:31 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-07-27 22:54 - 2013-07-27 22:31 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-07-12 13:12 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 13:12 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 13:12 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 13:12 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 13:12 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 13:12 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 13:12 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 13:12 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 13:12 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 13:12 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 13:12 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 13:12 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 13:12 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 13:12 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-12 13:12 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-12 13:12 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-12 13:12 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-12 13:12 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-12 13:12 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-12 13:12 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-12 13:12 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-12 13:12 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-12 13:12 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-12 13:12 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-12 13:12 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-12 13:12 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-12 13:12 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-12 13:12 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 13:12 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-12 13:12 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-12 13:12 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 11:26 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-12 11:26 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 11:26 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-12 11:26 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 11:23 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-12 11:18 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 11:18 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-08 10:43 - 2009-08-04 01:51 - 00658150 _____ C:\Windows\System32\perfh007.dat
2013-08-08 10:43 - 2009-08-04 01:51 - 00131264 _____ C:\Windows\System32\perfc007.dat
2013-08-08 10:43 - 2009-07-13 21:13 - 01509054 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-08 10:32 - 2010-09-09 18:08 - 01916755 _____ C:\Windows\WindowsUpdate.log
2013-08-08 10:24 - 2010-11-14 00:51 - 00045056 _____ C:\Windows\System32\acovcnt.exe
2013-08-08 10:24 - 2010-09-09 18:28 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-08 10:24 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-08 10:23 - 2009-07-13 20:51 - 00115471 _____ C:\Windows\setupact.log
2013-08-08 10:22 - 2013-08-08 10:22 - 00000165 _____ C:\ProgramData\yuhrxsyivolepgekjwg.reg
2013-08-08 10:22 - 2013-08-08 10:22 - 00000070 _____ C:\ProgramData\yuhrxsyivolepgekjwg.bat
2013-08-08 10:00 - 2009-07-13 20:45 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-08 10:00 - 2009-07-13 20:45 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-08 09:59 - 2013-05-10 22:02 - 00000824 _____ C:\Windows\System32\Drivers\etc\tmvsthfud.bin
2013-08-08 09:59 - 2010-09-09 18:33 - 00000824 _____ C:\Windows\System32\Drivers\etc\tmvsthfss.bin
2013-08-08 09:58 - 2012-11-01 01:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-07 20:53 - 2013-08-07 20:53 - 00000000 ____D C:\FRST
2013-08-07 10:45 - 2013-08-07 10:44 - 01789561 _____ (Farbar) C:\Users\Kleine Familie\Downloads\FRST64.exe
2013-08-07 10:16 - 2013-08-07 10:15 - 01229794 _____ (Farbar) C:\Users\Kleine Familie\Downloads\FRST.exe
2013-08-07 10:11 - 2013-01-16 10:36 - 00002257 _____ C:\Users\Kleine Familie\Desktop\Internetbrowser.lnk
2013-08-07 10:11 - 2010-11-14 01:03 - 00000000 ____D C:\Users\Kleine Familie\AppData\Local\Google
2013-08-07 10:08 - 2013-08-07 10:08 - 00000207 _____ C:\Users\Kleine Familie\Desktop\Fixlist.txt
2013-08-07 10:00 - 2013-08-07 10:00 - 00000000 ____D C:\Users\Kleine Familie\AppData\Roaming\TeamViewer
2013-08-07 09:48 - 2010-11-14 01:51 - 00000000 ____D C:\Users\Kleine Familie\AppData\Roaming\Skype
2013-08-07 09:24 - 2010-09-09 18:28 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-05 11:07 - 2010-11-14 01:04 - 00003986 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{661C63F4-4342-4A3C-BAE2-4C7E9D2350B6}
2013-07-29 09:24 - 2013-07-29 09:23 - 00010795 _____ C:\Users\Kleine Familie\Desktop\USA TRIP DezJan2013.xlsx
2013-07-28 04:55 - 2013-07-28 04:56 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-28 04:49 - 2010-09-09 18:48 - 00001343 _____ C:\Windows\System32\ServiceFilter.ini
2013-07-28 04:44 - 2010-09-09 18:36 - 00059842 _____ C:\Windows\PFRO.log
2013-07-27 23:00 - 2013-07-27 23:00 - 00000000 ____D C:\Users\Kleine Familie\AppData\Roaming\Avira
2013-07-27 22:55 - 2013-07-27 22:55 - 00001996 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-27 22:54 - 2013-07-27 22:54 - 00000000 ____D C:\ProgramData\Avira
2013-07-27 22:54 - 2013-07-27 22:54 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-27 22:42 - 2010-09-09 18:48 - 00002172 _____ C:\Windows\System32\AutoRunFilter.ini
2013-07-27 22:31 - 2013-07-27 22:54 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-07-27 22:31 - 2013-07-27 22:54 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-07-27 22:31 - 2013-07-27 22:54 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-07-21 08:34 - 2010-12-10 22:57 - 00000000 ____D C:\Windows\System32\Service
2013-07-21 02:07 - 2010-12-24 05:41 - 00000270 _____ C:\Windows\Tasks\Epson Printer Software Downloader.job
2013-07-15 11:19 - 2010-09-09 18:28 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 11:19 - 2010-09-09 18:28 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 22:40 - 2010-11-14 01:19 - 00000000 ____D C:\Users\Kleine Familie\Documents\01_Christine
2013-07-13 01:41 - 2011-04-26 07:55 - 00000000 ____D C:\Users\Kleine Familie\AppData\Roaming\Apple Computer
2013-07-13 01:21 - 2009-07-13 20:45 - 00416312 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-13 01:19 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 01:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 01:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 01:18 - 2013-03-14 06:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 01:18 - 2013-03-14 06:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 13:20 - 2011-03-27 11:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 12:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-07-12 11:18 - 2013-05-19 23:05 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\yuhrxsyivolepgekjwg.bat
C:\ProgramData\yuhrxsyivolepgekjwg.reg

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4093.82 MB
Available physical RAM: 3478.32 MB
Total Pagefile: 4091.97 MB
Available Pagefile: 3480.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:33.14 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:329.79 GB) (Free:329.67 GB) NTFS (Disk=0 Partition=3)
Drive f: (INTENSO USB) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FE4AA2D7)
Partition 1: (Not Active) - (Size=20 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=330 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2013-08-04 10:58

==================== End Of Log ============================