Post von der Bundespolizei

gawi · 05.09.2012, 20:25

Mein Sohn hat Post von der "Bundespolizei" bekommen. Er kann seinen Rechner (windows 7) zwar noch hochfahren, aber kommt nicht mehr ins Internet.
Deshalb schreibe ich von unserem 2. PC.
Was kann ich tun, damit wir den Rechner wieder soweit hinkriegen, dass er damit online gehen kann, um log Dateien hier reinzusetzen?
Ich bin damit im Moment ziemlich überfordert.
Gibt es ein Programm, dass ich ihm auf einen stick laden kann, damit er (ggf. im angesicherten Modus) den Rechner wieder flott kriegt?

Zur Info: Mein Rechner ist direkt mit dem Router verbunden. Beim Rechner meines Sohnes geht das über ein D-Netz - also über einen Adapter der mit dem Router verbunden ist und dann in eine Steckdose eingesteckt wird. Im Zimmer meines Sohnes ist wieder ein Adapter in der Steckdose, der dann mit seinem Rechner verbunden ist.
Im abgesicherten Modus ist keine Internetverbindung möglich?!

Wäre super, wenn ihr schnell einen Tipp für mich habt.

markusg · 05.09.2012, 20:31

hi, was meinst du mit "post", doch keinen brief oder?
du meinst ne anzeige auf dem bildschirm nehme ich an.
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade

OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.

Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Bebilderte Anleitung: OTLpe-Scan

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

gawi · 05.09.2012, 20:45

Danke für die schnelle Hilfe.
Mit Post meine ich eine Seite die aufgeht, wenn mein Sohn versucht ins Internet zu kommen.
Nur zum Sichergehen:
Ich brenne auf meinem Rechner (nicht infiziert) die CD und boote damit den infizierten Rechner meines Sohnes? Danach speicher ich die Scandaten vom Rechner meines Sohnes auf einen Stick und poste sie von hier aus? Richtig?

kann erst morgen damit anfangen, da mein Sohn schon schläft und ich nicht an seinen Rechner komme

markusg · 06.09.2012, 13:31

außer du hast bei der benutzung des pcs über die cd internet, dann kannst du die logs vom infizierten pc aus posten, alles andere ist ok wie dus gesagt hast :-)

gawi · 06.09.2012, 18:05

Das hat leider nicht geklappt.
Da mein Rechner mit windows XP läuft und der verseuchte von meinem Sohn mit windows7, bekomme ich beim booten eine blaue Seite angezeigt mit einem Hinweis, das windows nicht funktioniert (glaube ich jedenfalls aus dem Englischen Text verstanden zu haben)

Einen 2. Rechner mit win7 haben wir leider nicht.
Ich habe den Rechner jetzt erstmal vom Internet getrennt, und lasse malwarebytes (ohne update) laufen. Vielleicht hilft das ja irgendwie.

markusg · 06.09.2012, 18:07

lasse bitte nur das laufen, was ich dir sage, sonst können wir uns das schenken.
starte den rechner neu, gehe ins bios, erreicht man meist über die entf taste
dort prüfe, ob der ide oder ahci mode gewählt ist, konfiguriere das gegenteilige und dann versuche es mit der cd erneut

gawi · 06.09.2012, 19:37

ok
kann aber erst morgen weiter machen, weil ich gleich noch einen Termin habe.

markusg · 07.09.2012, 11:35

hi
schreib einfach immer, wenn der nächste schritt durch ist, bzw bei fragen, du musst dich nicht bei mir abmelden :-)

gawi · 07.09.2012, 13:12

nach dem Umstellen von ahci auf native ide hat es geklappt, der Rechner wurde hochgefahren und ich konnte den Icon OTLPE doppelklicken.
Dann kamen aber nicht die o.g. Fragen sondern ein Fenster: Browse for Folder
Choose windows Directory mit dem Unterpunkt "my Computer
da habe ich OK angeklickt und mir wurde mitgeteilt "no windows installation found"

