Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ...

robitobs · 10.08.2013, 16:48

Hallo,

habe mir den o.g. Trojaner eingefangen, der im Namen des BKA, des Bundesamt fuer Sicherheit in der Informationstechnik und anderer Behoerden erzaehlt, ich haette irgendwas heruntergeladen und moechte, dass ich per Paysafe 100 Euro bezahle. Nach dem Booten erscheint unmittelbar der weisse Bildschirm, sodass man nicht auf den Desktop oder andere Programme zugreifen kann.
In anderen Posts habe ich gelesen, ich sollte mit einem sauberen Rechner eine OTLPE-CD brennen, von der booten und dann das OTL.txt als Anhang posten. Das mach ich einfach mal.
Eine Datei C:\Extras.txt wurde bei mir nicht erstellt.

Vielen Dank fuer eure Hilfe!!

schrauber · 10.08.2013, 16:55

Hi;

Log bitte in codetags in den thread posten.

robitobs · 10.08.2013, 17:11

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 8/10/2013 9:06:42 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Ultimate  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.93 Gb Total Space | 36.55 Gb Free Space | 42.53% Space Free | Partition Type: NTFS
Drive D: | 49.27 Gb Total Space | 42.15 Gb Free Space | 85.54% Space Free | Partition Type: NTFS
Drive E: | 97.56 Gb Total Space | 97.44 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/04/19 09:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/25 03:27:54 | 000,160,152 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/09/25 03:24:46 | 000,167,856 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV - [2012/09/20 08:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/03/21 06:52:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/05/09 14:39:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/26 16:23:02 | 000,223,088 | ---- | M] () [Auto] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/01/12 10:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011/01/12 02:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010/11/08 17:04:26 | 000,036,352 | ---- | M] () [On_Demand] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/07/20 07:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/24 10:35:44 | 000,128,296 | ---- | M] () [Auto] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008/07/29 04:11:00 | 000,071,512 | ---- | M] (O2Micro International) [Auto] -- C:\Windows\System32\drivers\o2flash.exe -- (o2flash)
SRV - [2006/11/07 12:26:52 | 000,127,488 | ---- | M] (CSR, plc) [Auto] -- C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe -- (BthFilterHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (mfeavfk01)
DRV - [2012/09/25 03:27:58 | 000,181,968 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/09/25 03:26:58 | 000,087,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/09/25 03:26:28 | 000,481,320 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/09/25 03:25:52 | 000,063,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/09/25 03:25:40 | 000,218,760 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/09/25 03:25:26 | 000,125,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/07/28 12:37:10 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011/04/04 08:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 08:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/11/08 17:04:26 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/04/01 08:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 13:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/08/13 02:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/02/20 12:09:16 | 000,044,032 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB)
DRV - [2009/01/29 11:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 11:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/07/29 04:10:14 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/06/12 03:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/06/09 01:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/28 11:01:00 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2007/12/14 05:42:04 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/11/02 09:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/03/05 04:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2007/01/16 04:22:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\csrbcxp.sys -- (CSRBC)
DRV - [2006/11/06 17:13:00 | 000,013,824 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthFilt.sys -- (BTHFILT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://primo.kobv.de/primo_library/libweb/action/search.do?mode=Advanced&dscnt=2&fromLogin=true&dstmp=1366876934426&vid=hub_ub
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 C8 74 92 0B 4A CB 01  [binary data]
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Programme\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Programme\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/08/08 17:42:08 | 000,000,000 | ---D | M]
 
