Trojaner-Board - Interpol-Trojaner

Hallo,

hab ja nun schon gesehen: Der erste mit diesem Trojaner bin ich wohl nicht.

Habe FRST64 auf dem befallenen Rechner scannen lassen.. und hier das Logfile:

PS. Vielen vielen Dank für die Hilfe!!!:dankeschoen:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-09-2013

Ran by SYSTEM on MININT-7SOGSTK on 01-09-2013 20:42:01

Running from E:\

Windows 7 Home Premium (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Recovery
 

The current controlset is ControlSet001
 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-23] (Synaptics Incorporated)

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-20] (IDT, Inc.)

HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3217056 2010-04-01] (Dell Inc.)

HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()

HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-16] (Dell Inc.)

HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-10] (Dell)

HKLM-x32\...\runonceex: [ContentMerger] - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

HKLM\...\Policies\Explorer: [NoRun] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-18] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)

HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [Desktop Disc Tool] - c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-18] ()

HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)

HKLM-x32\...\Run: [DellSupportCenter] - "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]

HKLM-x32\...\Run: [DoroServer] - C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe [143360 2010-01-28] (CompSoft)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)

HKU\Bea und Tobi\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)

HKU\Bea und Tobi\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-21] (TomTom)

Startup: C:\Users\Bea und Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Bea und Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\efjwoipyqqpyfgtsjbb.lnk

ShortcutTarget: efjwoipyqqpyfgtsjbb.lnk -> C:\Users\BEAUND~1\AppData\Local\Temp\bbjstgfypqqypiowjfe.bfg (Microsoft Corporation)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 

==================== Services (Whitelisted) =================
 

S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()

S2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] ()

S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)

S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)

S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)

S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)

S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-20] (IDT, Inc.)

S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2009-12-16] (Dell Inc.)

S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
 

==================== Drivers (Whitelisted) ====================
 

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)

S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)

S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)

S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

S3 mfeavfk01; No ImagePath

S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]

S1 RxFilter; system32\DRIVERS\RxFilter.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-30 03:34 - 2013-08-30 03:34 - 00000165 _____ C:\ProgramData\efjwoipyqqpyfgtsjbb.reg

2013-08-30 03:34 - 2013-08-30 03:34 - 00000070 _____ C:\ProgramData\efjwoipyqqpyfgtsjbb.bat

2013-08-22 15:19 - 2013-08-22 15:19 - 00013824 _____ C:\Users\Bea und Tobi\Desktop\elterngeld.xls

2013-08-15 01:52 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-08-15 01:52 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-08-15 01:52 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-08-15 01:52 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-08-15 01:52 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-08-15 01:52 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-08-15 01:52 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-08-15 01:52 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-15 01:52 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-15 01:52 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-15 01:52 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-15 01:52 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-15 01:52 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-15 01:52 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-08-15 01:52 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-15 01:51 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-08-15 01:51 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-08-15 01:51 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-08-15 01:51 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-08-15 01:51 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-08-15 01:51 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-08-15 01:51 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-08-15 01:51 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-08-15 01:51 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-15 01:51 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-15 01:51 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-15 01:51 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-15 01:51 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-15 01:51 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-15 01:51 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-15 01:51 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-15 01:42 - 2013-08-15 01:45 - 00000000 ____D C:\Windows\System32\MRT

2013-08-15 01:20 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL

2013-08-15 01:20 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-15 01:20 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2013-08-15 01:20 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2013-08-15 01:20 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2013-08-15 01:20 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2013-08-15 01:20 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-15 01:20 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-15 01:20 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-15 01:20 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-15 01:19 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll

2013-08-15 01:19 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-15 01:19 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-08-15 01:19 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll

2013-08-15 01:19 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll

2013-08-15 01:19 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll

2013-08-15 01:19 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-08-15 01:19 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-08-15 01:19 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-08-15 01:19 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-15 01:19 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-08-15 01:19 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-08-15 01:19 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-08-15 01:19 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-08-15 01:19 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-08-15 01:19 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

2013-08-15 01:18 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-08-08 01:28 - 2013-08-08 01:28 - 00180913 _____ C:\Users\Bea und Tobi\Downloads\buchungsbesttigungauftragplc2ze.zip

2013-08-07 12:18 - 2013-08-07 12:18 - 00000000 ____D C:\Users\Bea und Tobi\AppData\Local\Downloaded Installations

2013-08-07 12:17 - 2013-08-07 12:17 - 00000000 ____D C:\Users\Bea und Tobi\Documents\TomTom

