Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.08.2013, 16:48   #1
robitobs
 
Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ... - Standard

Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ...



Hallo,

habe mir den o.g. Trojaner eingefangen, der im Namen des BKA, des Bundesamt fuer Sicherheit in der Informationstechnik und anderer Behoerden erzaehlt, ich haette irgendwas heruntergeladen und moechte, dass ich per Paysafe 100 Euro bezahle. Nach dem Booten erscheint unmittelbar der weisse Bildschirm, sodass man nicht auf den Desktop oder andere Programme zugreifen kann.
In anderen Posts habe ich gelesen, ich sollte mit einem sauberen Rechner eine OTLPE-CD brennen, von der booten und dann das OTL.txt als Anhang posten. Das mach ich einfach mal.
Eine Datei C:\Extras.txt wurde bei mir nicht erstellt.

Vielen Dank fuer eure Hilfe!!
Angehängte Dateien
Dateityp: txt OTL.Txt (49,7 KB, 127x aufgerufen)

Alt 10.08.2013, 16:55   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ... - Standard

Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ...



Hi;

Log bitte in codetags in den thread posten.
__________________

__________________

Alt 10.08.2013, 17:11   #3
robitobs
 
Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ... - Standard

Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ...



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 8/10/2013 9:06:42 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Ultimate  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.93 Gb Total Space | 36.55 Gb Free Space | 42.53% Space Free | Partition Type: NTFS
Drive D: | 49.27 Gb Total Space | 42.15 Gb Free Space | 85.54% Space Free | Partition Type: NTFS
Drive E: | 97.56 Gb Total Space | 97.44 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/04/19 09:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/25 03:27:54 | 000,160,152 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/09/25 03:24:46 | 000,167,856 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV - [2012/09/20 08:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/03/21 06:52:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/05/09 14:39:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/26 16:23:02 | 000,223,088 | ---- | M] () [Auto] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/01/12 10:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011/01/12 02:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010/11/08 17:04:26 | 000,036,352 | ---- | M] () [On_Demand] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/07/20 07:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/24 10:35:44 | 000,128,296 | ---- | M] () [Auto] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008/07/29 04:11:00 | 000,071,512 | ---- | M] (O2Micro International) [Auto] -- C:\Windows\System32\drivers\o2flash.exe -- (o2flash)
SRV - [2006/11/07 12:26:52 | 000,127,488 | ---- | M] (CSR, plc) [Auto] -- C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe -- (BthFilterHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (mfeavfk01)
DRV - [2012/09/25 03:27:58 | 000,181,968 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/09/25 03:26:58 | 000,087,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/09/25 03:26:28 | 000,481,320 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/09/25 03:25:52 | 000,063,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/09/25 03:25:40 | 000,218,760 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/09/25 03:25:26 | 000,125,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/07/28 12:37:10 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011/04/04 08:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 08:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/11/08 17:04:26 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/04/01 08:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 13:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/08/13 02:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/02/20 12:09:16 | 000,044,032 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB)
DRV - [2009/01/29 11:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 11:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/07/29 04:10:14 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/06/12 03:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/06/09 01:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/28 11:01:00 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2007/12/14 05:42:04 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/11/02 09:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/03/05 04:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2007/01/16 04:22:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\csrbcxp.sys -- (CSRBC)
DRV - [2006/11/06 17:13:00 | 000,013,824 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthFilt.sys -- (BTHFILT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://primo.kobv.de/primo_library/libweb/action/search.do?mode=Advanced&dscnt=2&fromLogin=true&dstmp=1366876934426&vid=hub_ub
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 C8 74 92 0B 4A CB 01  [binary data]
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Programme\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Programme\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/08/08 17:42:08 | 000,000,000 | ---D | M]
 