[2012/07/19 15:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130304130436.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\Don_Roberto_ON_C..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\Don_Roberto_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/06 17:34:10 | 000,000,000 | ---D | C] -- C:\Users\Don Roberto\AppData\Roaming\Mozilla
[2013/07/24 05:22:32 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[1 C:\Users\Don Roberto\Desktop\*.tmp files -> C:\Users\Don Roberto\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/08 17:52:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/08 17:52:07 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 17:52:07 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 17:51:59 | 000,000,377 | ---- | M] () -- C:\Windows\Brownie.ini
[2013/08/08 17:48:28 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/08/08 17:48:28 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/08 17:48:28 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/08/08 17:48:28 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/08 17:44:15 | 000,298,117 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/08/08 17:44:15 | 000,298,117 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/08/08 17:40:56 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/08 13:07:01 | 000,001,105 | ---- | M] () -- C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk
[2013/08/08 12:33:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2151860982-342106327-569746363-1001UA.job
[2013/08/07 16:35:30 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2151860982-342106327-569746363-1001Core.job
[2013/07/31 06:10:49 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/07/15 13:29:59 | 001,819,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Don Roberto\Desktop\*.tmp files -> C:\Users\Don Roberto\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/08 13:07:01 | 000,001,105 | ---- | C] () -- C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk
[2013/05/27 11:30:50 | 000,007,613 | ---- | C] () -- C:\Users\Don Roberto\AppData\Local\Resmon.ResmonCfg
[2013/03/29 20:59:42 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2013/01/09 16:44:50 | 000,000,141 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2013/01/09 16:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2013/01/09 16:44:33 | 000,022,892 | ---- | C] () -- C:\Windows\HL-3070CW.INI
[2013/01/09 16:43:27 | 000,000,377 | ---- | C] () -- C:\Windows\Brownie.ini
[2013/01/09 16:40:35 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/11/12 02:42:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012/11/12 02:42:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012/11/12 02:42:10 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADC08A.DAT
[2012/04/18 07:23:03 | 000,006,144 | ---- | C] () -- C:\Users\Don Roberto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 03:11:32 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/21 13:06:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/02 03:52:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/09/01 17:10:38 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/01 16:07:22 | 000,298,117 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/09/01 16:07:21 | 000,298,117 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/14 04:47:43 | 000,654,400 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,130,240 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 001,819,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,242 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,622 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010/09/01 15:43:50 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Academic Software Zurich
[2012/04/15 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Amazon
[2012/07/19 15:35:34 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Babylon
[2010/09/01 15:48:58 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\CSR
[2013/08/01 12:46:44 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Emqeo
[2013/01/19 18:59:57 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Leadertech
[2012/08/03 11:16:17 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\MAXQDA10
[2013/06/26 14:27:07 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\MAXQDA11
[2013/02/17 15:36:40 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\MyPhoneExplorer
[2010/09/04 13:30:40 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Opera
[2012/07/31 11:59:42 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Scientific Software
[2013/08/08 10:10:55 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Spotify
[2013/07/25 06:44:50 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Swiss Academic Software
[2013/04/11 15:43:37 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\uTorrent
[2011/08/17 10:30:04 | 000,000,000 | ---D | M] -- C:\ProgramData\AAV
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2012/07/19 15:35:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2011/05/25 06:25:04 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2011/05/09 20:20:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Gibraltar
[2012/04/18 07:22:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Gigaset QuickSync
[2012/07/10 14:05:39 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2013/05/21 19:16:15 | 000,000,000 | ---D | M] -- C:\ProgramData\MAXQDA10
[2013/05/21 19:35:16 | 000,000,000 | ---D | M] -- C:\ProgramData\MAXQDA11
[2012/07/10 14:05:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Premium
[2012/07/31 10:20:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Scientific Software
[2011/05/26 03:11:32 | 000,000,000 | ---D | M] -- C:\ProgramData\SlySoft
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/05/09 20:15:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Swiss Academic Software
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/04/02 07:24:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:961867C1C9315F51
< End of report >

--- --- ---

Code:

ATTFilter

OTL logfile created on: 8/10/2013 9:06:42 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Ultimate  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.93 Gb Total Space | 36.55 Gb Free Space | 42.53% Space Free | Partition Type: NTFS
Drive D: | 49.27 Gb Total Space | 42.15 Gb Free Space | 85.54% Space Free | Partition Type: NTFS
Drive E: | 97.56 Gb Total Space | 97.44 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/04/19 09:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/25 03:27:54 | 000,160,152 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/09/25 03:24:46 | 000,167,856 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV - [2012/09/20 08:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/03/21 06:52:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/05/09 14:39:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/26 16:23:02 | 000,223,088 | ---- | M] () [Auto] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/01/12 10:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011/01/12 02:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010/11/08 17:04:26 | 000,036,352 | ---- | M] () [On_Demand] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/07/20 07:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/24 10:35:44 | 000,128,296 | ---- | M] () [Auto] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008/07/29 04:11:00 | 000,071,512 | ---- | M] (O2Micro International) [Auto] -- C:\Windows\System32\drivers\o2flash.exe -- (o2flash)
SRV - [2006/11/07 12:26:52 | 000,127,488 | ---- | M] (CSR, plc) [Auto] -- C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe -- (BthFilterHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (mfeavfk01)
DRV - [2012/09/25 03:27:58 | 000,181,968 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/09/25 03:26:58 | 000,087,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/09/25 03:26:28 | 000,481,320 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/09/25 03:25:52 | 000,063,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/09/25 03:25:40 | 000,218,760 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/09/25 03:25:26 | 000,125,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/07/28 12:37:10 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011/04/04 08:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 08:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/11/08 17:04:26 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/04/01 08:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 13:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/08/13 02:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/02/20 12:09:16 | 000,044,032 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB)
DRV - [2009/01/29 11:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 11:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/07/29 04:10:14 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/06/12 03:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/06/09 01:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/28 11:01:00 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2007/12/14 05:42:04 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/11/02 09:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/03/05 04:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2007/01/16 04:22:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\csrbcxp.sys -- (CSRBC)
DRV - [2006/11/06 17:13:00 | 000,013,824 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthFilt.sys -- (BTHFILT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://primo.kobv.de/primo_library/libweb/action/search.do?mode=Advanced&dscnt=2&fromLogin=true&dstmp=1366876934426&vid=hub_ub
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 C8 74 92 0B 4A CB 01  [binary data]
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Programme\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Programme\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/08/08 17:42:08 | 000,000,000 | ---D | M]
 