Als Ergänzung: nach dem ich den Rechner gebootet habe , kam für kurze Zeit ein Windows XP Bild bevor dann der reatogo Desktop geöffnet wurde. Der defekte Rechner hat aber win7

markusg · 07.09.2012, 13:39

hi
klappe mal alles nacheinander auf, bei dem browse for folder fenster, bis du windows siehst, klicke drauf, und los gehts :-)

gawi · 07.09.2012, 14:49

sorry, für die vielen Fragen , aber wo finde ich den Stick, wenn ich ihn einstecke? Es werden 3 Laufwerke angezeigt aber bei allen soll ich eine CD einlegen (auweia, ist das alles peinlich

)

markusg · 07.09.2012, 17:30

starte noch mal neu, stecke den stick danach ein nach dem die otl cd gestartet ist, dann sollte es gehen

gawi · 07.09.2012, 18:05

[SetupAPI Log]
OS Version = 5.1.2600
Platform ID = 2 (NT)
Service Pack = 0.0
Suite = 0x0000
Product Type = 1
Architecture = x86
[2012/09/07 22:19:42 1984.3]
#-199 Executing "X:\i386\explorer.exe" with command line: explorer.exe
#E412 Per-machine codesigning policy settings appear to have been tampered with. Error 13: The data is invalid.
#W413 Default of 0 restored to "Policy" value under HKEY_LOCAL_MACHINE\Software\Microsoft\Non-Driver Signing.
#W413 Default of 1 restored to "Policy" value under HKEY_LOCAL_MACHINE\Software\Microsoft\Driver Signing.
#W415 Codesigning policy database re-synchronized to default values.

-------------------- advpack.dll is loaded or Attached ------------------------------
Date: 09/07/2012 (mm/dd/yyyy) Time: 22:19:42 (hh:mm:ss)
RegInstall: Section=BackupUserAgent
ExecuteCab:Inf = B:\RGI19.tmp
CoreInstall: InfFile=B:\RGI19.tmp InstallSection=BackupUserAgent
SaveRestoreInfo: End hr=0x0 $
GenInstall: Sec=BackupUserAgent
GenInstall return: Sec=BackupUserAgent hr=0x0
CoreInstall: End InfFile=B:\RGI19.tmp hr=0x0
ExecuteCab: End hr=0x0 Inf=B:\RGI19.tmp
RegInstall: Section=BackupUserAgent End hr=0
-------------------- advpack.dll is unloaded or Detached ----------------------------
-------------------- advpack.dll is loaded or Attached ------------------------------
Date: 09/07/2012 (mm/dd/yyyy) Time: 22:19:42 (hh:mm:ss)
RegInstall: Section=BackupConnectionSettings
ExecuteCab:Inf = B:\RGI1A.tmp
CoreInstall: InfFile=B:\RGI1A.tmp InstallSection=BackupConnectionSettings
SaveRestoreInfo: End hr=0x0 ‡
GenInstall: Sec=BackupConnectionSettings
GenInstall return: Sec=BackupConnectionSettings hr=0x0
CoreInstall: End InfFile=B:\RGI1A.tmp hr=0x0
ExecuteCab: End hr=0x0 Inf=B:\RGI1A.tmp
RegInstall: Section=BackupConnectionSettings End hr=0
-------------------- advpack.dll is unloaded or Detached ----------------------------
-------------------- advpack.dll is loaded or Attached ------------------------------
Date: 09/07/2012 (mm/dd/yyyy) Time: 22:19:42 (hh:mm:ss)
RegInstall: Section=Backup.HKCU
ExecuteCab:Inf = B:\RGI1B.tmp
CoreInstall: InfFile=B:\RGI1B.tmp InstallSection=Backup.HKCU
SaveRestoreInfo: End hr=0x0 Þ
GenInstall: Sec=Backup.HKCU
GenInstall return: Sec=Backup.HKCU hr=0x0
CoreInstall: End InfFile=B:\RGI1B.tmp hr=0x0
ExecuteCab: End hr=0x0 Inf=B:\RGI1B.tmp
RegInstall: Section=Backup.HKCU End hr=0
-------------------- advpack.dll is unloaded or Detached ----------------------------
-------------------- advpack.dll is loaded or Attached ------------------------------
Date: 09/07/2012 (mm/dd/yyyy) Time: 22:19:42 (hh:mm:ss)
RegInstall: Section=Reg.HKCU
RunSetupCommand: Cmd=B:\RGI1C.tmp
CoreInstall: InfFile=B:\RGI1C.tmp InstallSection=Reg.HKCU
GenInstall: Sec=Reg.HKCU
GenInstall return: Sec=Reg.HKCU hr=0x0
CoreInstall: End InfFile=B:\RGI1C.tmp hr=0x0
RunSetupCommand: Cmd=B:\RGI1C.tmp End hr=0x0
RegInstall: Section=Reg.HKCU End hr=0
-------------------- advpack.dll is unloaded or Detached ----------------------------
-------------------- advpack.dll is loaded or Attached ------------------------------
Date: 09/07/2012 (mm/dd/yyyy) Time: 22:19:43 (hh:mm:ss)
RegInstall: Section=Internet.HackActiveX
RunSetupCommand: Cmd=B:\RGI1D.tmp
CoreInstall: InfFile=B:\RGI1D.tmp InstallSection=Internet.HackActiveX
GenInstall: Sec=Internet.HackActiveX
GenInstall return: Sec=Internet.HackActiveX hr=0x0
CoreInstall: End InfFile=B:\RGI1D.tmp hr=0x0
RunSetupCommand: Cmd=B:\RGI1D.tmp End hr=0x0
RegInstall: Section=Internet.HackActiveX End hr=0
-------------------- advpack.dll is unloaded or Detached ----------------------------

