Bundespolizeivirus
Hello
Folgendes; Bin vorhin mal ganz unschuldig und ohne etwas zu ahnen im Netz gesurft, als auf einmal ein Fenster aufpopt, mit der Nachricht, ich habe 100 Euro per Paysafecard an die Bundespolizei zu ueberweisen :rofl:
www.heute.at/news/multimedia/art23657,670274
Naja der Virus duerfte sehr bekannt sein da ich einiges darueber im Netz gefunden hab.
Aber zum eigentlichen Problem meinerseits;
Aufgrund zahlreicher Artikel und Threads im Internet, hab ich erfahren das der Virus nur zu 100% entfernt werden kann wenn man die Festplatte Formatiert.
Nun da ich aber genau null Ahnung von Computern habe, frag ich besser mal nach bevor der hier noch länger schlummert..
Ok gesagt getan, Notebook Formatiert jedoch macht mich eines unsicher;
Beim Formatieren hatte ich 3 Partitionen zur auswahl - Partition 0 Recovery
Partition 1 und Partition 2
Auf Partition 1 war mein ganzes Zeugs oben und somit auch der Virus also hab ich eben die Formatiertl.
Was Partition 0 Recovery ist, weiß ich leider garnicht
und auf Partition 2 hab ich eine Sicherheitskopie von meiner Windows-cd, also ISO Dateien oder so..
Naja jetzt frag ich mich ob ich die anderen Partitionen auch noch löschen muss, um sicher zu sein ob mein Notebook nun wirklich Virus frei ist..
Wie gesagt ich weiß leider sehr wenig von Computern und deswegen bin ich gerade auf euren Rat angewiesen
Und wenn ich jetzt Windows starte, kann ich zwischen zwei Betriebsystemen auswählen
Windows 7
und
Windows 7
Die obere bringt mich hier hin wo ich jetzt bin... Was die untere macht weiß ich nicht..
Könnte da evtl noch der Virus oben sein?
Tante Edit(h) - Mal eben das untere Betriebsystem ausgewählt und ich komme genau in das selbe wie oben, bloß das sich dort ein DOS-Fenster öffnet mit dem Namen "winsat.exe" und das macht halt irgendwas ( Sorry kanns nicht besser formulieren xD )
Was mir noch sorgen macht
Ich hab vor 2 Tagen mit einer Kreditkarte eingekauft im Internet..
Könnte der Virus/Trojana da schon oben gewesen sein?
Hab heute erst bevor der sich gezeigt hat einen Scan durchgefuehrt mit Antivir, jedoch ohne ergebnisse.
Ist es problematisch wenn er schon davor oben war? Muss ich die Karte sperren lassen?
Rechtschreibfehler sind beabsichtigt
Lg
Kann mir niemand helfen bezueglich Kreditkarte sperren und ob ich das mit den Partitionen auch richtig gemacht hab? :(
Ach und hier uebriges dieser Text vom Otl ProgrammOTL Logfile: Code:
OTL logfile created on: 03.04.2012 13:09:37 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\powl\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,78 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 62,44% Memory free
7,56 Gb Paging File | 5,92 Gb Available in Paging File | 78,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 14,93 Gb Free Space | 12,52% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 136,85 Gb Free Space | 88,95% Space Free | Partition Type: NTFS
Drive E: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: JASCHON-PC | User Name: powl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.04.03 13:07:09 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\powl\Downloads\OTL.exe
PRC - [2012.04.03 00:19:01 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
PRC - [2011.10.17 10:44:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - [2012.04.03 00:19:01 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.10.17 10:44:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.08 07:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011.07.27 21:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2011.07.27 20:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011.07.27 20:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2011.06.03 12:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.10.17 10:44:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.10.03 18:48:40 | 000,394,728 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.10.03 18:48:38 | 000,129,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.09.19 15:54:46 | 000,108,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.08.08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.08.08 07:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.08.03 17:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011.07.26 16:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 5D F1 25 1B 11 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKCU..\Run: [BrowserChoice] "C:\Windows\System32\browserchoice.exe" /run File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37CE7037-8CD4-437B-9749-3E8C2C2ACDA0}: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BA50B86-94E9-4BAE-8733-49A2CDE8A1DC}: DhcpNameServer = 212.186.211.21 195.34.133.21
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.15 21:39:51 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.04.03 12:59:26 | 000,000,000 | ---D | C] -- C:\Users\powl\riotsGamesLogs
[2012.04.03 12:58:18 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Roaming\LolClient
[2012.04.03 12:47:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.04.03 12:47:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012.04.03 01:49:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2012.04.03 01:49:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2012.04.03 01:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012.04.03 01:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.04.03 01:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.04.03 01:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.04.03 01:14:30 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.04.03 01:14:30 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.04.03 01:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.04.03 01:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012.04.03 01:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.04.03 01:01:45 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Roaming\TS3Client
[2012.04.03 01:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.04.03 01:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012.04.03 00:59:25 | 000,000,000 | ---D | C] -- C:\Users\powl\Desktop\LeagueOfLegends
[2012.04.03 00:58:54 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Local\PMB Files
[2012.04.03 00:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012.04.03 00:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012.04.03 00:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2012.04.03 00:51:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2012.04.03 00:43:18 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.04.03 00:19:14 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Roaming\Macromedia
[2012.04.03 00:19:14 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Roaming\Adobe
[2012.04.03 00:19:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.04.03 00:18:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.04.02 23:41:10 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Roaming\Intel
[2012.04.02 23:40:58 | 000,000,000 | ---D | C] -- C:\Users\powl\Roaming
[2012.04.02 23:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2012.04.02 23:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2012.04.02 23:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012.04.02 23:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012.04.02 23:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012.04.02 23:17:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012.04.02 23:17:16 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.04.02 23:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