[2012/07/19 15:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130304130436.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\Don_Roberto_ON_C..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\Don_Roberto_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/06 17:34:10 | 000,000,000 | ---D | C] -- C:\Users\Don Roberto\AppData\Roaming\Mozilla
[2013/07/24 05:22:32 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[1 C:\Users\Don Roberto\Desktop\*.tmp files -> C:\Users\Don Roberto\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/08 17:52:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/08 17:52:07 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 17:52:07 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 17:51:59 | 000,000,377 | ---- | M] () -- C:\Windows\Brownie.ini
[2013/08/08 17:48:28 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/08/08 17:48:28 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/08 17:48:28 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/08/08 17:48:28 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/08 17:44:15 | 000,298,117 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/08/08 17:44:15 | 000,298,117 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/08/08 17:40:56 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/08 13:07:01 | 000,001,105 | ---- | M] () -- C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk
[2013/08/08 12:33:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2151860982-342106327-569746363-1001UA.job
[2013/08/07 16:35:30 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2151860982-342106327-569746363-1001Core.job
[2013/07/31 06:10:49 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/07/15 13:29:59 | 001,819,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Don Roberto\Desktop\*.tmp files -> C:\Users\Don Roberto\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/08 13:07:01 | 000,001,105 | ---- | C] () -- C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk
[2013/05/27 11:30:50 | 000,007,613 | ---- | C] () -- C:\Users\Don Roberto\AppData\Local\Resmon.ResmonCfg
[2013/03/29 20:59:42 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2013/01/09 16:44:50 | 000,000,141 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2013/01/09 16:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2013/01/09 16:44:33 | 000,022,892 | ---- | C] () -- C:\Windows\HL-3070CW.INI
[2013/01/09 16:43:27 | 000,000,377 | ---- | C] () -- C:\Windows\Brownie.ini
[2013/01/09 16:40:35 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/11/12 02:42:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012/11/12 02:42:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012/11/12 02:42:10 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADC08A.DAT
[2012/04/18 07:23:03 | 000,006,144 | ---- | C] () -- C:\Users\Don Roberto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 03:11:32 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/21 13:06:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/02 03:52:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/09/01 17:10:38 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/01 16:07:22 | 000,298,117 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/09/01 16:07:21 | 000,298,117 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/14 04:47:43 | 000,654,400 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,130,240 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 001,819,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,242 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,622 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010/09/01 15:43:50 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Academic Software Zurich
[2012/04/15 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Amazon
[2012/07/19 15:35:34 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Babylon
[2010/09/01 15:48:58 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\CSR
[2013/08/01 12:46:44 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Emqeo
[2013/01/19 18:59:57 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Leadertech
[2012/08/03 11:16:17 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\MAXQDA10
[2013/06/26 14:27:07 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\MAXQDA11
[2013/02/17 15:36:40 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\MyPhoneExplorer
[2010/09/04 13:30:40 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Opera
[2012/07/31 11:59:42 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Scientific Software
[2013/08/08 10:10:55 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Spotify
[2013/07/25 06:44:50 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Swiss Academic Software
[2013/04/11 15:43:37 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\uTorrent
[2011/08/17 10:30:04 | 000,000,000 | ---D | M] -- C:\ProgramData\AAV
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2012/07/19 15:35:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2011/05/25 06:25:04 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2011/05/09 20:20:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Gibraltar
[2012/04/18 07:22:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Gigaset QuickSync
[2012/07/10 14:05:39 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2013/05/21 19:16:15 | 000,000,000 | ---D | M] -- C:\ProgramData\MAXQDA10
[2013/05/21 19:35:16 | 000,000,000 | ---D | M] -- C:\ProgramData\MAXQDA11
[2012/07/10 14:05:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Premium
[2012/07/31 10:20:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Scientific Software
[2011/05/26 03:11:32 | 000,000,000 | ---D | M] -- C:\ProgramData\SlySoft
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/05/09 20:15:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Swiss Academic Software
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/04/02 07:24:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:961867C1C9315F51
< End of report >
         
--- --- ---


Code:
ATTFilter
OTL logfile created on: 8/10/2013 9:06:42 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Ultimate  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.93 Gb Total Space | 36.55 Gb Free Space | 42.53% Space Free | Partition Type: NTFS
Drive D: | 49.27 Gb Total Space | 42.15 Gb Free Space | 85.54% Space Free | Partition Type: NTFS
Drive E: | 97.56 Gb Total Space | 97.44 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/04/19 09:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/25 03:27:54 | 000,160,152 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/09/25 03:24:46 | 000,167,856 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV - [2012/09/20 08:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/03/21 06:52:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/05/09 14:39:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/26 16:23:02 | 000,223,088 | ---- | M] () [Auto] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/01/12 10:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011/01/12 02:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010/11/08 17:04:26 | 000,036,352 | ---- | M] () [On_Demand] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/07/20 07:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/24 10:35:44 | 000,128,296 | ---- | M] () [Auto] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008/07/29 04:11:00 | 000,071,512 | ---- | M] (O2Micro International) [Auto] -- C:\Windows\System32\drivers\o2flash.exe -- (o2flash)
SRV - [2006/11/07 12:26:52 | 000,127,488 | ---- | M] (CSR, plc) [Auto] -- C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe -- (BthFilterHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (mfeavfk01)
DRV - [2012/09/25 03:27:58 | 000,181,968 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/09/25 03:26:58 | 000,087,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/09/25 03:26:28 | 000,481,320 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/09/25 03:25:52 | 000,063,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/09/25 03:25:40 | 000,218,760 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/09/25 03:25:26 | 000,125,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/07/28 12:37:10 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011/04/04 08:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 08:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/11/08 17:04:26 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/04/01 08:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 13:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/08/13 02:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/02/20 12:09:16 | 000,044,032 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB)
DRV - [2009/01/29 11:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 11:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/07/29 04:10:14 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/06/12 03:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/06/09 01:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/28 11:01:00 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2007/12/14 05:42:04 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/11/02 09:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/03/05 04:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2007/01/16 04:22:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\csrbcxp.sys -- (CSRBC)
DRV - [2006/11/06 17:13:00 | 000,013,824 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BthFilt.sys -- (BTHFILT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://primo.kobv.de/primo_library/libweb/action/search.do?mode=Advanced&dscnt=2&fromLogin=true&dstmp=1366876934426&vid=hub_ub
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 C8 74 92 0B 4A CB 01  [binary data]
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Don_Roberto_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Programme\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Programme\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/08/08 17:42:08 | 000,000,000 | ---D | M]
 
[2012/07/19 15:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130304130436.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\Don_Roberto_ON_C..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\Don_Roberto_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/06 17:34:10 | 000,000,000 | ---D | C] -- C:\Users\Don Roberto\AppData\Roaming\Mozilla
[2013/07/24 05:22:32 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[1 C:\Users\Don Roberto\Desktop\*.tmp files -> C:\Users\Don Roberto\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/08 17:52:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/08 17:52:07 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 17:52:07 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 17:51:59 | 000,000,377 | ---- | M] () -- C:\Windows\Brownie.ini
[2013/08/08 17:48:28 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/08/08 17:48:28 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/08 17:48:28 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/08/08 17:48:28 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/08 17:44:15 | 000,298,117 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/08/08 17:44:15 | 000,298,117 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/08/08 17:40:56 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/08 13:07:01 | 000,001,105 | ---- | M] () -- C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk
[2013/08/08 12:33:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2151860982-342106327-569746363-1001UA.job
[2013/08/07 16:35:30 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2151860982-342106327-569746363-1001Core.job
[2013/07/31 06:10:49 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/07/15 13:29:59 | 001,819,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Don Roberto\Desktop\*.tmp files -> C:\Users\Don Roberto\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/08 13:07:01 | 000,001,105 | ---- | C] () -- C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk
[2013/05/27 11:30:50 | 000,007,613 | ---- | C] () -- C:\Users\Don Roberto\AppData\Local\Resmon.ResmonCfg
[2013/03/29 20:59:42 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2013/01/09 16:44:50 | 000,000,141 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2013/01/09 16:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2013/01/09 16:44:33 | 000,022,892 | ---- | C] () -- C:\Windows\HL-3070CW.INI
[2013/01/09 16:43:27 | 000,000,377 | ---- | C] () -- C:\Windows\Brownie.ini
[2013/01/09 16:40:35 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/11/12 02:42:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012/11/12 02:42:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012/11/12 02:42:10 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADC08A.DAT
[2012/04/18 07:23:03 | 000,006,144 | ---- | C] () -- C:\Users\Don Roberto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 03:11:32 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/21 13:06:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/02 03:52:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/09/01 17:10:38 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/01 16:07:22 | 000,298,117 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/09/01 16:07:21 | 000,298,117 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/14 04:47:43 | 000,654,400 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,130,240 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 001,819,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,242 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,622 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010/09/01 15:43:50 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Academic Software Zurich
[2012/04/15 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Amazon
[2012/07/19 15:35:34 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Babylon
[2010/09/01 15:48:58 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\CSR
[2013/08/01 12:46:44 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Emqeo
[2013/01/19 18:59:57 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Leadertech
[2012/08/03 11:16:17 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\MAXQDA10
[2013/06/26 14:27:07 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\MAXQDA11
[2013/02/17 15:36:40 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\MyPhoneExplorer
[2010/09/04 13:30:40 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Opera
[2012/07/31 11:59:42 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Scientific Software
[2013/08/08 10:10:55 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Spotify
[2013/07/25 06:44:50 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\Swiss Academic Software
[2013/04/11 15:43:37 | 000,000,000 | ---D | M] -- C:\Users\Don Roberto\AppData\Roaming\uTorrent
[2011/08/17 10:30:04 | 000,000,000 | ---D | M] -- C:\ProgramData\AAV
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2012/07/19 15:35:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2011/05/25 06:25:04 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2011/05/09 20:20:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Gibraltar
[2012/04/18 07:22:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Gigaset QuickSync
[2012/07/10 14:05:39 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2013/05/21 19:16:15 | 000,000,000 | ---D | M] -- C:\ProgramData\MAXQDA10
[2013/05/21 19:35:16 | 000,000,000 | ---D | M] -- C:\ProgramData\MAXQDA11
[2012/07/10 14:05:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Premium
[2012/07/31 10:20:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Scientific Software
[2011/05/26 03:11:32 | 000,000,000 | ---D | M] -- C:\ProgramData\SlySoft
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/05/09 20:15:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Swiss Academic Software
[2010/09/01 15:22:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/04/02 07:24:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:961867C1C9315F51
< End of report >
         
__________________

Alt 11.08.2013, 08:01   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ... - Standard

Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ...



hi,

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O4 - Startup: C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk ()
[2013/08/08 13:07:01 | 000,001,105 | ---- | C] () -- C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Rechner neu starten
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.08.2013, 14:27   #5
robitobs
 
Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ... - Standard

Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ...



Hi,
sorry, hatte Monitorprobleme und habe nichts gesehen, daher erst jetzt die Antwort.
Habe OTL nicht ausfuehren koennen, daher dasselbe mit OTLPE gemacht. Das ergab folgende log-Datei, nachdem ich den PC neu gestartet habe

Code:
ATTFilter
========== OTL ==========
C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk moved successfully.
File C:\Users\Don Roberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvrigdsxuxpvxpgskmt.lnk not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 49662 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Don Roberto
->Temp folder emptied: 229665796 bytes
->Temporary Internet Files folder emptied: 1096122471 bytes
->Java cache emptied: 6074973 bytes
->Opera cache emptied: 23300917 bytes
->Flash cache emptied: 3815044 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 333458549 bytes
 
Total Files Cleaned = 1,614.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 08122013_234243
         
Danke!!


Alt 12.08.2013, 17:33   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ... - Standard

Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ...



kannste den Rechner normal starten?
__________________
--> Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ...

Antwort

Themen zu Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ...
anderen, anderer, anhang, bezahlen, bildschirm, booten, brennen, datei, desktop, einfach, eingefangen, erscheint, erstell, euro, gefangen, gen, hilfe!, namen, poste, programme, rechner, sicherheit, troja, trojaner, zugreifen



Ähnliche Themen: Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ...


  1. Windows 7: Sperrbildschirm, Bundesamt für Sicherheit und Informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 29.09.2015 (33)
  2. Bundesamt für Sicherheit in der Informationstechnik/GVU-Virus
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (1)
  3. Bundesamt für Sicherheit und Informationstechnik.
    Log-Analyse und Auswertung - 13.10.2013 (8)
  4. Erpressungstrojaner Bundesamt für Sicherheit in der informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (3)
  5. GVU Bundesamt für Sicherheit in der Informationstechnik TROJANER
    Log-Analyse und Auswertung - 15.09.2013 (4)
  6. Virus: Interpol Bundesamt für Sicherheit und Informationstechnik. 100 Euro-Forderung.
    Plagegeister aller Art und deren Bekämpfung - 01.09.2013 (9)
  7. GVU Trojaner / Bundesamt für Sicherheit in der Informationstechnik // XP
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (1)
  8. Trojaner auf dem PC (angebl. Bundesamt für Sicherheit in der Informationstechnik)
    Log-Analyse und Auswertung - 24.05.2013 (14)
  9. trojaner gvu bundesamt für sicherheit in der informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (7)
  10. GVU Bundesamt für Sicherheit in der Informationstechnik TROJANER
    Log-Analyse und Auswertung - 08.03.2013 (1)
  11. GVU Bundesamt für Sicherheit in der Informationstechnik Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.02.2013 (14)
  12. Bundesamt für Sicherheit in der Informationstechnik
    Log-Analyse und Auswertung - 29.01.2013 (9)
  13. Bundesamt für Sicherheit in der Informationstechnik - Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (7)
  14. Trojaner : Bundesamt für Sicherheit in der Informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (4)
  15. Bundesamt für Sicherheit in der Informationstechnik Virus
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (10)
  16. Bundesamt für SIcherheit in der Informationstechnik - VIRUS
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (2)
  17. Bundesamt für Sicherheit und Informationstechnik
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (21)

Zum Thema Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ... - Hallo, habe mir den o.g. Trojaner eingefangen, der im Namen des BKA, des Bundesamt fuer Sicherheit in der Informationstechnik und anderer Behoerden erzaehlt, ich haette irgendwas heruntergeladen und moechte, dass - Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ......
Archiv
Du betrachtest: Trojaner Bundesamt fuer Sicherheit in der Informationstechnik, 100 Euro bezahlen, ... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.