markusg · 07.09.2012, 18:13

was ist das? nicht das log von otl
fürs noch mal aus und speichere dann den bericht

gawi · 07.09.2012, 19:17

Ich hoffe, dass ist jetzt besser

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 9/7/2012 11:57:31 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 73.74 Mb Free Space | 73.75% Space Free | Partition Type: NTFS
Drive G: | 401.13 Gb Total Space | 229.47 Gb Free Space | 57.21% Space Free | Partition Type: NTFS
Drive H: | 529.28 Gb Total Space | 421.51 Gb Free Space | 79.64% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/03/28 22:19:10 | 000,235,520 | ---- | M] (AMD) [Auto] -- G:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/03/28 19:49:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- G:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/05 13:37:11 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand] -- G:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/26 02:16:40 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- G:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/24 12:08:54 | 000,076,888 | ---- | M] () [Auto] -- G:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/27 07:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- G:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/16 10:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto] -- G:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/03 07:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto] -- G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 07:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- G:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/15 06:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto] -- G:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/06/14 18:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- G:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/01 19:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- G:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/01 18:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- G:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/18 00:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto] -- G:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/06/17 13:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand] -- G:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/10/22 07:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto] -- G:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- G:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- G:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- G:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/07/03 07:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- G:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/06/18 07:34:44 | 000,019,032 | ---- | M] () [Kernel | On_Demand] -- G:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012/06/18 07:34:42 | 000,012,384 | ---- | M] () [Kernel | On_Demand] -- G:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012/05/02 09:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- G:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 04:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- G:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/24 18:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- G:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/29 03:30:26 | 010,830,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/28 21:09:08 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- G:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/16 07:42:00 | 000,676,968 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- G:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/01/18 00:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)
DRV:64bit: - [2012/01/18 00:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/13 16:05:56 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- G:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/12/12 16:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- G:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/12/12 16:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- G:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/10/25 23:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/10/25 23:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2010/11/25 00:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- G:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/02/18 03:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- G:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- G:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- G:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- G:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Daniel_ON_G\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=55a8c5fc-cb65-4622-957b-80f634d8a0ce&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Daniel_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=55a8c5fc-cb65-4622-957b-80f634d8a0ce&affid=111583&searchtype=hp&babsrc=lnkry_nt
IE - HKU\Daniel_ON_G\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=55a8c5fc-cb65-4622-957b-80f634d8a0ce&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Daniel_ON_G\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=55a8c5fc-cb65-4622-957b-80f634d8a0ce&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Daniel_ON_G\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - G:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
IE - HKU\Daniel_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Daniel_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=55a8c5fc-cb65-4622-957b-80f634d8a0ce&affid=111583&searchtype=ds&babsrc=lnkry&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\System32\Macromed\Flash\NPSWF64_11_4_402_265.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: G:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@gamersfirst.com/LiveLauncher:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: G:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: G:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/SAFFPlugin: G:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: G:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: G:\Users\Daniel\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: G:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: G:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/26 13:20:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/24 09:28:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/26 12:21:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/26 13:20:03 | 000,000,000 | ---D | M]
 