2013-08-07 12:17 - 2013-08-07 12:17 - 00000000 ____D C:\ProgramData\TomTom

2013-08-07 12:16 - 2013-08-07 12:20 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2

2013-08-07 12:16 - 2013-08-07 12:16 - 00000000 ____D C:\Users\Bea und Tobi\AppData\Roaming\TomTom

2013-08-07 12:16 - 2013-08-07 12:16 - 00000000 ____D C:\Users\Bea und Tobi\AppData\Roaming\Mozilla

2013-08-07 12:16 - 2013-08-07 12:16 - 00000000 ____D C:\Users\Bea und Tobi\AppData\Local\TomTom

2013-08-07 12:16 - 2013-08-07 12:16 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V

2013-08-07 12:15 - 2013-08-07 12:15 - 00000000 ____D C:\Program Files (x86)\TomTom DesktopSuite
 

==================== One Month Modified Files and Folders =======
 

2013-09-01 20:41 - 2013-09-01 20:41 - 00000000 ____D C:\FRST

2013-08-30 03:41 - 2011-07-15 07:03 - 00000000 ____D C:\Users\Bea und Tobi\Tracing

2013-08-30 03:41 - 2010-07-14 03:00 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2013-08-30 03:40 - 2011-07-31 13:53 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-30 03:40 - 2011-01-29 16:16 - 00000000 ____D C:\Users\Bea und Tobi\AppData\Local\SoftThinks

2013-08-30 03:40 - 2010-07-14 03:32 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks

2013-08-30 03:40 - 2010-07-14 03:32 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks

2013-08-30 03:40 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-30 03:40 - 2009-07-13 23:51 - 00091247 _____ C:\Windows\setupact.log

2013-08-30 03:37 - 2009-07-14 00:10 - 01825215 _____ C:\Windows\WindowsUpdate.log

2013-08-30 03:34 - 2013-08-30 03:34 - 00000165 _____ C:\ProgramData\efjwoipyqqpyfgtsjbb.reg

2013-08-30 03:34 - 2013-08-30 03:34 - 00000070 _____ C:\ProgramData\efjwoipyqqpyfgtsjbb.bat

2013-08-30 03:33 - 2013-02-19 15:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-30 03:32 - 2011-07-31 13:53 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-30 03:31 - 2009-07-13 23:45 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-30 03:31 - 2009-07-13 23:45 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-24 07:45 - 2010-07-13 19:41 - 06466162 _____ C:\Windows\PFRO.log

2013-08-22 15:19 - 2013-08-22 15:19 - 00013824 _____ C:\Users\Bea und Tobi\Desktop\elterngeld.xls

2013-08-22 14:55 - 2013-05-26 01:16 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask

2013-08-20 14:34 - 2013-02-19 15:05 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-08-20 14:34 - 2012-11-12 15:42 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-08-20 14:34 - 2012-11-12 15:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-08-20 06:43 - 2012-10-09 12:18 - 00000000 ____D C:\Users\Bea und Tobi\Desktop\strick

2013-08-20 06:41 - 2009-07-14 00:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-08-18 02:57 - 2011-07-31 13:51 - 00000000 ____D C:\Users\Bea und Tobi\AppData\Roaming\Skype

2013-08-17 03:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2013-08-15 01:48 - 2009-07-14 12:58 - 00697542 _____ C:\Windows\System32\perfh007.dat

2013-08-15 01:48 - 2009-07-14 12:58 - 00148548 _____ C:\Windows\System32\perfc007.dat

2013-08-15 01:48 - 2009-07-14 00:13 - 01636980 _____ C:\Windows\System32\PerfStringBackup.INI

2013-08-15 01:45 - 2013-08-15 01:42 - 00000000 ____D C:\Windows\System32\MRT

2013-08-15 01:42 - 2011-02-21 15:25 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-08-13 15:01 - 2013-05-26 01:15 - 00000000 ____D C:\Program Files\My Dell

2013-08-13 15:01 - 2010-07-14 03:02 - 00000000 ____D C:\ProgramData\PCDr

2013-08-13 01:13 - 2011-07-31 13:51 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk

2013-08-13 01:13 - 2011-07-31 13:51 - 00002517 _____ C:\ProgramData\Desktop\Skype.lnk

2013-08-13 01:13 - 2011-07-31 13:51 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-08-13 01:13 - 2011-07-31 13:51 - 00000000 ____D C:\ProgramData\Skype