[2012.04.02 23:10:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.04.02 23:10:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.04.02 22:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
[2012.04.02 22:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverTuner
[2012.04.02 22:50:39 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.04.02 22:31:58 | 000,000,000 | ---D | C] -- C:\Windows.old
[2012.04.02 22:22:47 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Local\Diagnostics
[2012.04.02 22:18:15 | 000,000,000 | R--D | C] -- C:\Users\powl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.04.02 22:18:15 | 000,000,000 | R--D | C] -- C:\Users\powl\Searches
[2012.04.02 22:18:15 | 000,000,000 | R--D | C] -- C:\Users\powl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.04.02 22:18:00 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Roaming\Identities
[2012.04.02 22:17:55 | 000,000,000 | R--D | C] -- C:\Users\powl\Contacts
[2012.04.02 22:17:50 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Local\VirtualStore
[2012.04.02 22:17:32 | 000,000,000 | --SD | C] -- C:\Users\powl\AppData\Roaming\Microsoft
[2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Videos
[2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Saved Games
[2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Pictures
[2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Music
[2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Links
[2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Favorites
[2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Downloads
[2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Documents
[2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\Desktop
[2012.04.02 22:17:32 | 000,000,000 | R--D | C] -- C:\Users\powl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Vorlagen
[2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\AppData\Local\Verlauf
[2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\AppData\Local\Temporary Internet Files
[2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Startmenü
[2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\SendTo
[2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Recent
[2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Netzwerkumgebung
[2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Lokale Einstellungen
[2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Documents\Eigene Videos
[2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Documents\Eigene Musik
[2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Eigene Dateien
[2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Documents\Eigene Bilder
[2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Druckumgebung
[2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Cookies
[2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\AppData\Local\Anwendungsdaten
[2012.04.02 22:17:32 | 000,000,000 | -HSD | C] -- C:\Users\powl\Anwendungsdaten
[2012.04.02 22:17:32 | 000,000,000 | -H-D | C] -- C:\Users\powl\AppData
[2012.04.02 22:17:32 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Local\Temp
[2012.04.02 22:17:32 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Local\Microsoft
[2012.04.02 22:17:32 | 000,000,000 | ---D | C] -- C:\Users\powl\AppData\Roaming\Media Center Programs
[2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.04.02 22:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.04.02 21:54:59 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.04.02 21:51:55 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
========== Files - Modified Within 30 Days ==========
[2012.04.03 12:57:02 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 12:57:02 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.03 12:56:55 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.03 12:56:55 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.03 12:56:55 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.03 12:56:55 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.03 12:56:55 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.03 12:53:12 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.04.03 12:50:54 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.04.03 12:50:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.03 12:50:25 | 3045,064,704 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.03 12:46:57 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.03 03:15:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.04.03 03:15:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.04.03 01:50:29 | 000,015,812 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2012.04.03 01:32:08 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.04.03 01:00:43 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.04.02 23:40:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2012.04.02 22:51:14 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2012.04.02 22:50:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012.04.02 21:57:39 | 000,056,735 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.04.02 21:57:39 | 000,056,735 | ---- | M] () -- C:\Windows\SysNative\license.rtf
========== Files Created - No Company Name ==========
[2012.04.03 12:53:12 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.04.03 03:15:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.04.03 03:15:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.04.03 01:50:29 | 000,015,812 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2012.04.03 01:32:08 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.04.03 01:15:13 | 001,985,841 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.04.03 01:14:30 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.04.03 01:00:43 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.04.03 00:19:03 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.02 23:40:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2012.04.02 23:23:33 | 029,341,125 | ---- | C] () -- C:\Users\powl\Desktop\WLAN_AW_NE139_Win7_64_Z10051201052011.zip
[2012.04.02 23:23:26 | 228,031,320 | ---- | C] () -- C:\Users\powl\Desktop\VGA_nVidia_Win7_64_Z817128564.zip
[2012.04.02 23:23:26 | 003,589,156 | ---- | C] () -- C:\Users\powl\Desktop\USB3_AsMedia_Win7_64_Z11420.zip
[2012.04.02 23:17:06 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012.04.02 22:51:14 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2012.04.02 22:18:22 | 000,001,407 | ---- | C] () -- C:\Users\powl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.04.02 22:18:17 | 000,001,441 | ---- | C] () -- C:\Users\powl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.04.02 21:57:29 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.04.02 21:57:23 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.07.26 16:20:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.26 16:20:38 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.26 16:20:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.26 16:14:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.07.26 15:50:58 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
========== LOP Check ==========
[2012.04.03 12:58:18 | 000,000,000 | ---D | M] -- C:\Users\powl\AppData\Roaming\LolClient
[2012.04.03 13:08:59 | 000,000,000 | ---D | M] -- C:\Users\powl\AppData\Roaming\TS3Client
[2009.07.14 07:08:49 | 000,002,394 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- --- |