[2012/07/26 12:21:51 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
[2012/08/24 10:52:01 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4tolq6i8.default\extensions
[2012/08/24 10:52:01 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- G:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4tolq6i8.default\extensions\battlefieldplay4free@ea.com
[2012/07/26 13:06:15 | 000,002,474 | ---- | M] () -- G:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\4tolq6i8.default\searchplugins\Web Search.xml
[2012/07/26 12:21:39 | 000,000,000 | ---D | M] (No name found) -- G:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- 
[2012/06/14 18:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- G:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:46:57 | 000,001,392 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/14 18:46:56 | 000,002,252 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:46:57 | 000,001,153 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/14 18:46:57 | 000,006,805 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/14 18:46:57 | 000,001,178 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/14 18:46:56 | 000,001,105 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/07/28 04:52:55 | 000,443,881 | R--- | M]) - G:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15244 more lines...
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - G:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - G:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - G:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - G:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\Daniel_ON_G\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] G:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] G:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] G:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LWS] G:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] G:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Daniel_ON_G..\Run: [Akamai NetSession Interface]  File not found
O4 - HKU\Daniel_ON_G..\Run: [AVA - Downloader] G:\Users\Daniel\Downloads\ava_us_downloader.exe (Aeria Games & Entertainment)
O4 - HKU\Daniel_ON_G..\Run: [EADM] G:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\Daniel_ON_G..\Run: [SpybotSD TeaTimer] G:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Daniel_ON_G..\Run: [Steam] G:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\Daniel_ON_G..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro]  File not found
O4 - HKU\LocalService_ON_G..\Run: [Sidebar] G:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_G..\Run: [Sidebar] G:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\LocalService_ON_G..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_G..\RunOnce: [mctadmin]  File not found
O4 - Startup: G:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk ()
O4 - Startup: G:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - Daniel_ON_G\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Daniel_ON_G\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Daniel_ON_G\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Daniel_ON_G\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - LocalService_ON_G\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - LocalService_ON_G\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - LocalService_ON_G\..Trusted Domains: soe.com ([]* in )
O15:64bit: - LocalService_ON_G\..Trusted Domains: sony.com ([]* in )
O15:64bit: - NetworkService_ON_G\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - NetworkService_ON_G\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - NetworkService_ON_G\..Trusted Domains: soe.com ([]* in )
O15:64bit: - NetworkService_ON_G\..Trusted Domains: sony.com ([]* in )
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - G:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - G:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - G:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{f9c30002-d73e-11e1-ba98-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f9c30002-d73e-11e1-ba98-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/06 14:58:15 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Roaming\Malwarebytes
