| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Flash Drive Shortcut Virus wtbchkxbde..vbsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.04.2014, 20:47
| #16 |
| /// the machine /// TB-Ausbilder    |  Flash Drive Shortcut Virus wtbchkxbde..vbs Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter: BleepingComputer.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter File::
c:\users\Franz\AppData\Roaming\wtbchkxbde..vbs
c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wtbchkxbde"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wtbchkxbde"=-
Wichtig:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.04.2014, 03:14
| #17 |
 | Flash Drive Shortcut Virus wtbchkxbde..vbs ComboFix.txt:
__________________Code:
ATTFilter ComboFix 14-04-20.01 - Franz 22.04.2014 3:32.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3764.2088 [GMT 2:00]
ausgeführt von:: c:\users\Franz\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Franz\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs"
"c:\users\Franz\AppData\Roaming\wtbchkxbde..vbs"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-22 bis 2014-04-22 ))))))))))))))))))))))))))))))
.
.
2014-04-22 01:44 . 2014-04-22 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-22 00:40 . 2014-04-22 00:40 -------- d-----w- c:\program files (x86)\Smadav
2014-04-22 00:40 . 2014-04-22 00:40 -------- d-----w- c:\users\Franz\AppData\Roaming\Smadav
2014-04-18 21:16 . 2013-09-22 15:47 73266 ----a-w- c:\users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-04-18 21:14 . 2013-09-22 15:47 73266 ----a-w- c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
2014-04-16 21:46 . 2014-04-16 21:46 -------- d-----w- c:\windows\ERUNT
2014-04-16 21:07 . 2014-04-16 21:10 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-16 21:06 . 2014-04-16 21:06 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-04-16 21:06 . 2014-04-16 21:06 -------- d-----w- c:\programdata\Malwarebytes
2014-04-16 21:06 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-16 21:06 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-16 21:06 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-16 21:06 . 2014-04-16 21:06 -------- d-----w- c:\users\Franz\AppData\Local\Programs
2014-04-16 00:52 . 2014-04-16 00:52 -------- d-----w- c:\programdata\Panda Security
2014-04-16 00:52 . 2014-04-16 00:52 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2014-04-14 08:43 . 2014-04-20 03:21 -------- d-----w- C:\FRST
2014-04-07 07:32 . 2014-04-22 00:28 -------- d-----w- C:\[Smad-Cage]
2014-04-07 07:30 . 2014-04-07 07:30 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2014-04-02 06:19 . 2014-04-02 06:54 -------- d-----w- c:\users\Franz\AppData\Local\NPE
2014-04-02 06:19 . 2014-04-02 06:19 -------- d-----w- c:\programdata\Norton
2014-03-25 07:40 . 2014-03-25 07:40 -------- d-----w- C:\found.001
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-04 12:17 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
"wtbchkxbde"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wtbchkxbde..vbs [2013-9-22 73266]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2013-4-16 704032]
VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\vrtoolcheckorder.exe /autostart [2014-1-9 1137664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys;c:\program files\NetLimiter 3\nltdi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - CDFS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-02 06:02 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
2014-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-01-20 877600]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-25 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-25 354464]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-02 496160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"wtbchkxbde"="wscript.exe" [2009-07-14 168960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com.ph/intl/en/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.20.10.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-22 04:04:36
ComboFix-quarantined-files.txt 2014-04-22 02:04
ComboFix2.txt 2014-04-20 23:42
.
Vor Suchlauf: 23 Verzeichnis(se), 32.880.988.160 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 32.620.032.000 Bytes frei
.
- - End Of File - - 46C200F9369BDCE1A9C3EF3BBBCCAF62
Mir ist übrigens aufgefallen dass meine Dokumente und Einstellungen undDocuments and Settings jetzt versteckt sind und der Zugriff verweigert wird, ausserdem habe ich einen 2. Programme-Ordner der auch versteckt ist und auf den nicht zugegriffen werden kann. |
|
22.04.2014, 14:22
| #18 |
| /// the machine /// TB-Ausbilder | Flash Drive Shortcut Virus wtbchkxbde..vbs Die ordner sind bestimmt leicht ausgegraut oder? Das ist normal.
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
22.04.2014, 16:35
| #19 |
| | Flash Drive Shortcut Virus wtbchkxbde..vbs Stimmt, Ordner sind nicht versteckt sondern ausgegraut. TDSSKiller: Code:
ATTFilter 17:29:54.0467 7080 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:29:54.0486 7080 ============================================================
17:29:54.0486 7080 Current date / time: 2014/04/22 17:29:54.0486
17:29:54.0487 7080 SystemInfo:
17:29:54.0487 7080
17:29:54.0487 7080 OS Version: 6.1.7600 ServicePack: 0.0
17:29:54.0487 7080 Product type: Workstation
17:29:54.0487 7080 ComputerName: FRANZ-PC
17:29:54.0487 7080 UserName: Franz
17:29:54.0487 7080 Windows directory: C:\Windows
17:29:54.0487 7080 System windows directory: C:\Windows
17:29:54.0487 7080 Running under WOW64
17:29:54.0487 7080 Processor architecture: Intel x64
17:29:54.0487 7080 Number of processors: 4
17:29:54.0487 7080 Page size: 0x1000
17:29:54.0487 7080 Boot type: Normal boot
17:29:54.0487 7080 ============================================================
17:29:55.0156 7080 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:29:55.0632 7080 Drive \Device\Harddisk1\DR1 - Size: 0x3A9440000 (14.64 Gb), SectorSize: 0x200, Cylinders: 0x777, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:29:55.0637 7080 ============================================================
17:29:55.0637 7080 \Device\Harddisk0\DR0:
17:29:55.0638 7080 MBR partitions:
17:29:55.0638 7080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
17:29:55.0638 7080 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x389EF030
17:29:55.0638 7080 \Device\Harddisk1\DR1:
17:29:55.0639 7080 MBR partitions:
17:29:55.0639 7080 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1D48280
17:29:55.0639 7080 ============================================================
17:29:55.0693 7080 C: <-> \Device\Harddisk0\DR0\Partition2
17:29:55.0694 7080 ============================================================
17:29:55.0694 7080 Initialize success
17:29:55.0694 7080 ============================================================
17:30:18.0095 7020 ============================================================
17:30:18.0095 7020 Scan started
17:30:18.0095 7020 Mode: Manual; SigCheck; TDLFS;
17:30:18.0095 7020 ============================================================
17:30:18.0303 7020 ================ Scan system memory ========================
17:30:18.0304 7020 System memory - ok
17:30:18.0304 7020 ================ Scan services =============================
17:30:18.0480 7020 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:30:18.0586 7020 1394ohci - ok
17:30:18.0617 7020 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
17:30:18.0636 7020 ACPI - ok
17:30:18.0671 7020 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
17:30:18.0729 7020 AcpiPmi - ok
17:30:18.0766 7020 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:30:18.0839 7020 adp94xx - ok
17:30:18.0875 7020 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:30:18.0904 7020 adpahci - ok
17:30:18.0930 7020 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:30:18.0954 7020 adpu320 - ok
17:30:18.0973 7020 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:30:19.0029 7020 AeLookupSvc - ok
17:30:19.0097 7020 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
17:30:19.0167 7020 AFD - ok
17:30:19.0195 7020 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
17:30:19.0223 7020 agp440 - ok
17:30:19.0278 7020 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:30:19.0358 7020 ALG - ok
17:30:19.0422 7020 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
17:30:19.0450 7020 aliide - ok
17:30:19.0534 7020 [ 671D9DCA48DA807780D8409C18ED0AE0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:30:19.0635 7020 AMD External Events Utility - ok
17:30:19.0689 7020 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
17:30:19.0709 7020 amdide - ok
17:30:19.0749 7020 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:30:19.0795 7020 AmdK8 - ok
17:30:19.0984 7020 [ D3E6B2E1394D93FE9DB0BA24814B0D8F ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
17:30:20.0349 7020 amdkmdag - ok
17:30:20.0413 7020 [ CC4D915D786D3DA973B2EA9B95D59A29 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:30:20.0450 7020 amdkmdap - ok
17:30:20.0502 7020 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:30:20.0615 7020 AmdPPM - ok
17:30:20.0652 7020 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:30:20.0686 7020 amdsata - ok
17:30:20.0721 7020 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:30:20.0770 7020 amdsbs - ok
17:30:20.0783 7020 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:30:20.0815 7020 amdxata - ok
17:30:20.0859 7020 [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
17:30:20.0901 7020 AmUStor - ok
17:30:21.0034 7020 [ 4D282B9C5BB05DF92C9F3977DFB9F916 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:30:21.0061 7020 AntiVirSchedulerService - ok
17:30:21.0086 7020 [ 65AF41A7A2C5B6693E1B4164E7632C3E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:30:21.0107 7020 AntiVirService - ok
17:30:21.0164 7020 [ 6F9EF180BB9CEC92D3E8EC9163748DE5 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
17:30:21.0341 7020 ApfiltrService - ok
17:30:21.0374 7020 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
17:30:21.0415 7020 AppID - ok
17:30:21.0449 7020 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:30:21.0550 7020 AppIDSvc - ok
17:30:21.0587 7020 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
17:30:21.0626 7020 Appinfo - ok
17:30:21.0754 7020 [ 221564CC7BE37611FE15EACF443E1BF6 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:30:21.0775 7020 Apple Mobile Device - ok
17:30:21.0840 7020 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:30:21.0868 7020 arc - ok
17:30:21.0902 7020 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:30:21.0930 7020 arcsas - ok
17:30:22.0035 7020 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:30:22.0067 7020 aspnet_state - ok
17:30:22.0094 7020 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:30:22.0172 7020 AsyncMac - ok
17:30:22.0207 7020 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
17:30:22.0223 7020 atapi - ok
17:30:22.0258 7020 [ 1C60A629AD4FFD06D80CD522B92CDB7C ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
17:30:22.0285 7020 AthBTPort - ok
17:30:22.0316 7020 [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys
17:30:22.0525 7020 ATHDFU - ok
17:30:22.0561 7020 [ A31F72621C938048CBA02E82542F0715 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
17:30:22.0604 7020 AtherosSvc ( UnsignedFile.Multi.Generic ) - warning
17:30:22.0604 7020 AtherosSvc - detected UnsignedFile.Multi.Generic (1)
17:30:22.0703 7020 [ 70260C7C98CC0101316F5B2650C3BB44 ] athr C:\Windows\system32\DRIVERS\athrx.sys
17:30:22.0830 7020 athr - ok
17:30:22.0874 7020 [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
17:30:23.0057 7020 AtiHdmiService - ok
17:30:23.0102 7020 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:30:23.0167 7020 AudioEndpointBuilder - ok
17:30:23.0178 7020 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:30:23.0225 7020 AudioSrv - ok
17:30:23.0266 7020 [ 7806BFCD1D7FA5EC23F7324D4EAFD25B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:30:23.0471 7020 avgntflt - ok
17:30:23.0591 7020 [ C3A58DBD18786C338126D30BF8C33D72 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:30:23.0795 7020 avipbb - ok
17:30:23.0886 7020 [ 390184FAD8FCC1B6DA25AEBAE928C3B6 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:30:24.0077 7020 avkmgr - ok
17:30:24.0116 7020 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:30:24.0205 7020 AxInstSV - ok
17:30:24.0250 7020 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:30:24.0305 7020 b06bdrv - ok
17:30:24.0338 7020 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:30:24.0372 7020 b57nd60a - ok
17:30:24.0412 7020 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
17:30:24.0531 7020 BCM43XX - ok
17:30:24.0554 7020 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:30:24.0593 7020 BDESVC - ok
17:30:24.0630 7020 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:30:24.0696 7020 Beep - ok
17:30:24.0743 7020 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
17:30:24.0847 7020 BFE - ok
17:30:24.0887 7020 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
17:30:24.0957 7020 BITS - ok
17:30:24.0986 7020 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:30:25.0034 7020 blbdrive - ok
17:30:25.0119 7020 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:30:25.0143 7020 Bonjour Service - ok
17:30:25.0183 7020 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:30:25.0238 7020 bowser - ok
17:30:25.0284 7020 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:30:25.0324 7020 BrFiltLo - ok
17:30:25.0328 7020 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:30:25.0353 7020 BrFiltUp - ok
17:30:25.0394 7020 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:30:25.0451 7020 BridgeMP - ok
17:30:25.0475 7020 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
17:30:25.0490 7020 Browser - ok
17:30:25.0518 7020 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:30:25.0545 7020 Brserid - ok
17:30:25.0560 7020 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:30:25.0609 7020 BrSerWdm - ok
17:30:25.0651 7020 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:30:25.0708 7020 BrUsbMdm - ok
17:30:25.0713 7020 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:30:25.0741 7020 BrUsbSer - ok
17:30:25.0786 7020 [ 89F5586E80B42CA4E98B3EFDAFCAD1B8 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
17:30:25.0823 7020 BTATH_A2DP - ok
17:30:25.0854 7020 [ BC14A513C0120919A019E18061FACA46 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
17:30:26.0013 7020 BTATH_BUS - ok
17:30:26.0025 7020 [ 76E867C34242D16E3418AA9A9430D96A ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
17:30:26.0209 7020 BTATH_HCRP - ok
17:30:26.0225 7020 [ 6409827297DAF3699643E9F6EC5C2CD2 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
17:30:26.0244 7020 BTATH_LWFLT - ok
17:30:26.0251 7020 [ 2B53167C52A1730A59EDFD3C83DEFF70 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
17:30:26.0273 7020 BTATH_RCP - ok
17:30:26.0305 7020 [ 9B014E62BD3541812A0B2A46459B31D7 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
17:30:26.0324 7020 BtFilter - ok
17:30:26.0367 7020 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:30:26.0417 7020 BthEnum - ok
17:30:26.0448 7020 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:30:26.0494 7020 BTHMODEM - ok
17:30:26.0539 7020 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:30:26.0569 7020 BthPan - ok
17:30:26.0603 7020 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:30:26.0660 7020 BTHPORT - ok
17:30:26.0707 7020 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:30:26.0800 7020 bthserv - ok
17:30:26.0820 7020 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:30:26.0840 7020 BTHUSB - ok
17:30:26.0859 7020 catchme - ok
17:30:26.0884 7020 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:30:26.0958 7020 cdfs - ok
17:30:26.0998 7020 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:30:27.0057 7020 cdrom - ok
17:30:27.0094 7020 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
17:30:27.0185 7020 CertPropSvc - ok
17:30:27.0225 7020 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:30:27.0262 7020 circlass - ok
17:30:27.0297 7020 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:30:27.0355 7020 CLFS - ok
17:30:27.0424 7020 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:30:27.0462 7020 clr_optimization_v2.0.50727_32 - ok
17:30:27.0479 7020 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:30:27.0516 7020 clr_optimization_v2.0.50727_64 - ok
17:30:27.0598 7020 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:30:27.0627 7020 clr_optimization_v4.0.30319_32 - ok
17:30:27.0642 7020 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:30:27.0672 7020 clr_optimization_v4.0.30319_64 - ok
17:30:27.0691 7020 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:30:27.0727 7020 CmBatt - ok
17:30:27.0751 7020 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
17:30:27.0772 7020 cmdide - ok
17:30:27.0813 7020 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
17:30:27.0898 7020 CNG - ok
17:30:27.0938 7020 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:30:27.0970 7020 Compbatt - ok
17:30:27.0984 7020 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:30:28.0019 7020 CompositeBus - ok
17:30:28.0030 7020 COMSysApp - ok
17:30:28.0042 7020 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:30:28.0059 7020 crcdisk - ok
17:30:28.0105 7020 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:30:28.0146 7020 CryptSvc - ok
17:30:28.0196 7020 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:30:28.0298 7020 DcomLaunch - ok
17:30:28.0325 7020 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:30:28.0442 7020 defragsvc - ok
17:30:28.0484 7020 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:30:28.0528 7020 DfsC - ok
17:30:28.0578 7020 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
17:30:28.0635 7020 Dhcp - ok
17:30:28.0688 7020 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:30:28.0807 7020 discache - ok
17:30:28.0856 7020 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:30:28.0894 7020 Disk - ok
17:30:28.0918 7020 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:30:28.0958 7020 Dnscache - ok
17:30:28.0994 7020 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
17:30:29.0087 7020 dot3svc - ok
17:30:29.0103 7020 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
17:30:29.0173 7020 DPS - ok
17:30:29.0207 7020 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:30:29.0241 7020 drmkaud - ok
17:30:29.0302 7020 [ 2643274535FC1770DAA9B73346A027B8 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
17:30:29.0522 7020 DsiWMIService - ok
17:30:29.0625 7020 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:30:29.0663 7020 DXGKrnl - ok
17:30:29.0718 7020 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:30:29.0788 7020 EapHost - ok
17:30:29.0906 7020 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:30:30.0078 7020 ebdrv - ok
17:30:30.0109 7020 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
17:30:30.0152 7020 EFS - ok
17:30:30.0224 7020 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:30:30.0293 7020 ehRecvr - ok
17:30:30.0323 7020 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:30:30.0363 7020 ehSched - ok
17:30:30.0416 7020 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:30:30.0492 7020 elxstor - ok
17:30:30.0580 7020 [ DA751BD36852BB7F4515DFC9EE213245 ] ePowerSvc C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
17:30:30.0802 7020 ePowerSvc - ok
17:30:30.0905 7020 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
17:30:30.0948 7020 ErrDev - ok
17:30:31.0013 7020 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:30:31.0104 7020 EventSystem - ok
17:30:31.0154 7020 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:30:31.0216 7020 exfat - ok
17:30:31.0223 7020 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:30:31.0278 7020 fastfat - ok
17:30:31.0324 7020 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
17:30:31.0359 7020 Fax - ok
17:30:31.0404 7020 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:30:31.0436 7020 fdc - ok
17:30:31.0460 7020 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:30:31.0511 7020 fdPHost - ok
17:30:31.0531 7020 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:30:31.0581 7020 FDResPub - ok
17:30:31.0596 7020 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:30:31.0615 7020 FileInfo - ok
17:30:31.0624 7020 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:30:31.0687 7020 Filetrace - ok
17:30:31.0714 7020 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:30:31.0735 7020 flpydisk - ok
17:30:31.0753 7020 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:30:31.0788 7020 FltMgr - ok
17:30:31.0860 7020 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
17:30:31.0940 7020 FontCache - ok
17:30:31.0988 7020 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:30:32.0016 7020 FontCache3.0.0.0 - ok
17:30:32.0041 7020 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:30:32.0061 7020 FsDepends - ok
17:30:32.0095 7020 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:30:32.0111 7020 Fs_Rec - ok
17:30:32.0160 7020 [ 1F44F8559E61A8306ECC67BB1E168B7C ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:30:32.0214 7020 fvevol - ok
17:30:32.0251 7020 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:30:32.0270 7020 gagp30kx - ok
17:30:32.0303 7020 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:30:32.0333 7020 GEARAspiWDM - ok
17:30:32.0368 7020 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
17:30:32.0450 7020 gpsvc - ok
17:30:32.0525 7020 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:30:32.0537 7020 gupdate - ok
17:30:32.0542 7020 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:30:32.0553 7020 gupdatem - ok
17:30:32.0581 7020 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:30:32.0614 7020 hcw85cir - ok
17:30:32.0636 7020 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:30:32.0682 7020 HdAudAddService - ok
17:30:32.0704 7020 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:30:32.0755 7020 HDAudBus - ok
17:30:32.0801 7020 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:30:32.0985 7020 HECIx64 - ok
17:30:33.0004 7020 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:30:33.0041 7020 HidBatt - ok
17:30:33.0051 7020 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:30:33.0087 7020 HidBth - ok
17:30:33.0092 7020 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:30:33.0129 7020 HidIr - ok
17:30:33.0154 7020 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:30:33.0234 7020 hidserv - ok
17:30:33.0278 7020 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:30:33.0315 7020 HidUsb - ok
17:30:33.0338 7020 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:30:33.0418 7020 hkmsvc - ok
17:30:33.0434 7020 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:30:33.0484 7020 HomeGroupListener - ok
17:30:33.0522 7020 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:30:33.0546 7020 HomeGroupProvider - ok
17:30:33.0591 7020 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
17:30:33.0629 7020 HpSAMD - ok
17:30:33.0666 7020 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:30:33.0731 7020 HTTP - ok
17:30:33.0742 7020 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:30:33.0760 7020 hwpolicy - ok
17:30:33.0783 7020 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:30:33.0808 7020 i8042prt - ok
17:30:33.0836 7020 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:30:34.0029 7020 iaStor - ok
17:30:34.0084 7020 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:30:34.0137 7020 iaStorV - ok
17:30:34.0201 7020 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:30:34.0314 7020 idsvc - ok
17:30:34.0589 7020 [ 09CE164AFA8483E41808784D7FCA154E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:30:35.0012 7020 igfx - ok
17:30:35.0055 7020 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:30:35.0074 7020 iirsp - ok
17:30:35.0115 7020 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
17:30:35.0190 7020 IKEEXT - ok
17:30:35.0269 7020 [ 3EDD3CE185DA3E6AAEC22ADCFD7B1D54 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:30:35.0539 7020 IntcAzAudAddService - ok
17:30:35.0621 7020 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:30:35.0645 7020 intelide - ok
17:30:35.0898 7020 [ 09CE164AFA8483E41808784D7FCA154E ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
17:30:36.0251 7020 intelkmd - ok
17:30:36.0283 7020 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:30:36.0323 7020 intelppm - ok
17:30:36.0353 7020 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:30:36.0421 7020 IPBusEnum - ok
17:30:36.0435 7020 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:30:36.0484 7020 IpFilterDriver - ok
17:30:36.0526 7020 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:30:36.0590 7020 iphlpsvc - ok
17:30:36.0599 7020 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:30:36.0625 7020 IPMIDRV - ok
17:30:36.0644 7020 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:30:36.0715 7020 IPNAT - ok
17:30:36.0779 7020 [ 842D1EDD0F2A6E0E6631BB96BAAA01DE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:30:36.0798 7020 iPod Service - ok
17:30:36.0830 7020 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:30:36.0854 7020 IRENUM - ok
17:30:36.0873 7020 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
17:30:36.0892 7020 isapnp - ok
17:30:36.0913 7020 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:30:36.0940 7020 iScsiPrt - ok
17:30:36.0966 7020 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:30:36.0986 7020 kbdclass - ok
17:30:37.0027 7020 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:30:37.0071 7020 kbdhid - ok
17:30:37.0086 7020 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
17:30:37.0100 7020 KeyIso - ok
17:30:37.0136 7020 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:30:37.0175 7020 KSecDD - ok
17:30:37.0192 7020 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:30:37.0229 7020 KSecPkg - ok
17:30:37.0254 7020 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:30:37.0326 7020 ksthunk - ok
17:30:37.0369 7020 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:30:37.0464 7020 KtmRm - ok
17:30:37.0523 7020 [ 39918DB0EFCF045A1CE6FABBF339F975 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
17:30:37.0681 7020 L1C - ok
17:30:37.0712 7020 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
17:30:37.0732 7020 L1E - ok
17:30:37.0771 7020 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:30:37.0794 7020 LanmanServer - ok
17:30:37.0821 7020 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:30:37.0888 7020 LanmanWorkstation - ok
17:30:37.0920 7020 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:30:37.0970 7020 lltdio - ok
17:30:38.0002 7020 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:30:38.0119 7020 lltdsvc - ok
17:30:38.0135 7020 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:30:38.0192 7020 lmhosts - ok
17:30:38.0268 7020 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:30:38.0474 7020 LMS - ok
17:30:38.0583 7020 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:30:38.0620 7020 LSI_FC - ok
17:30:38.0627 7020 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:30:38.0659 7020 LSI_SAS - ok
17:30:38.0667 7020 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:30:38.0683 7020 LSI_SAS2 - ok
17:30:38.0689 7020 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:30:38.0710 7020 LSI_SCSI - ok
17:30:38.0732 7020 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:30:38.0789 7020 luafv - ok
17:30:38.0820 7020 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:30:38.0857 7020 Mcx2Svc - ok
17:30:38.0871 7020 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:30:38.0891 7020 megasas - ok
17:30:38.0898 7020 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:30:38.0928 7020 MegaSR - ok
17:30:39.0001 7020 Microsoft SharePoint Workspace Audit Service - ok
17:30:39.0045 7020 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:30:39.0132 7020 MMCSS - ok
17:30:39.0167 7020 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:30:39.0270 7020 Modem - ok
17:30:39.0295 7020 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:30:39.0329 7020 monitor - ok
17:30:39.0356 7020 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:30:39.0381 7020 mouclass - ok
17:30:39.0418 7020 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:30:39.0448 7020 mouhid - ok
17:30:39.0491 7020 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:30:39.0525 7020 mountmgr - ok
17:30:39.0568 7020 [ C956DFD0C0BC91625EC4193579488054 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:30:39.0583 7020 MozillaMaintenance - ok
17:30:39.0599 7020 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
17:30:39.0624 7020 mpio - ok
17:30:39.0650 7020 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:30:39.0723 7020 mpsdrv - ok
17:30:39.0785 7020 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:30:39.0908 7020 MpsSvc - ok
17:30:39.0924 7020 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:30:39.0982 7020 MRxDAV - ok
17:30:40.0014 7020 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:30:40.0045 7020 mrxsmb - ok
17:30:40.0070 7020 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:30:40.0121 7020 mrxsmb10 - ok
17:30:40.0134 7020 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:30:40.0169 7020 mrxsmb20 - ok
17:30:40.0213 7020 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
17:30:40.0231 7020 msahci - ok
17:30:40.0237 7020 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
17:30:40.0259 7020 msdsm - ok
17:30:40.0283 7020 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:30:40.0307 7020 MSDTC - ok
17:30:40.0336 7020 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:30:40.0384 7020 Msfs - ok
17:30:40.0395 7020 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:30:40.0449 7020 mshidkmdf - ok
17:30:40.0460 7020 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
17:30:40.0477 7020 msisadrv - ok
17:30:40.0520 7020 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:30:40.0599 7020 MSiSCSI - ok
17:30:40.0603 7020 msiserver - ok
17:30:40.0635 7020 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:30:40.0683 7020 MSKSSRV - ok
17:30:40.0711 7020 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:30:40.0775 7020 MSPCLOCK - ok
17:30:40.0779 7020 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:30:40.0835 7020 MSPQM - ok
17:30:40.0858 7020 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:30:40.0884 7020 MsRPC - ok
17:30:40.0895 7020 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:30:40.0906 7020 mssmbios - ok
17:30:40.0924 7020 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:30:40.0977 7020 MSTEE - ok
17:30:40.0982 7020 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:30:41.0010 7020 MTConfig - ok
17:30:41.0030 7020 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:30:41.0049 7020 Mup - ok
17:30:41.0082 7020 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
17:30:41.0130 7020 napagent - ok
17:30:41.0177 7020 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:30:41.0209 7020 NativeWifiP - ok
17:30:41.0239 7020 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:30:41.0266 7020 NDIS - ok
17:30:41.0283 7020 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:30:41.0337 7020 NdisCap - ok
17:30:41.0367 7020 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:30:41.0424 7020 NdisTapi - ok
17:30:41.0454 7020 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:30:41.0516 7020 Ndisuio - ok
17:30:41.0561 7020 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:30:41.0613 7020 NdisWan - ok
17:30:41.0618 7020 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:30:41.0676 7020 NDProxy - ok
17:30:41.0738 7020 [ EE00C544C025958AF50C7B199F3C8595 ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
17:30:41.0787 7020 Netaapl - ok
17:30:41.0823 7020 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:30:41.0895 7020 NetBIOS - ok
17:30:41.0918 7020 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:30:41.0985 7020 NetBT - ok
17:30:42.0009 7020 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
17:30:42.0023 7020 Netlogon - ok
17:30:42.0086 7020 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:30:42.0191 7020 Netman - ok
17:30:42.0233 7020 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:30:42.0258 7020 NetMsmqActivator - ok
17:30:42.0264 7020 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:30:42.0277 7020 NetPipeActivator - ok
17:30:42.0315 7020 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:30:42.0374 7020 netprofm - ok
17:30:42.0379 7020 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:30:42.0390 7020 NetTcpActivator - ok
17:30:42.0394 7020 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:30:42.0406 7020 NetTcpPortSharing - ok
17:30:42.0441 7020 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:30:42.0463 7020 nfrd960 - ok
17:30:42.0511 7020 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:30:42.0629 7020 NlaSvc - ok
17:30:42.0658 7020 [ AD42FB061166AF0643806800304BD76F ] NLNdisMP C:\Windows\system32\DRIVERS\nlndis.sys
17:30:42.0829 7020 NLNdisMP - ok
17:30:42.0840 7020 [ AD42FB061166AF0643806800304BD76F ] NLNdisPT C:\Windows\system32\DRIVERS\nlndis.sys
17:30:43.0021 7020 NLNdisPT - ok
17:30:43.0082 7020 [ 6988373E38223438B09F0C27D7E67393 ] nlsvc C:\Program Files\NetLimiter 3\nlsvc.exe
17:30:43.0130 7020 nlsvc ( UnsignedFile.Multi.Generic ) - warning
17:30:43.0130 7020 nlsvc - detected UnsignedFile.Multi.Generic (1)
17:30:43.0142 7020 [ 75E6581DE9A0B155EDAB6807E668BE06 ] nltdi C:\Program Files\NetLimiter 3\nltdi.sys
17:30:43.0319 7020 nltdi - ok
17:30:43.0348 7020 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:30:43.0436 7020 Npfs - ok
17:30:43.0470 7020 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:30:43.0527 7020 nsi - ok
17:30:43.0547 7020 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:30:43.0590 7020 nsiproxy - ok
17:30:43.0664 7020 [ 9A6089B056EA1B83B36424FC9D0A300E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:30:43.0754 7020 Ntfs - ok
17:30:43.0824 7020 [ 5B3CE960C62DBE864BE9A0BD043A3E30 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
17:30:43.0871 7020 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning
17:30:43.0871 7020 NTI IScheduleSvc - detected UnsignedFile.Multi.Generic (1)
17:30:43.0900 7020 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
17:30:44.0072 7020 NTIDrvr - ok
17:30:44.0102 7020 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:30:44.0147 7020 Null - ok
17:30:44.0194 7020 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:30:44.0229 7020 nvraid - ok
17:30:44.0247 7020 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:30:44.0277 7020 nvstor - ok
17:30:44.0317 7020 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
17:30:44.0362 7020 nv_agp - ok
17:30:44.0379 7020 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:30:44.0420 7020 ohci1394 - ok
17:30:44.0505 7020 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:30:44.0545 7020 ose64 - ok
17:30:44.0718 7020 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:30:44.0925 7020 osppsvc - ok
17:30:44.0962 7020 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:30:45.0004 7020 p2pimsvc - ok
17:30:45.0027 7020 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:30:45.0078 7020 p2psvc - ok
17:30:45.0095 7020 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:30:45.0119 7020 Parport - ok
17:30:45.0157 7020 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:30:45.0180 7020 partmgr - ok
17:30:45.0200 7020 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:30:45.0243 7020 PcaSvc - ok
17:30:45.0269 7020 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
17:30:45.0288 7020 pci - ok
17:30:45.0302 7020 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
17:30:45.0320 7020 pciide - ok
17:30:45.0327 7020 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:30:45.0350 7020 pcmcia - ok
17:30:45.0362 7020 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:30:45.0380 7020 pcw - ok
17:30:45.0410 7020 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:30:45.0517 7020 PEAUTH - ok
17:30:45.0603 7020 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:30:45.0654 7020 PerfHost - ok
17:30:45.0723 7020 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
17:30:45.0876 7020 pla - ok
17:30:45.0919 7020 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:30:45.0939 7020 PlugPlay - ok
17:30:45.0953 7020 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:30:45.0983 7020 PNRPAutoReg - ok
17:30:46.0007 7020 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:30:46.0024 7020 PNRPsvc - ok
17:30:46.0059 7020 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:30:46.0131 7020 PolicyAgent - ok
17:30:46.0160 7020 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:30:46.0246 7020 Power - ok
17:30:46.0286 7020 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:30:46.0379 7020 PptpMiniport - ok
17:30:46.0392 7020 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:30:46.0422 7020 Processor - ok
17:30:46.0454 7020 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
17:30:46.0476 7020 ProfSvc - ok
17:30:46.0487 7020 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:30:46.0505 7020 ProtectedStorage - ok
17:30:46.0530 7020 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:30:46.0574 7020 Psched - ok
17:30:46.0617 7020 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:30:46.0742 7020 ql2300 - ok
17:30:46.0758 7020 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:30:46.0787 7020 ql40xx - ok
17:30:46.0819 7020 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:30:46.0880 7020 QWAVE - ok
17:30:46.0894 7020 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:30:46.0938 7020 QWAVEdrv - ok
17:30:46.0956 7020 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:30:47.0004 7020 RasAcd - ok
17:30:47.0041 7020 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:30:47.0138 7020 RasAgileVpn - ok
17:30:47.0187 7020 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:30:47.0271 7020 RasAuto - ok
17:30:47.0303 7020 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:30:47.0365 7020 Rasl2tp - ok
17:30:47.0412 7020 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
17:30:47.0516 7020 RasMan - ok
17:30:47.0539 7020 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:30:47.0639 7020 RasPppoe - ok
17:30:47.0659 7020 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:30:47.0725 7020 RasSstp - ok
17:30:47.0758 7020 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:30:47.0821 7020 rdbss - ok
17:30:47.0840 7020 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:30:47.0863 7020 rdpbus - ok
17:30:47.0873 7020 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:30:47.0916 7020 RDPCDD - ok
17:30:47.0927 7020 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:30:47.0986 7020 RDPENCDD - ok
17:30:47.0991 7020 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:30:48.0045 7020 RDPREFMP - ok
17:30:48.0081 7020 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:30:48.0138 7020 RDPWD - ok
17:30:48.0184 7020 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:30:48.0226 7020 rdyboost - ok
17:30:48.0250 7020 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:30:48.0320 7020 RemoteAccess - ok
17:30:48.0349 7020 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:30:48.0418 7020 RemoteRegistry - ok
17:30:48.0459 7020 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:30:48.0502 7020 RFCOMM - ok
17:30:48.0545 7020 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:30:48.0632 7020 RpcEptMapper - ok
17:30:48.0656 7020 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:30:48.0685 7020 RpcLocator - ok
17:30:48.0704 7020 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
17:30:48.0753 7020 RpcSs - ok
17:30:48.0785 7020 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:30:48.0849 7020 rspndr - ok
17:30:48.0909 7020 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
17:30:49.0056 7020 RS_Service - ok
17:30:49.0064 7020 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
17:30:49.0078 7020 SamSs - ok
17:30:49.0109 7020 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
17:30:49.0130 7020 sbp2port - ok
17:30:49.0159 7020 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:30:49.0245 7020 SCardSvr - ok
17:30:49.0260 7020 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:30:49.0320 7020 scfilter - ok
17:30:49.0364 7020 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
17:30:49.0424 7020 Schedule - ok
17:30:49.0449 7020 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:30:49.0499 7020 SCPolicySvc - ok
17:30:49.0533 7020 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:30:49.0576 7020 SDRSVC - ok
17:30:49.0601 7020 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:30:49.0647 7020 secdrv - ok
17:30:49.0659 7020 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
17:30:49.0717 7020 seclogon - ok
17:30:49.0747 7020 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:30:49.0799 7020 SENS - ok
17:30:49.0849 7020 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:30:49.0880 7020 SensrSvc - ok
17:30:49.0927 7020 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:30:49.0946 7020 Serenum - ok
17:30:49.0958 7020 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:30:49.0993 7020 Serial - ok
17:30:50.0023 7020 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:30:50.0052 7020 sermouse - ok
17:30:50.0088 7020 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
17:30:50.0134 7020 SessionEnv - ok
17:30:50.0139 7020 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:30:50.0170 7020 sffdisk - ok
17:30:50.0190 7020 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:30:50.0218 7020 sffp_mmc - ok
17:30:50.0222 7020 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:30:50.0242 7020 sffp_sd - ok
17:30:50.0248 7020 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:30:50.0275 7020 sfloppy - ok
17:30:50.0316 7020 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:30:50.0429 7020 SharedAccess - ok
17:30:50.0456 7020 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:30:50.0490 7020 ShellHWDetection - ok
17:30:50.0521 7020 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:30:50.0538 7020 SiSRaid2 - ok
17:30:50.0557 7020 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:30:50.0576 7020 SiSRaid4 - ok
17:30:50.0632 7020 [ 50D9949020E02B847CD48F1243FCB895 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:30:50.0726 7020 SkypeUpdate - ok
17:30:50.0760 7020 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:30:50.0849 7020 Smb - ok
17:30:50.0893 7020 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:30:50.0938 7020 SNMPTRAP - ok
17:30:50.0963 7020 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:30:50.0990 7020 spldr - ok
17:30:51.0028 7020 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
17:30:51.0060 7020 Spooler - ok
17:30:51.0164 7020 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
17:30:51.0305 7020 sppsvc - ok
17:30:51.0323 7020 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:30:51.0385 7020 sppuinotify - ok
17:30:51.0419 7020 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:30:51.0457 7020 srv - ok
17:30:51.0476 7020 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:30:51.0513 7020 srv2 - ok
17:30:51.0543 7020 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:30:51.0576 7020 srvnet - ok
17:30:51.0618 7020 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:30:51.0691 7020 SSDPSRV - ok
17:30:51.0702 7020 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:30:51.0751 7020 SstpSvc - ok
17:30:51.0773 7020 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:30:51.0806 7020 stexstor - ok
17:30:51.0829 7020 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
17:30:51.0867 7020 StillCam - ok
17:30:51.0903 7020 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
17:30:51.0967 7020 stisvc - ok
17:30:51.0985 7020 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:30:52.0009 7020 swenum - ok
17:30:52.0047 7020 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:30:52.0140 7020 swprv - ok
17:30:52.0183 7020 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
17:30:52.0258 7020 SysMain - ok
17:30:52.0290 7020 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:30:52.0320 7020 TabletInputService - ok
17:30:52.0353 7020 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
17:30:52.0431 7020 TapiSrv - ok
17:30:52.0444 7020 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:30:52.0498 7020 TBS - ok
17:30:52.0575 7020 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:30:52.0662 7020 Tcpip - ok
17:30:52.0701 7020 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:30:52.0755 7020 TCPIP6 - ok
17:30:52.0793 7020 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:30:52.0843 7020 tcpipreg - ok
17:30:52.0859 7020 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:30:52.0909 7020 TDPIPE - ok
17:30:52.0927 7020 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:30:52.0957 7020 TDTCP - ok
17:30:52.0976 7020 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:30:53.0062 7020 tdx - ok
17:30:53.0086 7020 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:30:53.0106 7020 TermDD - ok
17:30:53.0138 7020 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
17:30:53.0210 7020 TermService - ok
17:30:53.0253 7020 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:30:53.0270 7020 Themes - ok
17:30:53.0288 7020 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:30:53.0331 7020 THREADORDER - ok
17:30:53.0351 7020 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:30:53.0405 7020 TrkWks - ok
17:30:53.0457 7020 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:30:53.0510 7020 TrustedInstaller - ok
17:30:53.0526 7020 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:30:53.0582 7020 tssecsrv - ok
17:30:53.0623 7020 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:30:53.0687 7020 tunnel - ok
17:30:53.0702 7020 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:30:53.0721 7020 uagp35 - ok
17:30:53.0752 7020 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
17:30:53.0924 7020 UBHelper - ok
17:30:53.0938 7020 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:30:54.0006 7020 udfs - ok
17:30:54.0040 7020 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:30:54.0056 7020 UI0Detect - ok
17:30:54.0066 7020 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
17:30:54.0085 7020 uliagpkx - ok
17:30:54.0124 7020 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:30:54.0157 7020 umbus - ok
17:30:54.0161 7020 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:30:54.0179 7020 UmPass - ok
17:30:54.0310 7020 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:30:54.0560 7020 UNS - ok
17:30:54.0621 7020 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
17:30:54.0844 7020 Updater Service - ok
17:30:54.0857 7020 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:30:54.0913 7020 upnphost - ok
17:30:54.0946 7020 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:30:54.0986 7020 USBAAPL64 - ok
17:30:55.0004 7020 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:30:55.0043 7020 usbccgp - ok
17:30:55.0074 7020 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:30:55.0135 7020 usbcir - ok
17:30:55.0154 7020 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:30:55.0185 7020 usbehci - ok
17:30:55.0213 7020 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:30:55.0254 7020 usbhub - ok
17:30:55.0277 7020 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:30:55.0313 7020 usbohci - ok
17:30:55.0361 7020 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:30:55.0406 7020 usbprint - ok
17:30:55.0441 7020 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:30:55.0477 7020 usbscan - ok
17:30:55.0503 7020 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:30:55.0536 7020 USBSTOR - ok
17:30:55.0558 7020 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:30:55.0607 7020 usbuhci - ok
17:30:55.0651 7020 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:30:55.0698 7020 usbvideo - ok
17:30:55.0718 7020 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:30:55.0783 7020 UxSms - ok
17:30:55.0798 7020 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
17:30:55.0822 7020 VaultSvc - ok
17:30:55.0860 7020 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
17:30:55.0897 7020 vdrvroot - ok
17:30:55.0923 7020 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
17:30:55.0994 7020 vds - ok
17:30:56.0017 7020 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:30:56.0052 7020 vga - ok
17:30:56.0057 7020 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:30:56.0139 7020 VgaSave - ok
17:30:56.0145 7020 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
17:30:56.0173 7020 vhdmp - ok
17:30:56.0177 7020 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
17:30:56.0196 7020 viaide - ok
17:30:56.0210 7020 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
17:30:56.0233 7020 volmgr - ok
17:30:56.0248 7020 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:30:56.0287 7020 volmgrx - ok
17:30:56.0319 7020 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
17:30:56.0349 7020 volsnap - ok
17:30:56.0382 7020 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:30:56.0405 7020 vsmraid - ok
17:30:56.0463 7020 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
17:30:56.0595 7020 VSS - ok
17:30:56.0637 7020 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:30:56.0678 7020 vwifibus - ok
17:30:56.0689 7020 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:30:56.0741 7020 vwififlt - ok
17:30:56.0770 7020 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:30:56.0826 7020 W32Time - ok
17:30:56.0849 7020 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:30:56.0875 7020 WacomPen - ok
17:30:56.0896 7020 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:30:56.0945 7020 WANARP - ok
17:30:56.0949 7020 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:30:56.0990 7020 Wanarpv6 - ok
17:30:57.0080 7020 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:30:57.0212 7020 WatAdminSvc - ok
17:30:57.0287 7020 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
17:30:57.0340 7020 wbengine - ok
17:30:57.0355 7020 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:30:57.0389 7020 WbioSrvc - ok
17:30:57.0427 7020 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:30:57.0478 7020 wcncsvc - ok
17:30:57.0492 7020 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:30:57.0515 7020 WcsPlugInService - ok
17:30:57.0554 7020 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:30:57.0570 7020 Wd - ok
17:30:57.0605 7020 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:30:57.0653 7020 Wdf01000 - ok
17:30:57.0668 7020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:30:57.0700 7020 WdiServiceHost - ok
17:30:57.0707 7020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:30:57.0728 7020 WdiSystemHost - ok
17:30:57.0765 7020 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
17:30:57.0826 7020 WebClient - ok
17:30:57.0861 7020 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:30:57.0937 7020 Wecsvc - ok
17:30:57.0945 7020 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:30:57.0997 7020 wercplsupport - ok
17:30:58.0029 7020 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:30:58.0090 7020 WerSvc - ok
17:30:58.0126 7020 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:30:58.0198 7020 WfpLwf - ok
17:30:58.0218 7020 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:30:58.0237 7020 WIMMount - ok
17:30:58.0261 7020 WinDefend - ok
17:30:58.0269 7020 WinHttpAutoProxySvc - ok
17:30:58.0325 7020 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:30:58.0387 7020 Winmgmt - ok
17:30:58.0450 7020 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
17:30:58.0620 7020 WinRM - ok
17:30:58.0682 7020 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:30:58.0724 7020 WinUsb - ok
17:30:58.0765 7020 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:30:58.0803 7020 Wlansvc - ok
17:30:58.0909 7020 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:30:59.0012 7020 wlidsvc - ok
17:30:59.0054 7020 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:30:59.0068 7020 WmiAcpi - ok
17:30:59.0101 7020 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:30:59.0139 7020 wmiApSrv - ok
17:30:59.0170 7020 WMPNetworkSvc - ok
17:30:59.0198 7020 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:30:59.0221 7020 WPCSvc - ok
17:30:59.0232 7020 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:30:59.0266 7020 WPDBusEnum - ok
17:30:59.0294 7020 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:30:59.0352 7020 ws2ifsl - ok
17:30:59.0387 7020 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
17:30:59.0428 7020 wscsvc - ok
17:30:59.0434 7020 WSearch - ok
17:30:59.0518 7020 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:30:59.0620 7020 wuauserv - ok
17:30:59.0645 7020 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:30:59.0662 7020 WudfPf - ok
17:30:59.0668 7020 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:30:59.0704 7020 WUDFRd - ok
17:30:59.0722 7020 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:30:59.0752 7020 wudfsvc - ok
17:30:59.0786 7020 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:30:59.0847 7020 WwanSvc - ok
17:30:59.0893 7020 ================ Scan global ===============================
17:30:59.0906 7020 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:30:59.0931 7020 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
17:30:59.0939 7020 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
17:30:59.0962 7020 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:30:59.0990 7020 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:30:59.0993 7020 [Global] - ok
17:30:59.0994 7020 ================ Scan MBR ==================================
17:31:00.0010 7020 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:31:00.0447 7020 \Device\Harddisk0\DR0 - ok
17:31:01.0021 7020 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:31:03.0951 7020 \Device\Harddisk1\DR1 - ok
17:31:03.0953 7020 ================ Scan VBR ==================================
17:31:03.0954 7020 [ 413939B23BF5AF1D5254B1C91E95717F ] \Device\Harddisk0\DR0\Partition1
17:31:03.0958 7020 \Device\Harddisk0\DR0\Partition1 - ok
17:31:04.0001 7020 [ 285C32C1FE1855F6EFD81EDC0553CED8 ] \Device\Harddisk0\DR0\Partition2
17:31:04.0003 7020 \Device\Harddisk0\DR0\Partition2 - ok
17:31:04.0008 7020 [ C197AE18746C60A57FFA85CB865EF867 ] \Device\Harddisk1\DR1\Partition1
17:31:04.0010 7020 \Device\Harddisk1\DR1\Partition1 - ok
17:31:04.0010 7020 ============================================================
17:31:04.0010 7020 Scan finished
17:31:04.0010 7020 ============================================================
17:31:04.0020 6536 Detected object count: 3
17:31:04.0020 6536 Actual detected object count: 3
17:31:39.0801 6536 AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:39.0801 6536 AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:39.0802 6536 nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:39.0802 6536 nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:31:39.0803 6536 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:39.0803 6536 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
22.04.2014, 19:24
| #20 |
| /// the machine /// TB-Ausbilder | Flash Drive Shortcut Virus wtbchkxbde..vbs Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter: BleepingComputer.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter Rootkit::
c:\users\Franz\AppData\Roaming\wtbchkxbde..vbs
c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wtbchkxbde"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wtbchkxbde"=-
Wichtig:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.04.2014, 22:29
| #21 |
| | Flash Drive Shortcut Virus wtbchkxbde..vbs neue CombofixTxt: Code:
ATTFilter ComboFix 14-04-20.01 - Franz 22.04.2014 22:51:31.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3764.1949 [GMT 2:00]
ausgeführt von:: c:\users\Franz\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Franz\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-22 bis 2014-04-22 ))))))))))))))))))))))))))))))
.
.
2014-04-22 21:03 . 2014-04-22 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-22 00:40 . 2014-04-22 15:13 -------- d-----w- c:\program files (x86)\Smadav
2014-04-22 00:40 . 2014-04-22 00:40 -------- d-----w- c:\users\Franz\AppData\Roaming\Smadav
2014-04-18 21:16 . 2013-09-22 15:47 73266 ----a-w- c:\users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-04-18 21:14 . 2013-09-22 15:47 73266 ----a-w- c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
2014-04-16 21:46 . 2014-04-16 21:46 -------- d-----w- c:\windows\ERUNT
2014-04-16 21:07 . 2014-04-16 21:10 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-16 21:06 . 2014-04-16 21:06 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-04-16 21:06 . 2014-04-16 21:06 -------- d-----w- c:\programdata\Malwarebytes
2014-04-16 21:06 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-16 21:06 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-16 21:06 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-16 21:06 . 2014-04-16 21:06 -------- d-----w- c:\users\Franz\AppData\Local\Programs
2014-04-16 00:52 . 2014-04-16 00:52 -------- d-----w- c:\programdata\Panda Security
2014-04-16 00:52 . 2014-04-16 00:52 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2014-04-14 08:43 . 2014-04-20 03:21 -------- d-----w- C:\FRST
2014-04-07 07:32 . 2014-04-22 02:41 -------- d-----w- C:\[Smad-Cage]
2014-04-07 07:30 . 2014-04-07 07:30 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2014-04-02 06:19 . 2014-04-02 06:54 -------- d-----w- c:\users\Franz\AppData\Local\NPE
2014-04-02 06:19 . 2014-04-02 06:19 -------- d-----w- c:\programdata\Norton
2014-03-25 07:40 . 2014-03-25 07:40 -------- d-----w- C:\found.001
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-04 12:17 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
"wtbchkxbde"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wtbchkxbde..vbs [2013-9-22 73266]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2013-4-16 704032]
VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\vrtoolcheckorder.exe /autostart [2014-1-9 1137664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys;c:\program files\NetLimiter 3\nltdi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 44255850
*Deregistered* - 44255850
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-02 06:02 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
2014-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-01-20 877600]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-25 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-25 354464]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-02 496160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"wtbchkxbde"="wscript.exe" [2009-07-14 168960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com.ph/intl/en/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.20.10.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-22 23:25:56
ComboFix-quarantined-files.txt 2014-04-22 21:25
ComboFix2.txt 2014-04-22 02:04
ComboFix3.txt 2014-04-20 23:42
.
Vor Suchlauf: 23 Verzeichnis(se), 32.350.367.744 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 32.057.769.984 Bytes frei
.
- - End Of File - - 8ECA954279CF360DC980F7021F069CB9
Geändert von fxak (22.04.2014 um 22:38 Uhr) |
|
23.04.2014, 14:00
| #22 |
| /// the machine /// TB-Ausbilder | Flash Drive Shortcut Virus wtbchkxbde..vbs Ehm, hast Du das Script korrekt erstellt und ausgeführt? Sieht nicht so aus, oder es lief was schief. Bitte nochmal wiederholen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.04.2014, 17:51
| #23 |
| | Flash Drive Shortcut Virus wtbchkxbde..vbs neues combofix-log: Code:
ATTFilter ComboFix 14-04-20.01 - Franz 23.04.2014 18:03:09.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3764.1917 [GMT 2:00]
ausgeführt von:: c:\users\Franz\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Franz\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-23 bis 2014-04-23 ))))))))))))))))))))))))))))))
.
.
2014-04-23 16:16 . 2014-04-23 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-22 00:40 . 2014-04-22 15:13 -------- d-----w- c:\program files (x86)\Smadav
2014-04-22 00:40 . 2014-04-22 00:40 -------- d-----w- c:\users\Franz\AppData\Roaming\Smadav
2014-04-18 21:16 . 2013-09-22 15:47 73266 ----a-w- c:\users\Franz\AppData\Roaming\wtbchkxbde..vbs
2014-04-18 21:14 . 2013-09-22 15:47 73266 ----a-w- c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs
2014-04-16 21:46 . 2014-04-16 21:46 -------- d-----w- c:\windows\ERUNT
2014-04-16 21:07 . 2014-04-16 21:10 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-16 21:06 . 2014-04-16 21:06 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-04-16 21:06 . 2014-04-16 21:06 -------- d-----w- c:\programdata\Malwarebytes
2014-04-16 21:06 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-16 21:06 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-16 21:06 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-16 21:06 . 2014-04-16 21:06 -------- d-----w- c:\users\Franz\AppData\Local\Programs
2014-04-16 00:52 . 2014-04-16 00:52 -------- d-----w- c:\programdata\Panda Security
2014-04-16 00:52 . 2014-04-16 00:52 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2014-04-14 08:43 . 2014-04-20 03:21 -------- d-----w- C:\FRST
2014-04-07 07:32 . 2014-04-22 02:41 -------- d-----w- C:\[Smad-Cage]
2014-04-07 07:30 . 2014-04-07 07:30 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2014-04-02 06:19 . 2014-04-02 06:54 -------- d-----w- c:\users\Franz\AppData\Local\NPE
2014-04-02 06:19 . 2014-04-02 06:19 -------- d-----w- c:\programdata\Norton
2014-03-25 07:40 . 2014-03-25 07:40 -------- d-----w- C:\found.001
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-04 12:17 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
"wtbchkxbde"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wtbchkxbde..vbs [2013-9-22 73266]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2013-4-16 704032]
VR-NetWorld Auftragsprüfung.lnk - c:\program files (x86)\VR-NetWorld\vrtoolcheckorder.exe /autostart [2014-1-9 1137664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys;c:\program files\NetLimiter 3\nltdi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 44255850
*Deregistered* - 44255850
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-23 15:56 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-16 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Franz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-01-20 877600]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-25 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-25 354464]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-02 496160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"wtbchkxbde"="wscript.exe" [2009-07-14 168960]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com.ph/intl/en/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360413h416l0408z115t6741k596
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-23 18:39:23
ComboFix-quarantined-files.txt 2014-04-23 16:39
ComboFix2.txt 2014-04-22 21:26
ComboFix3.txt 2014-04-22 02:04
ComboFix4.txt 2014-04-20 23:42
.
Vor Suchlauf: 23 Verzeichnis(se), 31.837.204.480 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 31.779.074.048 Bytes frei
.
- - End Of File - - B3667FAB6E80868E9703840EB333818F
zur Sicherheit hänge ich mal mein CFScript an falls ich doch was falsch gemacht habe |
|
24.04.2014, 11:31
| #24 |
| /// the machine /// TB-Ausbilder | Flash Drive Shortcut Virus wtbchkxbde..vbs komisch. Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.04.2014, 05:56
| #25 |
| | Flash Drive Shortcut Virus wtbchkxbde..vbs kann FRST nicht starten, bei der 64-bit Version (mein Windows ist 64 bit) kommt frst64.exe ist keine zulässige win-32 Anwendung, bei der 32-bit Version heisst es das zum Unterstützen des Abbildtyps erforderliche Subsystem ist nicht vorhanden |
|
25.04.2014, 19:04
| #26 |
| /// the machine /// TB-Ausbilder | Flash Drive Shortcut Virus wtbchkxbde..vbs Du bist aber in der Recovery?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.04.2014, 22:44
| #27 |
| | Flash Drive Shortcut Virus wtbchkxbde..vbs ja, habe beim Start f8 gedrückt, Computer feparieren, und dann Eingabeaufforderung, richtigen Laufwerksbuchstaben hab ich überprüft. Kann man da irgend was falsch machen? Hab mir auch die Anleitung angeschaut, genau so hab ichs gemacht. |
|
26.04.2014, 15:56
| #28 |
| /// the machine /// TB-Ausbilder | Flash Drive Shortcut Virus wtbchkxbde..vbs Den Fehler kenn ich nur wenn man in Windows ist, AV blockt dann. In der REcovery sollte der nit kommen. FRST vom Stick löschen und neu laden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.04.2014, 22:30
| #29 |
| | Flash Drive Shortcut Virus wtbchkxbde..vbs Ok, jetzt hats komisherweise problemlos funktioniert. FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014 Ran by SYSTEM on MININT-J7V2I8A on 27-04-2014 23:15:56 Running from F:\ Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.) HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9996320 2010-01-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-01-19] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [345648 2010-03-08] (Alps Electric Co., Ltd.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-02-02] (Acer Incorporated) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-08] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [960080 2010-05-25] (Dritek System Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default HKU\Franz\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software) HKU\Franz\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs () ==================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) S2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [820768 2010-02-02] (Acer Incorporated) S2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software) S2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated) ==================== Drivers (Whitelisted) ==================== S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-22] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-22] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG) S1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-24 20:43 - 2014-04-24 20:43 - 01048576 _____ (Farbar) C:\Users\Franz\Desktop\FRST.exe 2014-04-24 20:31 - 2014-04-27 13:10 - 02061824 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe 2014-04-23 08:44 - 2014-04-23 08:44 - 00000341 _____ () C:\Users\Franz\Desktop\CFScript.txt 2014-04-23 08:39 - 2014-04-23 08:39 - 00018305 _____ () C:\ComboFix.txt 2014-04-22 14:27 - 2014-04-22 14:32 - 00000000 ____D () C:\Users\Franz\Desktop\Air Niugini 2014-04-22 07:26 - 2014-04-22 07:27 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Franz\Desktop\tdsskiller.exe 2014-04-21 18:48 - 2014-04-21 19:35 - 00000000 ____D () C:\Users\Franz\Desktop\Projekt 2014-04-21 17:28 - 2014-04-21 17:28 - 05196870 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe 2014-04-21 16:40 - 2014-04-24 20:49 - 00000000 ____D () C:\Program Files (x86)\Smadav 2014-04-21 16:40 - 2014-04-21 16:40 - 00003240 _____ () C:\Windows\System32\Tasks\smadav 2014-04-21 16:40 - 2014-04-21 16:40 - 00000718 _____ () C:\Users\Public\Desktop\SMADΔV.lnk 2014-04-21 16:40 - 2014-04-21 16:40 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Smadav 2014-04-19 19:20 - 2014-04-19 19:21 - 00025978 _____ () C:\Users\Franz\Desktop\FRST.txt 2014-04-18 13:16 - 2013-09-22 07:47 - 00073266 _____ () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs 2014-04-18 13:13 - 2014-04-18 13:13 - 00000000 ____D () C:\Users\Franz\Desktop\FRST-OlderVersion 2014-04-16 13:57 - 2014-04-16 13:59 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt 2014-04-16 13:46 - 2014-04-16 13:46 - 00000000 ____D () C:\Windows\ERUNT 2014-04-16 13:07 - 2014-04-16 13:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-04-16 13:06 - 2014-04-16 13:06 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-16 13:06 - 2014-04-02 23:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2014-04-16 13:06 - 2014-04-02 23:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys 2014-04-16 13:06 - 2014-04-02 23:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2014-04-15 16:56 - 2014-04-23 08:40 - 00000000 ____D () C:\Qoobox 2014-04-15 16:56 - 2014-04-15 17:35 - 00000000 ____D () C:\Windows\erdnt 2014-04-15 16:56 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-15 16:56 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-15 16:56 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-15 16:56 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-15 16:56 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-15 16:56 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-15 16:56 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-15 16:56 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-15 16:52 - 2014-04-15 16:52 - 00000000 ____D () C:\ProgramData\Panda Security 2014-04-15 16:52 - 2014-04-15 16:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine 2014-04-15 16:50 - 2014-04-15 16:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine 2014-04-14 01:21 - 2008-03-21 18:21 - 733980672 ___SH () C:\Users\Franz\Desktop\The Seeker-The Dark is Rising[2007]DvDrip[Eng]-FXG.avi 2014-04-14 01:19 - 2010-01-05 06:04 - 956607690 ___SH () C:\Users\Franz\Desktop\The Marine 2 (2010) DVDR DivXNL-Team.avi 2014-04-14 00:43 - 2014-04-27 23:15 - 00000000 ____D () C:\FRST 2014-04-10 19:39 - 2014-03-04 04:07 - 142602520 _____ (Microsoft Corporation) C:\Users\Franz\Desktop\wlsetup-all_16.4.3508.0205.exe 2014-04-06 23:32 - 2014-04-27 13:07 - 00000000 ____D () C:\[Smad-Cage] 2014-04-06 23:30 - 2014-04-06 23:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files 2014-04-03 00:10 - 2014-04-21 16:27 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD 2014-04-01 22:42 - 2014-04-16 12:12 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir 2014-04-01 22:27 - 2014-04-01 22:27 - 00000000 ____D () C:\Windows\pss 2014-04-01 22:19 - 2014-04-01 22:54 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE 2014-04-01 22:19 - 2014-04-01 22:19 - 00000000 ____D () C:\ProgramData\Norton 2014-04-01 20:29 - 2013-02-01 00:07 - 557660892 _____ () C:\Users\Franz\Desktop\Bavaria Traumreise durch Bayern.mkv 2014-04-01 20:15 - 2013-03-02 20:17 - 3702646581 _____ () C:\Users\Franz\Desktop\Das grüne Wunder - Unser Wald.mkv ==================== One Month Modified Files and Folders ======= 2014-04-27 23:15 - 2014-04-14 00:43 - 00000000 ____D () C:\FRST 2014-04-27 13:12 - 2013-04-16 09:13 - 01998174 _____ () C:\Windows\WindowsUpdate.log 2014-04-27 13:12 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-27 13:12 - 2009-07-13 20:51 - 00089296 _____ () C:\Windows\setupact.log 2014-04-27 13:12 - 2009-07-13 20:45 - 00022672 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-27 13:12 - 2009-07-13 20:45 - 00022672 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-27 13:10 - 2014-04-24 20:31 - 02061824 _____ (Farbar) C:\Users\Franz\Desktop\FRST64.exe 2014-04-27 13:07 - 2014-04-06 23:32 - 00000000 ____D () C:\[Smad-Cage] 2014-04-27 13:06 - 2013-04-16 10:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-27 12:51 - 2013-04-16 10:29 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini 2014-04-27 12:51 - 2013-04-16 10:09 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-24 20:49 - 2014-04-21 16:40 - 00000000 ____D () C:\Program Files (x86)\Smadav 2014-04-24 20:43 - 2014-04-24 20:43 - 01048576 _____ (Farbar) C:\Users\Franz\Desktop\FRST.exe 2014-04-24 20:39 - 2010-05-10 15:15 - 00116164 _____ () C:\Windows\PFRO.log 2014-04-23 08:44 - 2014-04-23 08:44 - 00000341 _____ () C:\Users\Franz\Desktop\CFScript.txt 2014-04-23 08:40 - 2014-04-15 16:56 - 00000000 ____D () C:\Qoobox 2014-04-23 08:39 - 2014-04-23 08:39 - 00018305 _____ () C:\ComboFix.txt 2014-04-23 08:16 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini 2014-04-23 08:00 - 2013-04-16 10:10 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-22 14:32 - 2014-04-22 14:27 - 00000000 ____D () C:\Users\Franz\Desktop\Air Niugini 2014-04-22 07:27 - 2014-04-22 07:26 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Franz\Desktop\tdsskiller.exe 2014-04-21 19:35 - 2014-04-21 18:48 - 00000000 ____D () C:\Users\Franz\Desktop\Projekt 2014-04-21 17:28 - 2014-04-21 17:28 - 05196870 ____R (Swearware) C:\Users\Franz\Desktop\ComboFix.exe 2014-04-21 16:40 - 2014-04-21 16:40 - 00003240 _____ () C:\Windows\System32\Tasks\smadav 2014-04-21 16:40 - 2014-04-21 16:40 - 00000718 _____ () C:\Users\Public\Desktop\SMADΔV.lnk 2014-04-21 16:40 - 2014-04-21 16:40 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Smadav 2014-04-21 16:27 - 2014-04-03 00:10 - 00000000 ____D () C:\Users\Franz\Desktop\FPCD 2014-04-19 19:21 - 2014-04-19 19:20 - 00025978 _____ () C:\Users\Franz\Desktop\FRST.txt 2014-04-19 18:46 - 2013-04-16 19:01 - 00696870 _____ () C:\Windows\System32\perfh007.dat 2014-04-19 18:46 - 2013-04-16 19:01 - 00148134 _____ () C:\Windows\System32\perfc007.dat 2014-04-19 18:46 - 2009-07-13 21:13 - 01612484 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-04-18 17:21 - 2013-04-16 10:22 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\vlc 2014-04-18 13:13 - 2014-04-18 13:13 - 00000000 ____D () C:\Users\Franz\Desktop\FRST-OlderVersion 2014-04-16 14:00 - 2014-03-11 07:56 - 00000000 ____D () C:\AdwCleaner 2014-04-16 13:59 - 2014-04-16 13:57 - 00000041 _____ () C:\Users\Franz\Desktop\pw.txt 2014-04-16 13:46 - 2014-04-16 13:46 - 00000000 ____D () C:\Windows\ERUNT 2014-04-16 13:10 - 2014-04-16 13:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-04-16 13:06 - 2014-04-16 13:06 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-16 12:12 - 2014-04-01 22:42 - 00000000 ____D () C:\Users\Franz\Desktop\Antivir 2014-04-15 17:43 - 2009-07-13 19:20 - 00000000 __RHD () C:\users\Default 2014-04-15 17:35 - 2014-04-15 16:56 - 00000000 ____D () C:\Windows\erdnt 2014-04-15 16:52 - 2014-04-15 16:52 - 00000000 ____D () C:\ProgramData\Panda Security 2014-04-15 16:52 - 2014-04-15 16:52 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine 2014-04-15 16:50 - 2014-04-15 16:50 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine 2014-04-14 00:20 - 2013-04-16 11:29 - 00000000 ____D () C:\Setups 2014-04-06 23:30 - 2014-04-06 23:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files 2014-04-05 22:23 - 2013-04-16 10:09 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-05 22:23 - 2013-04-16 10:09 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-02 23:51 - 2014-04-16 13:06 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2014-04-02 23:51 - 2014-04-16 13:06 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys 2014-04-02 23:50 - 2014-04-16 13:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2014-04-01 22:54 - 2014-04-01 22:19 - 00000000 ____D () C:\Users\Franz\AppData\Local\NPE 2014-04-01 22:27 - 2014-04-01 22:27 - 00000000 ____D () C:\Windows\pss 2014-04-01 22:25 - 2013-04-16 10:39 - 00000000 ___RD () C:\Users\Franz\Desktop\Dropbox 2014-04-01 22:24 - 2013-04-16 10:35 - 00000000 ____D () C:\Users\Franz\AppData\Roaming\Dropbox 2014-04-01 22:19 - 2014-04-01 22:19 - 00000000 ____D () C:\ProgramData\Norton 2014-03-30 18:12 - 2014-02-28 03:54 - 00000000 ____D () C:\Users\Franz\Desktop\Fotos Some content of TEMP: ==================== C:\Users\Franz\AppData\Local\Temp\avgnt.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-03-04 04:16:53 Restore point made on: 2014-03-13 18:01:05 Restore point made on: 2014-03-23 14:56:49 Restore point made on: 2014-04-01 23:56:23 Restore point made on: 2014-04-02 04:47:26 Restore point made on: 2014-04-15 16:57:13 Restore point made on: 2014-04-20 15:04:46 Restore point made on: 2014-04-21 17:31:02 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 3764.43 MB Available physical RAM: 3044.73 MB Total Pagefile: 3762.57 MB Available Pagefile: 3035.25 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:452.97 GB) (Free:29.71 GB) NTFS Drive e: (PQSERVICE) (Fixed) (Total:12.7 GB) (Free:2.56 GB) NTFS Drive f: () (Removable) (Total:14.63 GB) (Free:14.62 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 59D459D4) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=15 GB) - (Type=0C) LastRegBack: 2014-03-23 14:49 ==================== End Of Log ============================ |
|
28.04.2014, 09:15
| #30 |
| /// the machine /// TB-Ausbilder | Flash Drive Shortcut Virus wtbchkxbde..vbs Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
HKU\Franz\...\Run: [wtbchkxbde] => wscript.exe //B "C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs" <===== ATTENTION
Startup: C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wtbchkxbde..vbs ()
2014-04-18 13:16 - 2013-09-22 07:47 - 00073266 _____ () C:\Users\Franz\AppData\Roaming\wtbchkxbde..vbs
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Frisches Scanlog aus der recovery bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Flash Drive Shortcut Virus wtbchkxbde..vbs |
| acer, acer aspire, antivirus, avira, dateien, desktop, detected, entfernen, folge, formatieren, frage, geld, google, hängt, laptop hängt, launch, link, links auf usb-stick, logfiles, lösung, microsoft, online, problem, programme, shortcut virus, software, system32, versteckte dateien, virus, windows, zufällig |
Linear-Darstellung
