|
Plagegeister aller Art und deren Bekämpfung: BundespolizeivirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.04.2012, 00:41 | #1 |
| Bundespolizeivirus Hello Folgendes; Bin vorhin mal ganz unschuldig und ohne etwas zu ahnen im Netz gesurft, als auf einmal ein Fenster aufpopt, mit der Nachricht, ich habe 100 Euro per Paysafecard an die Bundespolizei zu ueberweisen www.heute.at/news/multimedia/art23657,670274 Naja der Virus duerfte sehr bekannt sein da ich einiges darueber im Netz gefunden hab. Aber zum eigentlichen Problem meinerseits; Aufgrund zahlreicher Artikel und Threads im Internet, hab ich erfahren das der Virus nur zu 100% entfernt werden kann wenn man die Festplatte Formatiert. Nun da ich aber genau null Ahnung von Computern habe, frag ich besser mal nach bevor der hier noch länger schlummert.. Ok gesagt getan, Notebook Formatiert jedoch macht mich eines unsicher; Beim Formatieren hatte ich 3 Partitionen zur auswahl - Partition 0 Recovery Partition 1 und Partition 2 Auf Partition 1 war mein ganzes Zeugs oben und somit auch der Virus also hab ich eben die Formatiertl. Was Partition 0 Recovery ist, weiß ich leider garnicht und auf Partition 2 hab ich eine Sicherheitskopie von meiner Windows-cd, also ISO Dateien oder so.. Naja jetzt frag ich mich ob ich die anderen Partitionen auch noch löschen muss, um sicher zu sein ob mein Notebook nun wirklich Virus frei ist.. Wie gesagt ich weiß leider sehr wenig von Computern und deswegen bin ich gerade auf euren Rat angewiesen Und wenn ich jetzt Windows starte, kann ich zwischen zwei Betriebsystemen auswählen Windows 7 und Windows 7 Die obere bringt mich hier hin wo ich jetzt bin... Was die untere macht weiß ich nicht.. Könnte da evtl noch der Virus oben sein? Tante Edit(h) - Mal eben das untere Betriebsystem ausgewählt und ich komme genau in das selbe wie oben, bloß das sich dort ein DOS-Fenster öffnet mit dem Namen "winsat.exe" und das macht halt irgendwas ( Sorry kanns nicht besser formulieren xD ) Was mir noch sorgen macht Ich hab vor 2 Tagen mit einer Kreditkarte eingekauft im Internet.. Könnte der Virus/Trojana da schon oben gewesen sein? Hab heute erst bevor der sich gezeigt hat einen Scan durchgefuehrt mit Antivir, jedoch ohne ergebnisse. Ist es problematisch wenn er schon davor oben war? Muss ich die Karte sperren lassen? Rechtschreibfehler sind beabsichtigt Lg Kann mir niemand helfen bezueglich Kreditkarte sperren und ob ich das mit den Partitionen auch richtig gemacht hab? Ach und hier uebriges dieser Text vom Otl ProgrammOTL Logfile: Code:
ATTFilter OTL logfile created on: 03.04.2012 13:09:37 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\powl\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,78 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 62,44% Memory free 7,56 Gb Paging File | 5,92 Gb Available in Paging File | 78,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 14,93 Gb Free Space | 12,52% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 136,85 Gb Free Space | 88,95% Space Free | Partition Type: NTFS Drive E: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JASCHON-PC | User Name: powl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.03 13:07:09 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\powl\Downloads\OTL.exe PRC - [2012.04.03 00:19:01 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe PRC - [2011.10.17 10:44:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.04.03 00:19:01 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.10.17 10:44:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.08.08 07:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.07.27 21:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2011.07.27 20:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2011.07.27 20:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2011.06.03 12:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.10.17 10:44:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.10.03 18:48:40 | 000,394,728 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.10.03 18:48:38 | 000,129,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.09.19 15:54:46 | 000,108,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.08.08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.08.08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.08.03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2011.07.26 16:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 5D F1 25 1B 11 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKCU..\Run: [BrowserChoice] "C:\Windows\System32\browserchoice.exe" /run File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37CE7037-8CD4-437B-9749-3E8C2C2ACDA0}: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BA50B86-94E9-4BAE-8733-49A2CDE8A1DC}: DhcpNameServer = 212.186.211.21 195.34.133.21 O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.15 21:39:51 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.03 12:59:26 | 000,000,000 | ---D | C] -- C:\Users\powl\riotsGamesLogs [2012.04.03 12:58:18 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Roaming\LolClient [2012.04.03 12:47:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2012.04.03 12:47:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2012.04.03 01:49:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV [2012.04.03 01:49:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV [2012.04.03 01:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games [2012.04.03 01:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.04.03 01:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.04.03 01:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.04.03 01:14:30 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.04.03 01:14:30 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.04.03 01:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2012.04.03 01:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2012.04.03 01:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.04.03 01:01:45 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Roaming\TS3Client [2012.04.03 01:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012.04.03 01:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2012.04.03 00:59:25 | 000,000,000 | ---D | C] -- C:\Users\powl\Desktop\LeagueOfLegends [2012.04.03 00:58:54 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Local\PMB Files [2012.04.03 00:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2012.04.03 00:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2012.04.03 00:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3 [2012.04.03 00:51:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e [2012.04.03 00:43:18 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.04.03 00:19:14 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Roaming\Macromedia [2012.04.03 00:19:14 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Roaming\Adobe [2012.04.03 00:19:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.04.03 00:18:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.04.02 23:41:10 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Roaming\Intel [2012.04.02 23:40:58 | 000,000,000 | ---D | C] -- C:\Users\powl\Roaming [2012.04.02 23:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming [2012.04.02 23:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless [2012.04.02 23:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2012.04.02 23:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012.04.02 23:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2012.04.02 23:17:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2012.04.02 23:17:16 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.04.02 23:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver [2012.04.02 23:10:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.04.02 23:10:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.04.02 22:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner [2012.04.02 22:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverTuner [2012.04.02 22:50:39 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.04.02 22:31:58 | 000,000,000 | ---D | C] -- C:\Windows.old [2012.04.02 22:22:47 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Local\Diagnostics [2012.04.02 22:18:15 | 000,000,000 | R--D | C] -- C:\Users\powl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.04.02 22:18:15 | 000,000,000 | R--D | C] -- C:\Users\powl\Searches [2012.04.02 22:18:15 | 000,000,000 | R--D | C] -- C:\Users\powl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.04.02 22:18:00 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Roaming\Identities [2012.04.02 22:17:55 | 000,000,000 | R--D | C] -- C:\Users\powl\Contacts [2012.04.02 22:17:50 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Local\VirtualStore [2012.04.02 22:17:32 | 000,000,000 | --SD | C] -- C:\Users\powl\AppData\Roaming\Microsoft [2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Videos [2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Saved Games [2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Pictures [2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Music [2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Links [2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Favorites [2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Downloads [2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Documents [2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Desktop [2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Vorlagen [2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\AppData\Local\Verlauf [2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\AppData\Local\Temporary Internet Files [2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Startmenü [2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\SendTo [2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Recent [2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Netzwerkumgebung [2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Lokale Einstellungen [2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Documents\Eigene Videos [2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Documents\Eigene Musik [2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Eigene Dateien [2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Documents\Eigene Bilder [2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Druckumgebung [2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Cookies [2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\AppData\Local\Anwendungsdaten [2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Anwendungsdaten [2012.04.02 22:17:32 | 000,000,000 | -H-D | C] -- C:\Users\powl\AppData [2012.04.02 22:17:32 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Local\Temp [2012.04.02 22:17:32 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Local\Microsoft [2012.04.02 22:17:32 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Roaming\Media Center Programs [2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\Programme [2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.04.02 21:54:59 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.04.02 21:51:55 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch ========== Files - Modified Within 30 Days ========== [2012.04.03 12:57:02 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.03 12:57:02 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.03 12:56:55 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.04.03 12:56:55 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.04.03 12:56:55 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.04.03 12:56:55 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.04.03 12:56:55 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.04.03 12:53:12 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012.04.03 12:50:54 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.04.03 12:50:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.03 12:50:25 | 3045,064,704 | -HS- | M] () -- C:\hiberfil.sys [2012.04.03 12:46:57 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.03 03:15:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.04.03 03:15:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.04.03 01:50:29 | 000,015,812 | ---- | M] () -- C:\Windows\SysNative\results.xml [2012.04.03 01:32:08 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2012.04.03 01:00:43 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012.04.02 23:40:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf [2012.04.02 22:51:14 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\DriverTuner.lnk [2012.04.02 22:50:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2012.04.02 21:57:39 | 000,056,735 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.04.02 21:57:39 | 000,056,735 | ---- | M] () -- C:\Windows\SysNative\license.rtf ========== Files Created - No Company Name ========== [2012.04.03 12:53:12 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012.04.03 03:15:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.04.03 03:15:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.04.03 01:50:29 | 000,015,812 | ---- | C] () -- C:\Windows\SysNative\results.xml [2012.04.03 01:32:08 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2012.04.03 01:15:13 | 001,985,841 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012.04.03 01:14:30 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2012.04.03 01:00:43 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012.04.03 00:19:03 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.02 23:40:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf [2012.04.02 23:23:33 | 029,341,125 | ---- | C] () -- C:\Users\powl\Desktop\WLAN_AW_NE139_Win7_64_Z10051201052011.zip [2012.04.02 23:23:26 | 228,031,320 | ---- | C] () -- C:\Users\powl\Desktop\VGA_nVidia_Win7_64_Z817128564.zip [2012.04.02 23:23:26 | 003,589,156 | ---- | C] () -- C:\Users\powl\Desktop\USB3_AsMedia_Win7_64_Z11420.zip [2012.04.02 23:17:06 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.04.02 22:51:14 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\DriverTuner.lnk [2012.04.02 22:18:22 | 000,001,407 | ---- | C] () -- C:\Users\powl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.04.02 22:18:17 | 000,001,441 | ---- | C] () -- C:\Users\powl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.04.02 21:57:29 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.04.02 21:57:23 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011.07.26 16:20:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.07.26 16:20:38 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.07.26 16:20:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.07.26 16:14:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.07.26 15:50:58 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll ========== LOP Check ========== [2012.04.03 12:58:18 | 000,000,000 | ---D | M] -- C:\Users\powl\AppData\Roaming\LolClient [2012.04.03 13:08:59 | 000,000,000 | ---D | M] -- C:\Users\powl\AppData\Roaming\TS3Client [2009.07.14 07:08:49 | 000,002,394 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Geändert von pauwli (03.04.2012 um 01:02 Uhr) |
04.04.2012, 13:53 | #2 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | BundespolizeivirusZitat:
Da steht alles drin zum Thema Recovery Mit welchem Medium genau hast du denn Windows neu installiert? Zitat:
__________________ |
Themen zu Bundespolizeivirus |
100%, ahnung, anderen, beabsichtigt, besser, computer, computern, dateien, entfernt, euren, euro, fenster, festplatte, formatieren, interne, internet, kreditkarte, langs, league of legends, länger, löschen, nachricht, notebook, nvpciflt.sys, partitionen, paysafecard, platte, problem, schreibfehler, searchscopes, spielen, threads, virus, wirklich |