[2012/09/06 14:58:06 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/06 14:58:06 | 000,000,000 | ---D | C] -- G:\ProgramData\Malwarebytes
[2012/09/06 14:58:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbam.sys
[2012/09/06 14:58:05 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/04 12:40:21 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Roaming\.minecraft
[2012/09/04 10:14:02 | 000,000,000 | ---D | C] -- G:\Users\Daniel\Desktop\Cam Studio
[2012/09/04 10:13:09 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2012/09/04 10:13:07 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\CamStudio
[2012/09/04 09:22:12 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Local\Diagnostics
[2012/09/02 10:05:19 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Local\Aeria Games
[2012/09/02 10:04:59 | 000,000,000 | ---D | C] -- G:\ProgramData\Aeria Games
[2012/09/02 10:04:25 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Roaming\Aeria Games & Entertainment
[2012/09/02 10:03:15 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012/09/02 08:12:53 | 000,000,000 | ---D | C] -- G:\AeriaGames
[2012/09/01 16:33:19 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Local\Logitech® Webcam-Software
[2012/09/01 16:31:21 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Local\LogiShrd
[2012/09/01 16:28:08 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Roaming\Leadertech
[2012/09/01 16:27:34 | 000,000,000 | ---D | C] -- G:\ProgramData\Logitech
[2012/09/01 16:27:26 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Common Files\LWS
[2012/09/01 16:27:20 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/09/01 16:27:17 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Logitech
[2012/09/01 16:27:17 | 000,000,000 | ---D | C] -- G:\ProgramData\LogiShrd
[2012/08/26 02:36:38 | 000,000,000 | ---D | C] -- G:\Users\Daniel\Desktop\Praktikum
[2012/08/25 16:12:20 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012/08/25 16:12:15 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Local\TeamSpeak 3 Client
[2012/08/24 12:02:57 | 000,000,000 | ---D | C] -- G:\Users\Daniel\Documents\Battlefield Play4Free
[2012/08/24 11:58:01 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
[2012/08/24 10:52:32 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\EA Games
[2012/08/22 09:28:03 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Roaming\The Creative Assembly
[2012/08/21 15:46:07 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Local\Adobe
[2012/08/21 06:18:50 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Common Files\Steam
[2012/08/21 06:18:49 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/08/21 06:18:49 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Steam
[2012/08/20 11:31:04 | 000,000,000 | ---D | C] -- G:\ProgramData\EA Core
[2012/08/20 11:31:01 | 000,000,000 | ---D | C] -- G:\Users\Daniel\Documents\FIFA 12
[2012/08/20 11:24:30 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12
[2012/08/20 11:24:29 | 000,000,000 | -H-D | C] -- G:\Program Files (x86)\Common Files\EAInstaller
[2012/08/20 10:21:04 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Roaming\Origin
[2012/08/20 10:20:53 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Local\Origin
[2012/08/20 10:20:49 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/08/20 10:20:47 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Origin Games
[2012/08/20 10:20:47 | 000,000,000 | ---D | C] -- G:\ProgramData\Origin
[2012/08/20 10:20:47 | 000,000,000 | ---D | C] -- G:\ProgramData\Electronic Arts
[2012/08/20 10:20:40 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Origin
[2012/08/19 17:24:17 | 000,000,000 | ---D | C] -- G:\Users\Daniel\Documents\The Lord of the Rings Online
[2012/08/19 17:24:17 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Local\The Lord of the Rings Online