2013-08-12 01:11 - 2012-04-01 15:09 - 00000000 ____D C:\ProgramData\tmp

2013-08-08 01:28 - 2013-08-08 01:28 - 00180913 _____ C:\Users\Bea und Tobi\Downloads\buchungsbesttigungauftragplc2ze.zip

2013-08-07 12:30 - 2011-07-31 13:52 - 00000000 ____D C:\Program Files (x86)\Google

2013-08-07 12:20 - 2013-08-07 12:16 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2

2013-08-07 12:18 - 2013-08-07 12:18 - 00000000 ____D C:\Users\Bea und Tobi\AppData\Local\Downloaded Installations

2013-08-07 12:17 - 2013-08-07 12:17 - 00000000 ____D C:\Users\Bea und Tobi\Documents\TomTom

2013-08-07 12:17 - 2013-08-07 12:17 - 00000000 ____D C:\ProgramData\TomTom

2013-08-07 12:16 - 2013-08-07 12:16 - 00000000 ____D C:\Users\Bea und Tobi\AppData\Roaming\TomTom

2013-08-07 12:16 - 2013-08-07 12:16 - 00000000 ____D C:\Users\Bea und Tobi\AppData\Roaming\Mozilla

2013-08-07 12:16 - 2013-08-07 12:16 - 00000000 ____D C:\Users\Bea und Tobi\AppData\Local\TomTom

2013-08-07 12:16 - 2013-08-07 12:16 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V

2013-08-07 12:15 - 2013-08-07 12:15 - 00000000 ____D C:\Program Files (x86)\TomTom DesktopSuite
 

Files to move or delete:

====================

C:\Windows\System32\mctadmin.exe

C:\ProgramData\efjwoipyqqpyfgtsjbb.bat

C:\ProgramData\efjwoipyqqpyfgtsjbb.reg

C:\Users\Bea und Tobi\AppData\Local\Temp\AcDeltree.exe

C:\Users\Bea und Tobi\AppData\Local\Temp\bbjstgfypqqypiowjfe.bfg

C:\Users\Bea und Tobi\AppData\Local\Temp\FlashPlayerUpdate.exe

C:\Users\Bea und Tobi\AppData\Local\Temp\GoogleToolbarInstaller.exe

C:\Users\Bea und Tobi\AppData\Local\Temp\IPx64_1031.exe

C:\Users\Bea und Tobi\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe

C:\Users\Bea und Tobi\AppData\Local\Temp\SIntf16.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\SIntf32.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\SIntfNT.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Bea und Tobi\AppData\Local\Temp\~vis0000\dtslatestinstaller.exe

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\GoogleEarth.exe

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemyext.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\earthps.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\geplugin.exe

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\ge_expat.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\googleearth_free.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\icudt.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGAttrs.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGCore.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGExportCommon.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGGfx.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGMath.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGOpt.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGSg.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGUtils.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcp100.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcr100.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\npgeplugin.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\plugin_ax.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtCore4.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtGui4.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtNetwork4.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtWebKit4.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll

C:\Users\Bea und Tobi\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll
 

==================== Known DLLs (Whitelisted) ================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2013-07-24 13:29:59

Restore point made on: 2013-07-24 15:39:41

Restore point made on: 2013-07-30 01:21:26

Restore point made on: 2013-07-30 01:25:08

Restore point made on: 2013-08-07 11:43:26

Restore point made on: 2013-08-07 11:47:14

Restore point made on: 2013-08-07 12:19:37

Restore point made on: 2013-08-12 01:11:12

Restore point made on: 2013-08-12 01:15:22

Restore point made on: 2013-08-15 01:41:14

Restore point made on: 2013-08-20 06:47:41

Restore point made on: 2013-08-20 06:51:50

Restore point made on: 2013-08-24 07:52:35

Restore point made on: 2013-08-26 03:05:32

Restore point made on: 2013-08-28 05:46:27
 

==================== Memory info =========================== 
 

Percentage of memory in use: 15%

Total physical RAM: 3956.52 MB

Available physical RAM: 3342.53 MB

Total Pagefile: 3954.67 MB

Available Pagefile: 3337.07 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:364.94 GB) NTFS

Drive d: (DieGilde) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS

Drive e: (LINDA) (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT

Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: AC35403A)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 127 MB) (Disk ID: 69737369)

No partition Table on disk 1.
 
 

LastRegBack: 2013-08-24 12:40
 

==================== End Of Log ============================