[2012/07/19 15:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130304130436.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\Don_Roberto_ON_C..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\Don_Roberto_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/06 17:34:10 | 000,000,000 | ---D | C] -- C:\Users\Don Roberto\AppData\Roaming\Mozilla
[2013/07/24 05:22:32 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[1 C:\Users\Don Roberto\Desktop\*.tmp files -> C:\Users\Don Roberto\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/08 17:52:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/08 17:52:07 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 17:52:07 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 17:51:59 | 000,000,377 | ---- | M] () -- C:\Windows\Brownie.ini
[2013/08/08 17:48:28 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/08/08 17:48:28 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/08 17:48:28 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/08/08 17:48:28 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/08 17:44:15 | 000,298,117 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/08/08 17:44:15 | 000,298,117 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/08/08 17:40:56 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/08 13:07:01 | 000,001,105 | ---- | M] () -- C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk
[2013/08/08 12:33:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2151860982-342106327-569746363-1001UA.job
[2013/08/07 16:35:30 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2151860982-342106327-569746363-1001Core.job
[2013/07/31 06:10:49 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/07/15 13:29:59 | 001,819,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Don Roberto\Desktop\*.tmp files -> C:\Users\Don Roberto\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/08 13:07:01 | 000,001,105 | ---- | C] () -- C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk
[2013/05/27 11:30:50 | 000,007,613 | ---- | C] () -- C:\Users\Don Roberto\AppData\Local\Resmon.ResmonCfg
[2013/03/29 20:59:42 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2013/01/09 16:44:50 | 000,000,141 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2013/01/09 16:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2013/01/09 16:44:33 | 000,022,892 | ---- | C] () -- C:\Windows\HL-3070CW.INI
[2013/01/09 16:43:27 | 000,000,377 | ---- | C] () -- C:\Windows\Brownie.ini
[2013/01/09 16:40:35 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/11/12 02:42:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012/11/12 02:42:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012/11/12 02:42:10 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADC08A.DAT
[2012/04/18 07:23:03 | 000,006,144 | ---- | C] () -- C:\Users\Don Roberto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 03:11:32 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/21 13:06:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/02 03:52:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/09/01 17:10:38 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/01 16:07:22 | 000,298,117 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/09/01 16:07:21 | 000,298,117 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/14 04:47:43 | 000,654,400 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,130,240 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 001,819,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,242 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,622 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010/09/01 15:43:50 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Academic Software Zurich
[2012/04/15 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Amazon
[2012/07/19 15:35:34 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Babylon
[2010/09/01 15:48:58 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\CSR
[2013/08/01 12:46:44 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Emqeo
[2013/01/19 18:59:57 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Leadertech
[2012/08/03 11:16:17 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\MAXQDA10
[2013/06/26 14:27:07 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\MAXQDA11
[2013/02/17 15:36:40 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\MyPhoneExplorer
[2010/09/04 13:30:40 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Opera
[2012/07/31 11:59:42 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Scientific Software
[2013/08/08 10:10:55 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Spotify
[2013/07/25 06:44:50 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Swiss Academic Software
[2013/04/11 15:43:37 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\uTorrent
[2011/08/17 10:30:04 | 000,000,000 | ---D | M] -- C:\ProgramData\AAV
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2012/07/19 15:35:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2011/05/25 06:25:04 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2011/05/09 20:20:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Gibraltar
[2012/04/18 07:22:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Gigaset QuickSync
[2012/07/10 14:05:39 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2013/05/21 19:16:15 | 000,000,000 | ---D | M] -- C:\ProgramData\MAXQDA10
[2013/05/21 19:35:16 | 000,000,000 | ---D | M] -- C:\ProgramData\MAXQDA11
[2012/07/10 14:05:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Premium
[2012/07/31 10:20:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Scientific Software
[2011/05/26 03:11:32 | 000,000,000 | ---D | M] -- C:\ProgramData\SlySoft
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/05/09 20:15:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Swiss Academic Software
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/04/02 07:24:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:961867C1C9315F51
< End of report >

schrauber · 11.08.2013, 08:01

hi,

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - Startup: C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk ()
[2013/08/08 13:07:01 | 000,001,105 | ---- | C] () -- C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Rechner neu starten

robitobs · 12.08.2013, 14:27

Hi,
sorry, hatte Monitorprobleme und habe nichts gesehen, daher erst jetzt die Antwort.
Habe OTL nicht ausfuehren koennen, daher dasselbe mit OTLPE gemacht. Das ergab folgende log-Datei, nachdem ich den PC neu gestartet habe

Code:

ATTFilter

========== OTL ==========
C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk moved successfully.
File C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 49662 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Don Roberto
->Temp folder emptied: 229665796 bytes
->Temporary Internet Files folder emptied: 1096122471 bytes
->Java cache emptied: 6074973 bytes
->Opera cache emptied: 23300917 bytes
->Flash cache emptied: 3815044 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 333458549 bytes
 
Total Files Cleaned = 1,614.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 08122013_234243

Danke!!

schrauber · 12.08.2013, 17:33

kannste den Rechner normal starten?

10.08.2013, 16:55	#2
schrauber /// the machine /// TB-Ausbilder	Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ... Hi; Log bitte in codetags in den thread posten. __________________ __________________

12.08.2013, 17:33	#6
schrauber /// the machine /// TB-Ausbilder	Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ... kannste den Rechner normal starten? __________________ --> Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ...

Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ...

Log-Analyse und Auswertung: Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ...