TR/Crypt.XPACK.Gen3 nach Recovery

dexter84 · 25.03.2012, 11:43

Hallo, ich habe ebenfalls den TR/Crypt.XPACK.Gen3 mir eingefangen.... Habe mein Notebook bereits auf den Auslieferungszustand gesetzt? Reicht das aus oder muss zwingend format C erfolgen? Habe hier noch OTL Logdatei...

Hoffe das mir jemand helfen kann, wünsche euch einen schönen Sonntag!OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.03.2012 12:23:35 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sören\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,26 Gb Available Physical Memory | 66,24% Memory free
15,89 Gb Paging File | 13,13 Gb Available in Paging File | 82,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 591,35 Gb Total Space | 561,04 Gb Free Space | 94,87% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,14 Gb Free Space | 90,16% Space Free | Partition Type: NTFS
Drive E: | 698,63 Gb Total Space | 94,32 Gb Free Space | 13,50% Space Free | Partition Type: exFAT
Drive F: | 5,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SÖRENSLAPTOP | User Name: Sören | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.25 12:19:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sören\Downloads\OTL.exe
PRC - [2011.11.09 14:23:55 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011.11.09 14:23:32 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011.11.09 14:21:49 | 002,569,568 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LenovoR.I.C.Tray.exe
PRC - [2011.05.10 06:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.03.21 05:47:22 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
PRC - [2011.01.29 01:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2011.01.12 20:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.12 20:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.21 05:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.10.15 00:46:14 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2010.02.03 02:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
PRC - [2009.01.26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.09 14:23:55 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2011.11.09 14:23:32 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2011.11.09 14:21:50 | 000,083,296 | ---- | M] () -- C:\Windows\SysWOW64\GetASData.dll
MOD - [2011.11.09 14:21:49 | 001,771,872 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\ColorBlindnessDLL.dll
MOD - [2011.11.09 14:21:49 | 001,635,168 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\RapIdentify.dll
MOD - [2011.11.09 14:21:49 | 000,337,248 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\RICPlayerInterface.dll
MOD - [2011.11.09 14:21:49 | 000,275,808 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\GuiSys.dll
MOD - [2011.11.09 14:21:49 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\lua5.1.dll
MOD - [2011.11.09 14:21:49 | 000,087,392 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LenovoRIC.interface.dll
MOD - [2011.11.09 14:21:49 | 000,071,008 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LangHlpr.dll
MOD - [2011.11.09 14:21:49 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\ShowGuiMessageBox.dll
MOD - [2011.11.09 14:21:49 | 000,016,736 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\assistant.dll
MOD - [2011.11.09 14:21:49 | 000,015,200 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\SimpRes.dll
MOD - [2011.11.09 14:21:49 | 000,013,152 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\BusyTimer.dll
MOD - [2011.11.09 14:21:49 | 000,012,128 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LidMsg.dll
MOD - [2011.11.09 13:17:02 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c12289a28b784b00589a66803aad590b\IAStorUtil.ni.dll
MOD - [2011.11.09 13:17:02 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\df148d204dde5d959973a72f36c8c3fa\IAStorCommon.ni.dll
MOD - [2011.11.09 01:54:57 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.11.09 01:54:55 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.05.10 06:00:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2011.02.16 19:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2011.02.16 19:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2010.11.21 05:49:13 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2010.11.21 05:48:49 | 012,432,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010.11.21 05:48:42 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010.11.21 05:48:30 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2010.11.21 05:48:25 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010.11.21 05:48:22 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010.11.21 05:48:21 | 007,963,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010.11.21 05:48:14 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2010.10.15 00:46:12 | 002,912,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\7.0.517.43\pdf.dll
MOD - [2010.10.15 00:44:44 | 000,091,192 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\7.0.517.43\avutil-50.dll
MOD - [2010.10.15 00:44:43 | 000,193,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\7.0.517.43\avformat-52.dll
MOD - [2010.10.15 00:44:42 | 001,431,608 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\7.0.517.43\avcodec-52.dll
MOD - [2010.10.14 22:30:55 | 005,964,752 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\7.0.517.43\gcswf32.dll
MOD - [2008.06.19 17:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008.03.05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008.03.04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008.02.26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007.12.24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.03.13 13:45:12 | 000,158,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011.03.13 13:37:22 | 000,208,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011.03.13 13:37:06 | 000,197,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.01.27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011.01.27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011.01.27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011.01.27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011.01.27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011.01.27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011.01.27 20:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.11.09 14:16:20 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2011.05.12 18:01:46 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.05.10 06:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.20 11:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_3A60B698)
SRV - [2011.03.17 18:39:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS)
SRV - [2011.01.28 14:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV - [2011.01.12 20:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 16:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.09 14:32:56 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011.11.09 14:32:55 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011.11.09 14:30:43 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011.11.09 14:30:43 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011.11.09 14:21:49 | 000,020,064 | ---- | M] (Ensurebit Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\delayman.sys -- (DelayMan)
DRV:64bit: - [2011.11.09 14:21:49 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex)
DRV:64bit: - [2011.11.09 02:06:11 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.11.09 02:06:11 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.05.13 02:01:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011.05.13 02:01:34 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.05.13 02:01:24 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.05.13 02:01:24 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.05.13 02:01:24 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.05.13 02:01:24 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.05.10 06:00:18 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.05.09 22:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2011.03.26 03:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.23 16:13:58 | 008,199,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2011.03.21 07:42:52 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.13 13:20:10 | 000,639,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011.03.13 13:20:10 | 000,481,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011.03.13 13:20:10 | 000,281,928 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011.03.13 13:20:10 | 000,227,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011.03.13 13:20:10 | 000,156,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011.03.13 13:20:10 | 000,098,728 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011.03.13 13:20:10 | 000,075,672 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011.03.13 13:20:10 | 000,065,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011.01.29 01:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.01.12 19:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.01.04 07:48:14 | 000,007,168 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVPolDIR.sys -- (AVPolDIR)
DRV:64bit: - [2011.01.04 07:47:50 | 000,534,144 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerPola.sys -- (AVerPola)
DRV:64bit: - [2010.12.13 05:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.19 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.10.28 12:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.15 10:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.03.25 12:13:55 | 000,000,000 | ---D | M]
 