[2012/08/19 16:47:52 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Local\Turbine
[2012/08/19 16:38:33 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Local\ApplicationHistory
[2012/08/19 16:37:29 | 000,000,000 | ---D | C] -- G:\Windows\SysWow64\URTTEMP
[2012/08/19 16:37:12 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
[2012/08/19 16:20:13 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Turbine
[2012/08/19 15:34:17 | 000,000,000 | ---D | C] -- G:\Users\Daniel\AppData\Local\PunkBuster
[2012/08/19 15:00:56 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\NVIDIA Corporation
[2012/08/19 15:00:49 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/18 21:01:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\mshtmled.dll
[2012/08/18 21:01:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\mshtmled.dll
[2012/08/18 21:01:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\url.dll
[2012/08/18 21:01:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\url.dll
[2012/08/18 21:01:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\ieui.dll
[2012/08/18 21:01:32 | 002,312,704 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jscript9.dll
[2012/08/18 21:01:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\inetcpl.cpl
[2012/08/18 21:01:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\inetcpl.cpl
[2012/08/18 21:01:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ieui.dll
[2012/08/18 21:01:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ieUnatt.exe
[2012/08/18 21:01:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\ieUnatt.exe
[2012/08/18 21:01:31 | 001,800,704 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\jscript9.dll
[2012/08/18 21:01:31 | 000,816,640 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jscript.dll
[2012/08/18 21:01:31 | 000,717,824 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\jscript.dll
[2012/08/18 11:48:34 | 000,751,104 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\win32spl.dll
[2012/08/18 11:48:34 | 000,492,032 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\win32spl.dll
[2012/08/18 11:48:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- G:\Windows\splwow64.exe
[2012/08/18 11:09:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\netapi32.dll
[2012/08/18 11:09:21 | 000,059,392 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\browcli.dll
[2012/08/18 11:09:21 | 000,041,984 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\browcli.dll
[2012/08/18 11:06:37 | 000,503,808 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\srcore.dll
[2012/08/18 10:51:52 | 000,956,928 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\localspl.dll
[2012/08/18 10:04:59 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Common Files\McAfee
[2012/08/18 10:04:52 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\McAfee
[1 G:\Windows\*.tmp files -> G:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/06 17:29:40 | 000,067,584 | --S- | M] () -- G:\Windows\bootstat.dat
[2012/09/06 17:25:00 | 000,000,884 | ---- | M] () -- G:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 14:59:44 | 000,016,752 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 14:59:44 | 000,016,752 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 14:59:31 | 000,664,396 | ---- | M] () -- G:\Windows\System32\perfh007.dat
[2012/09/06 14:59:31 | 000,624,578 | ---- | M] () -- G:\Windows\System32\perfh009.dat
[2012/09/06 14:59:31 | 000,134,564 | ---- | M] () -- G:\Windows\System32\perfc007.dat
[2012/09/06 14:59:31 | 000,110,216 | ---- | M] () -- G:\Windows\System32\perfc009.dat
[2012/09/06 14:58:06 | 000,001,156 | ---- | M] () -- G:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/06 14:58:06 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/06 14:54:32 | 004,503,728 | ---- | M] () -- G:\ProgramData\dsgsdgdsgdsgw.pad
[2012/09/06 14:52:04 | 2800,545,792 | -HS- | M] () -- G:\hiberfil.sys
[2012/09/06 09:41:36 | 000,294,168 | ---- | M] () -- G:\Windows\System32\FNTCACHE.DAT
[2012/09/05 13:30:35 | 000,001,940 | ---- | M] () -- G:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/09/05 10:46:34 | 000,282,104 | ---- | M] () -- G:\Windows\SysWow64\PnkBstrB.xtr
[2012/09/05 10:46:34 | 000,282,104 | ---- | M] () -- G:\Windows\SysWow64\PnkBstrB.exe
[2012/09/05 10:46:27 | 000,234,768 | ---- | M] () -- G:\Windows\SysWow64\PnkBstrB.ex0
[2012/09/04 10:13:09 | 000,001,061 | ---- | M] () -- G:\Users\Public\Desktop\CamStudio.lnk
[2012/09/04 10:13:09 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2012/09/04 09:16:56 | 000,001,155 | ---- | M] () -- G:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012/09/03 13:32:37 | 000,000,000 | ---- | M] () -- G:\Users\Daniel\Desktop\AutoScreenRecorder_01 Sep. 03 19.32.avi
[2012/09/01 16:32:34 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/09/01 16:27:20 | 000,001,671 | ---- | M] () -- G:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2012/08/31 12:13:34 | 000,000,219 | ---- | M] () -- G:\Users\Daniel\Desktop\Team Fortress 2.url
[2012/08/27 14:57:30 | 000,057,655 | ---- | M] () -- G:\Users\Daniel\AppData\Roaming\icarus-dxdiag.xml
[2012/08/27 14:36:28 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst
[2012/08/26 13:38:54 | 000,002,441 | ---- | M] () -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/26 13:38:54 | 000,002,066 | ---- | M] () -- G:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/26 02:16:39 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/26 02:16:39 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/25 16:12:20 | 000,001,214 | ---- | M] () -- G:\Users\Daniel\Desktop\TeamSpeak 3 Client.lnk
[2012/08/24 12:08:54 | 000,076,888 | ---- | M] () -- G:\Windows\SysWow64\PnkBstrA.exe
[2012/08/22 08:29:55 | 000,000,000 | R--D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/08/21 06:18:50 | 000,000,964 | ---- | M] () -- G:\Users\Public\Desktop\Steam.lnk
[2012/08/21 06:18:50 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/08/20 11:24:30 | 000,001,281 | ---- | M] () -- G:\Users\Public\Desktop\FIFA 12.lnk
[2012/08/20 11:24:30 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12
[2012/08/20 10:20:49 | 000,001,026 | ---- | M] () -- G:\Users\Public\Desktop\Origin.lnk
[2012/08/20 10:20:49 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/08/19 16:38:33 | 000,000,094 | ---- | M] () -- G:\Users\Daniel\AppData\Local\fusioncache.dat
[2012/08/19 16:38:24 | 001,553,234 | ---- | M] () -- G:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/19 16:37:50 | 000,000,000 | R--D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/19 16:37:13 | 000,002,245 | ---- | M] () -- G:\Users\Daniel\Desktop\Der Herr der Ringe Online.lnk
[2012/08/19 16:37:13 | 000,000,000 | R--D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/19 16:37:12 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
[1 G:\Windows\*.tmp files -> G:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/09/06 14:58:06 | 000,001,156 | ---- | C] () -- G:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/09/05 13:30:35 | 004,503,728 | ---- | C] () -- G:\ProgramData\dsgsdgdsgdsgw.pad
[2012/09/05 13:30:35 | 000,001,940 | ---- | C] () -- G:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/09/04 10:13:09 | 000,001,061 | ---- | C] () -- G:\Users\Public\Desktop\CamStudio.lnk
[2012/09/04 09:16:56 | 000,001,155 | ---- | C] () -- G:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012/09/03 13:32:37 | 000,000,000 | ---- | C] () -- G:\Users\Daniel\Desktop\AutoScreenRecorder_01 Sep. 03 19.32.avi
[2012/09/01 16:27:20 | 000,001,671 | ---- | C] () -- G:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2012/08/31 12:13:34 | 000,000,219 | ---- | C] () -- G:\Users\Daniel\Desktop\Team Fortress 2.url
[2012/08/27 14:57:30 | 000,057,655 | ---- | C] () -- G:\Users\Daniel\AppData\Roaming\icarus-dxdiag.xml
[2012/08/26 13:38:54 | 000,002,066 | ---- | C] () -- G:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/25 16:12:20 | 000,001,214 | ---- | C] () -- G:\Users\Daniel\Desktop\TeamSpeak 3 Client.lnk
[2012/08/21 06:18:50 | 000,000,964 | ---- | C] () -- G:\Users\Public\Desktop\Steam.lnk
[2012/08/20 11:24:30 | 000,001,281 | ---- | C] () -- G:\Users\Public\Desktop\FIFA 12.lnk
[2012/08/20 10:20:49 | 000,001,026 | ---- | C] () -- G:\Users\Public\Desktop\Origin.lnk
[2012/08/19 16:38:33 | 000,000,094 | ---- | C] () -- G:\Users\Daniel\AppData\Local\fusioncache.dat
[2012/08/19 16:37:48 | 001,553,234 | ---- | C] () -- G:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/19 16:37:13 | 000,002,245 | ---- | C] () -- G:\Users\Daniel\Desktop\Der Herr der Ringe Online.lnk
[2012/08/19 15:34:21 | 000,282,104 | ---- | C] () -- G:\Windows\SysWow64\PnkBstrB.xtr
[2012/08/19 15:01:26 | 000,282,104 | ---- | C] () -- G:\Windows\SysWow64\PnkBstrB.exe
[2012/08/19 15:01:26 | 000,234,768 | ---- | C] () -- G:\Windows\SysWow64\PnkBstrB.ex0
[2012/08/19 15:01:25 | 000,076,888 | ---- | C] () -- G:\Windows\SysWow64\PnkBstrA.exe
[2012/07/26 13:16:03 | 000,219,801 | ---- | C] () -- G:\Windows\hpoins40.dat
[2012/07/26 12:29:10 | 000,000,000 | ---- | C] () -- G:\Windows\ativpsrm.bin
[2012/04/25 14:29:27 | 000,204,960 | ---- | C] () -- G:\Windows\SysWow64\ativvsvl.dat
[2012/04/25 14:29:27 | 000,157,152 | ---- | C] () -- G:\Windows\SysWow64\ativvsva.dat
[2012/04/25 14:29:26 | 000,003,917 | ---- | C] () -- G:\Windows\SysWow64\atipblag.dat
[2012/03/28 18:22:32 | 000,054,784 | ---- | C] () -- G:\Windows\SysWow64\OVDecode.dll
[2012/03/02 10:33:26 | 000,023,040 | ---- | C] () -- G:\Windows\SysWow64\kdbsdk32.dll
[2012/01/18 00:44:00 | 010,920,984 | ---- | C] () -- G:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 00:44:00 | 000,336,408 | ---- | C] () -- G:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 00:44:00 | 000,104,472 | ---- | C] () -- G:\Windows\SysWow64\LogiDPPApp.exe
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- G:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- G:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- G:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- G:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- G:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- G:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- G:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- G:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:51:05 | 000,000,992 | ---- | C] () -- G:\Windows\hpomdl40.dat
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- G:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2012/09/02 16:20:24 | 000,000,000 | ---D | M] -- G:\ProgramData\Aeria Games
[2012/07/26 12:27:23 | 000,000,000 | ---D | M] -- G:\ProgramData\AMD
[2012/07/26 11:50:57 | 000,000,000 | -HSD | M] -- G:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Application Data
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Documents
[2012/07/26 11:50:57 | 000,000,000 | -HSD | M] -- G:\ProgramData\Dokumente
[2012/08/20 11:31:04 | 000,000,000 | ---D | M] -- G:\ProgramData\EA Core
[2012/08/20 11:31:08 | 000,000,000 | ---D | M] -- G:\ProgramData\Electronic Arts
[2012/07/26 11:50:57 | 000,000,000 | -HSD | M] -- G:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Favorites
[2012/08/20 11:07:27 | 000,000,000 | ---D | M] -- G:\ProgramData\Origin
[2012/09/04 11:02:25 | 000,000,000 | ---D | M] -- G:\ProgramData\PMB Files
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Start Menu
[2012/07/26 11:50:57 | 000,000,000 | -HSD | M] -- G:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Templates
[2012/07/26 11:50:57 | 000,000,000 | -HSD | M] -- G:\ProgramData\Vorlagen
[2009/07/14 01:08:49 | 000,018,018 | ---- | M] () -- G:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

06.09.2012, 18:07	#6
markusg /// Malware-holic	Post von der Bundespolizei lasse bitte nur das laufen, was ich dir sage, sonst können wir uns das schenken. starte den rechner neu, gehe ins bios, erreicht man meist über die entf taste dort prüfe, ob der ide oder ahci mode gewählt ist, konfiguriere das gegenteilige und dann versuche es mit der cd erneut __________________ --> Post von der Bundespolizei

Post von der Bundespolizei

Plagegeister aller Art und deren Bekämpfung: Post von der Bundespolizei