Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen3 nach Recovery

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.03.2012, 12:43   #1
dexter84
 
TR/Crypt.XPACK.Gen3 nach Recovery - Frage

TR/Crypt.XPACK.Gen3 nach Recovery



Hallo, ich habe ebenfalls den TR/Crypt.XPACK.Gen3 mir eingefangen.... Habe mein Notebook bereits auf den Auslieferungszustand gesetzt? Reicht das aus oder muss zwingend format C erfolgen? Habe hier noch OTL Logdatei...

Hoffe das mir jemand helfen kann, wünsche euch einen schönen Sonntag!OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.03.2012 12:23:35 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sören\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,26 Gb Available Physical Memory | 66,24% Memory free
15,89 Gb Paging File | 13,13 Gb Available in Paging File | 82,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 591,35 Gb Total Space | 561,04 Gb Free Space | 94,87% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,14 Gb Free Space | 90,16% Space Free | Partition Type: NTFS
Drive E: | 698,63 Gb Total Space | 94,32 Gb Free Space | 13,50% Space Free | Partition Type: exFAT
Drive F: | 5,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SÖRENSLAPTOP | User Name: Sören | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.25 12:19:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sören\Downloads\OTL.exe
PRC - [2011.11.09 14:23:55 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011.11.09 14:23:32 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011.11.09 14:21:49 | 002,569,568 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LenovoR.I.C.Tray.exe
PRC - [2011.05.10 06:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.03.21 05:47:22 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
PRC - [2011.01.29 01:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2011.01.12 20:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.12 20:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.21 05:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.10.15 00:46:14 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2010.02.03 02:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
PRC - [2009.01.26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.09 14:23:55 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2011.11.09 14:23:32 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2011.11.09 14:21:50 | 000,083,296 | ---- | M] () -- C:\Windows\SysWOW64\GetASData.dll
MOD - [2011.11.09 14:21:49 | 001,771,872 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\ColorBlindnessDLL.dll
MOD - [2011.11.09 14:21:49 | 001,635,168 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\RapIdentify.dll
MOD - [2011.11.09 14:21:49 | 000,337,248 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\RICPlayerInterface.dll
MOD - [2011.11.09 14:21:49 | 000,275,808 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\GuiSys.dll
MOD - [2011.11.09 14:21:49 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\lua5.1.dll
MOD - [2011.11.09 14:21:49 | 000,087,392 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LenovoRIC.interface.dll
MOD - [2011.11.09 14:21:49 | 000,071,008 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LangHlpr.dll
MOD - [2011.11.09 14:21:49 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\ShowGuiMessageBox.dll
MOD - [2011.11.09 14:21:49 | 000,016,736 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\assistant.dll
MOD - [2011.11.09 14:21:49 | 000,015,200 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\SimpRes.dll
MOD - [2011.11.09 14:21:49 | 000,013,152 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\BusyTimer.dll
MOD - [2011.11.09 14:21:49 | 000,012,128 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LidMsg.dll
MOD - [2011.11.09 13:17:02 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c12289a28b784b00589a66803aad590b\IAStorUtil.ni.dll
MOD - [2011.11.09 13:17:02 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\df148d204dde5d959973a72f36c8c3fa\IAStorCommon.ni.dll
MOD - [2011.11.09 01:54:57 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.11.09 01:54:55 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.05.10 06:00:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2011.02.16 19:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2011.02.16 19:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2010.11.21 05:49:13 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2010.11.21 05:48:49 | 012,432,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010.11.21 05:48:42 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010.11.21 05:48:30 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2010.11.21 05:48:25 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010.11.21 05:48:22 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010.11.21 05:48:21 | 007,963,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010.11.21 05:48:14 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2010.10.15 00:46:12 | 002,912,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\7.0.517.43\pdf.dll
MOD - [2010.10.15 00:44:44 | 000,091,192 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\7.0.517.43\avutil-50.dll
MOD - [2010.10.15 00:44:43 | 000,193,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\7.0.517.43\avformat-52.dll
MOD - [2010.10.15 00:44:42 | 001,431,608 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\7.0.517.43\avcodec-52.dll
MOD - [2010.10.14 22:30:55 | 005,964,752 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\7.0.517.43\gcswf32.dll
MOD - [2008.06.19 17:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008.03.05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008.03.04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008.02.26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007.12.24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.03.13 13:45:12 | 000,158,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011.03.13 13:37:22 | 000,208,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011.03.13 13:37:06 | 000,197,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.01.27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011.01.27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011.01.27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011.01.27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011.01.27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011.01.27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011.01.27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.11.09 14:16:20 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2011.05.12 18:01:46 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.05.10 06:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.20 11:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_3A60B698)
SRV - [2011.03.17 18:39:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS)
SRV - [2011.01.28 14:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV - [2011.01.12 20:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 16:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.09 14:32:56 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011.11.09 14:32:55 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011.11.09 14:30:43 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011.11.09 14:30:43 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011.11.09 14:21:49 | 000,020,064 | ---- | M] (Ensurebit Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\delayman.sys -- (DelayMan)
DRV:64bit: - [2011.11.09 14:21:49 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex)
DRV:64bit: - [2011.11.09 02:06:11 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.11.09 02:06:11 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.05.13 02:01:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011.05.13 02:01:34 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.05.13 02:01:24 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.05.13 02:01:24 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.05.13 02:01:24 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.05.13 02:01:24 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.05.10 06:00:18 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.05.09 22:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2011.03.26 03:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.23 16:13:58 | 008,199,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2011.03.21 07:42:52 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.13 13:20:10 | 000,639,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011.03.13 13:20:10 | 000,481,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011.03.13 13:20:10 | 000,281,928 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011.03.13 13:20:10 | 000,227,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011.03.13 13:20:10 | 000,156,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011.03.13 13:20:10 | 000,098,728 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011.03.13 13:20:10 | 000,075,672 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011.03.13 13:20:10 | 000,065,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011.01.29 01:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.01.12 19:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.01.04 07:48:14 | 000,007,168 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVPolDIR.sys -- (AVPolDIR)
DRV:64bit: - [2011.01.04 07:47:50 | 000,534,144 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerPola.sys -- (AVerPola)
DRV:64bit: - [2010.12.13 05:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.19 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.10.28 12:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.15 10:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.03.25 12:13:55 | 000,000,000 | ---D | M]
 
 
========== Chrome ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: McAfee SiteAdvisor = C:\Users\Sören\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20111109121720.dll (McAfee, Inc.)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111109121720.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [LenovoR.I.C.Tray] C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LenovoR.I.C.Tray.exe (Lenovo)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.111.81.129 10.129.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A41C2C0-D123-45C7-AC1E-3EEEB53EEBAD}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D738A130-CE56-4635-A73F-39EEDC3B3E06}: DhcpNameServer = 10.111.81.129 10.129.32.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.25 12:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.03.25 12:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.03.25 12:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.03.25 12:15:27 | 000,000,000 | ---D | C] -- C:\Users\Sören\Documents\Simply Super Software
[2012.03.25 12:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.03.25 12:14:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.03.25 12:14:23 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Simply Super Software
[2012.03.25 12:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.03.25 12:03:02 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Macromedia
[2012.03.25 12:03:02 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Adobe
[2012.03.24 20:21:37 | 000,000,000 | ---D | C] -- C:\Users\Sören\Documents\Youcam
[2012.03.24 20:21:36 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Local\CyberLink
[2012.03.23 22:38:58 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Lenovo
[2012.03.23 22:38:57 | 000,000,000 | ---D | C] -- C:\Users\Sören\Documents\Lenovo
[2012.03.23 22:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo
[2012.03.23 22:38:57 | 000,000,000 | ---D | C] -- C:\Users\Sören\Documents\CyberLink
[2012.03.23 22:38:56 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\CyberLink
[2012.03.23 18:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.03.23 18:21:24 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\EasyCapture
[2012.03.23 18:18:38 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.03.23 17:33:55 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Local\Google
[2012.03.23 17:25:59 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Local\Broadcom
[2012.03.23 17:25:59 | 000,000,000 | ---D | C] -- C:\Users\Sören\Documents\Bluetooth-Exchange-Ordner
[2012.03.23 17:25:48 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Intel Corporation
[2012.03.23 17:25:16 | 000,000,000 | R--D | C] -- C:\Users\Sören\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.03.23 17:25:16 | 000,000,000 | R--D | C] -- C:\Users\Sören\Searches
[2012.03.23 17:25:16 | 000,000,000 | R--D | C] -- C:\Users\Sören\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.03.23 17:25:08 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Identities
[2012.03.23 17:25:06 | 000,000,000 | R--D | C] -- C:\Users\Sören\Contacts
[2012.03.23 17:25:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.03.23 17:25:01 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Local\VirtualStore
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Vorlagen
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\AppData\Local\Verlauf
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\AppData\Local\Temporary Internet Files
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Startmenü
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\SendTo
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Recent
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Netzwerkumgebung
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Lokale Einstellungen
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Documents\Eigene Videos
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Documents\Eigene Musik
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Eigene Dateien
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Documents\Eigene Bilder
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Druckumgebung
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Cookies
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\AppData\Local\Anwendungsdaten
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Anwendungsdaten
[2012.03.23 17:24:49 | 000,000,000 | --SD | C] -- C:\Users\Sören\AppData\Roaming\Microsoft
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Videos
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Saved Games
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Pictures
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Music
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Links
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Favorites
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Downloads
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Documents
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Desktop
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.03.23 17:24:49 | 000,000,000 | -H-D | C] -- C:\Users\Sören\AppData
[2012.03.23 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Local\Temp
[2012.03.23 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Local\Microsoft
[2012.03.23 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Media Center Programs
[2012.03.23 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.25 12:29:26 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.03.25 12:20:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.25 12:16:41 | 000,001,258 | ---- | M] () -- C:\Users\Sören\Desktop\Spybot - Search & Destroy.lnk
[2012.03.25 12:14:31 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.03.25 12:13:49 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 12:13:49 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 11:58:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.03.24 18:43:34 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.23 18:37:43 | 000,651,648 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.03.23 18:37:43 | 000,120,580 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.03.23 18:37:42 | 001,611,160 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.03.23 18:37:42 | 000,696,370 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.03.23 18:37:42 | 000,147,634 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.03.23 18:33:43 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012.03.23 18:32:24 | 000,564,636 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012.03.23 18:31:09 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.23 18:22:15 | 000,159,772 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2012.03.23 18:22:15 | 000,159,772 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2012.03.23 18:13:51 | 000,080,327 | ---- | M] () -- C:\Users\Sören\Desktop\heimnetzgruppe.png
[2012.03.23 17:25:46 | 000,002,086 | ---- | M] () -- C:\Users\Sören\Desktop\OneKey Recovery.lnk
[2012.03.23 17:25:44 | 000,001,122 | ---- | M] () -- C:\Users\Sören\Desktop\Cyberlink Power2Go.lnk
 
========== Files Created - No Company Name ==========
 
[2012.03.25 12:16:41 | 000,001,258 | ---- | C] () -- C:\Users\Sören\Desktop\Spybot - Search & Destroy.lnk
[2012.03.25 12:14:31 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.03.25 12:14:29 | 000,153,088 | ---- | C] () -- C:\windows\SysWow64\UNRAR3.dll
[2012.03.25 12:14:29 | 000,075,264 | ---- | C] () -- C:\windows\SysWow64\unacev2.dll
[2012.03.23 18:18:30 | 2103,332,863 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.23 18:13:51 | 000,080,327 | ---- | C] () -- C:\Users\Sören\Desktop\heimnetzgruppe.png
[2012.03.23 17:25:20 | 000,001,405 | ---- | C] () -- C:\Users\Sören\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.03.23 17:25:16 | 000,001,439 | ---- | C] () -- C:\Users\Sören\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.03.23 17:24:49 | 000,002,086 | ---- | C] () -- C:\Users\Sören\Desktop\OneKey Recovery.lnk
[2012.03.23 17:24:49 | 000,001,122 | ---- | C] () -- C:\Users\Sören\Desktop\Cyberlink Power2Go.lnk
[2012.03.23 17:24:49 | 000,000,189 | ---- | C] () -- C:\Users\Sören\Desktop\Lenovo Telephony Start Now.url
[2011.11.09 15:12:44 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011.11.09 15:12:44 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011.11.09 14:23:59 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011.11.09 14:23:59 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011.11.09 14:23:59 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011.11.09 14:23:59 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011.11.09 14:23:54 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011.11.09 14:21:50 | 001,771,872 | ---- | C] () -- C:\windows\SysWow64\ColorBlindnessDLL.dll
[2011.11.09 14:21:50 | 000,087,392 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.interface.dll
[2011.11.09 14:21:50 | 000,083,296 | ---- | C] () -- C:\windows\SysWow64\GetASData.dll
[2011.11.09 14:21:50 | 000,080,480 | ---- | C] () -- C:\windows\SysWow64\WinIoEx.dll
[2011.11.09 14:21:50 | 000,058,720 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.stub.dll
[2011.11.09 13:47:08 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011.11.09 13:45:06 | 001,589,182 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.11.09 13:19:06 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.11.09 13:19:05 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.11.09 13:19:04 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
 
< End of report >
         
--- --- ---

Alt 25.03.2012, 17:24   #2
markusg
/// Malware-holic
 
TR/Crypt.XPACK.Gen3 nach Recovery - Standard

TR/Crypt.XPACK.Gen3 nach Recovery



hi
die meldung hast du nach dem wiederherstellen auf den auslieferungszustand erhalten?
woher sollen wir denn sagen können, was evtl. gefunden wurde, wenn du uns nicht die meldung postest? und zwar die komplette :-)
__________________

__________________

Antwort

Themen zu TR/Crypt.XPACK.Gen3 nach Recovery
antivirus, autorun, bho, explorer, explorer.exe, firefox, format, google, helper, home, lenovo, logfile, microsoft, notebook, nvidia, nvpciflt.sys, programme, rapide, realtek, recover, registry, safer networking, scan, searchscopes, siteadvisor, software, super, tr/crypt.xpack.ge, tr/crypt.xpack.gen, usb, usb 3.0, version=1.0, windows, windows media player, winlogon



Ähnliche Themen: TR/Crypt.XPACK.Gen3 nach Recovery


  1. TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3
    Log-Analyse und Auswertung - 14.06.2014 (13)
  2. Trojaner TR/crypt-xpack.gen3 Auswertung Logfiles nach Bearbeitung durch Malwarebytes
    Log-Analyse und Auswertung - 31.03.2012 (10)
  3. TR/Crypt.XPACK.Gen, TR/Sirefef.BV.2, TR/Crypt.XPACK.Gen3, TR/PSW.Karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  4. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 07.01.2012 (4)
  5. Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 08.10.2011 (1)
  6. Bluescreen nach Crypt.XPACK.Gen3 -Fund durch Avira
    Plagegeister aller Art und deren Bekämpfung - 10.05.2011 (6)
  7. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 17.03.2011 (3)
  8. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 13.01.2011 (49)
  9. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  10. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (14)
  11. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (3)
  12. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  13. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 14.10.2010 (11)
  14. TR/Crypt.XPACK.Gen3, TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 11.10.2010 (4)
  15. Massenweise Viren werden in Windows/Temp erstellt (Tr/Crypt.xpack.Gen3+TR/Crypt.Pepn.Gen und andere)
    Plagegeister aller Art und deren Bekämpfung - 08.10.2010 (6)
  16. Firewall lässt sich nicht starten nach dem Fund von TR/Crypt.XPACK.Gen3
    Log-Analyse und Auswertung - 26.09.2010 (1)
  17. Befall mit TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (23)

Zum Thema TR/Crypt.XPACK.Gen3 nach Recovery - Hallo, ich habe ebenfalls den TR/Crypt.XPACK.Gen3 mir eingefangen.... Habe mein Notebook bereits auf den Auslieferungszustand gesetzt? Reicht das aus oder muss zwingend format C erfolgen? Habe hier noch OTL Logdatei... - TR/Crypt.XPACK.Gen3 nach Recovery...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen3 nach Recovery auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.