 
========== Chrome ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: McAfee SiteAdvisor = C:\Users\Sören\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20111109121720.dll (McAfee, Inc.)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111109121720.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [LenovoR.I.C.Tray] C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LenovoR.I.C.Tray.exe (Lenovo)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.111.81.129 10.129.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A41C2C0-D123-45C7-AC1E-3EEEB53EEBAD}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D738A130-CE56-4635-A73F-39EEDC3B3E06}: DhcpNameServer = 10.111.81.129 10.129.32.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.25 12:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.03.25 12:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.03.25 12:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.03.25 12:15:27 | 000,000,000 | ---D | C] -- C:\Users\Sören\Documents\Simply Super Software
[2012.03.25 12:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.03.25 12:14:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.03.25 12:14:23 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Simply Super Software
[2012.03.25 12:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.03.25 12:03:02 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Macromedia
[2012.03.25 12:03:02 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Adobe
[2012.03.24 20:21:37 | 000,000,000 | ---D | C] -- C:\Users\Sören\Documents\Youcam
[2012.03.24 20:21:36 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Local\CyberLink
[2012.03.23 22:38:58 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Lenovo
[2012.03.23 22:38:57 | 000,000,000 | ---D | C] -- C:\Users\Sören\Documents\Lenovo
[2012.03.23 22:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo
[2012.03.23 22:38:57 | 000,000,000 | ---D | C] -- C:\Users\Sören\Documents\CyberLink
[2012.03.23 22:38:56 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\CyberLink
[2012.03.23 18:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.03.23 18:21:24 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\EasyCapture
[2012.03.23 18:18:38 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.03.23 17:33:55 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Local\Google
[2012.03.23 17:25:59 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Local\Broadcom
[2012.03.23 17:25:59 | 000,000,000 | ---D | C] -- C:\Users\Sören\Documents\Bluetooth-Exchange-Ordner
[2012.03.23 17:25:48 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Intel Corporation
[2012.03.23 17:25:16 | 000,000,000 | R--D | C] -- C:\Users\Sören\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.03.23 17:25:16 | 000,000,000 | R--D | C] -- C:\Users\Sören\Searches
[2012.03.23 17:25:16 | 000,000,000 | R--D | C] -- C:\Users\Sören\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.03.23 17:25:08 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Identities
[2012.03.23 17:25:06 | 000,000,000 | R--D | C] -- C:\Users\Sören\Contacts
[2012.03.23 17:25:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.03.23 17:25:01 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Local\VirtualStore
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Vorlagen
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\AppData\Local\Verlauf
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\AppData\Local\Temporary Internet Files
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Startmenü
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\SendTo
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Recent
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Netzwerkumgebung
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Lokale Einstellungen
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Documents\Eigene Videos
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Documents\Eigene Musik
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Eigene Dateien
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Documents\Eigene Bilder
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Druckumgebung
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Cookies
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\AppData\Local\Anwendungsdaten
[2012.03.23 17:24:50 | 000,000,000 | -HSD | C] -- C:\Users\Sören\Anwendungsdaten
[2012.03.23 17:24:49 | 000,000,000 | --SD | C] -- C:\Users\Sören\AppData\Roaming\Microsoft
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Videos
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Saved Games
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Pictures
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Music
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Links
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Favorites
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Downloads
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Documents
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\Desktop
[2012.03.23 17:24:49 | 000,000,000 | R--D | C] -- C:\Users\Sören\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.03.23 17:24:49 | 000,000,000 | -H-D | C] -- C:\Users\Sören\AppData
[2012.03.23 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Local\Temp
[2012.03.23 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Local\Microsoft
[2012.03.23 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Media Center Programs
[2012.03.23 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.03.23 17:24:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.25 12:29:26 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.03.25 12:20:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.25 12:16:41 | 000,001,258 | ---- | M] () -- C:\Users\Sören\Desktop\Spybot - Search & Destroy.lnk
[2012.03.25 12:14:31 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.03.25 12:13:49 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 12:13:49 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 11:58:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.03.24 18:43:34 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.23 18:37:43 | 000,651,648 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.03.23 18:37:43 | 000,120,580 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.03.23 18:37:42 | 001,611,160 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.03.23 18:37:42 | 000,696,370 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.03.23 18:37:42 | 000,147,634 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.03.23 18:33:43 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012.03.23 18:32:24 | 000,564,636 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012.03.23 18:31:09 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.23 18:22:15 | 000,159,772 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2012.03.23 18:22:15 | 000,159,772 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2012.03.23 18:13:51 | 000,080,327 | ---- | M] () -- C:\Users\Sören\Desktop\heimnetzgruppe.png
[2012.03.23 17:25:46 | 000,002,086 | ---- | M] () -- C:\Users\Sören\Desktop\OneKey Recovery.lnk
[2012.03.23 17:25:44 | 000,001,122 | ---- | M] () -- C:\Users\Sören\Desktop\Cyberlink Power2Go.lnk
 
========== Files Created - No Company Name ==========
 
[2012.03.25 12:16:41 | 000,001,258 | ---- | C] () -- C:\Users\Sören\Desktop\Spybot - Search & Destroy.lnk
[2012.03.25 12:14:31 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.03.25 12:14:29 | 000,153,088 | ---- | C] () -- C:\windows\SysWow64\UNRAR3.dll
[2012.03.25 12:14:29 | 000,075,264 | ---- | C] () -- C:\windows\SysWow64\unacev2.dll
[2012.03.23 18:18:30 | 2103,332,863 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.23 18:13:51 | 000,080,327 | ---- | C] () -- C:\Users\Sören\Desktop\heimnetzgruppe.png
[2012.03.23 17:25:20 | 000,001,405 | ---- | C] () -- C:\Users\Sören\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.03.23 17:25:16 | 000,001,439 | ---- | C] () -- C:\Users\Sören\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.03.23 17:24:49 | 000,002,086 | ---- | C] () -- C:\Users\Sören\Desktop\OneKey Recovery.lnk
[2012.03.23 17:24:49 | 000,001,122 | ---- | C] () -- C:\Users\Sören\Desktop\Cyberlink Power2Go.lnk
[2012.03.23 17:24:49 | 000,000,189 | ---- | C] () -- C:\Users\Sören\Desktop\Lenovo Telephony Start Now.url
[2011.11.09 15:12:44 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011.11.09 15:12:44 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011.11.09 14:23:59 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011.11.09 14:23:59 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011.11.09 14:23:59 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011.11.09 14:23:59 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011.11.09 14:23:54 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011.11.09 14:21:50 | 001,771,872 | ---- | C] () -- C:\windows\SysWow64\ColorBlindnessDLL.dll
[2011.11.09 14:21:50 | 000,087,392 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.interface.dll
[2011.11.09 14:21:50 | 000,083,296 | ---- | C] () -- C:\windows\SysWow64\GetASData.dll
[2011.11.09 14:21:50 | 000,080,480 | ---- | C] () -- C:\windows\SysWow64\WinIoEx.dll
[2011.11.09 14:21:50 | 000,058,720 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.stub.dll
[2011.11.09 13:47:08 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011.11.09 13:45:06 | 001,589,182 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.11.09 13:19:06 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.11.09 13:19:05 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.11.09 13:19:04 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
 
< End of report >

--- --- ---

markusg · 25.03.2012, 16:24

hi
die meldung hast du nach dem wiederherstellen auf den auslieferungszustand erhalten?
woher sollen wir denn sagen können, was evtl. gefunden wurde, wenn du uns nicht die meldung postest? und zwar die komplette :-)

25.03.2012, 16:24	#2
markusg /// Malware-holic	TR/Crypt.XPACK.Gen3 nach Recovery hi die meldung hast du nach dem wiederherstellen auf den auslieferungszustand erhalten? woher sollen wir denn sagen können, was evtl. gefunden wurde, wenn du uns nicht die meldung postest? und zwar die komplette :-) __________________ __________________

TR/Crypt.XPACK.Gen3 nach Recovery

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen3 nach Recovery

TR/Crypt.XPACK.Gen3 nach Recovery

TR/Crypt.XPACK.Gen3 nach Recovery

Ähnliche Themen: TR/Crypt.XPACK.Gen3 nach Recovery