| Chrisman | 30.03.2013 19:19 |
Danke für die ausführliche Anleitung :)
Ok zuallererst, ich glaub ich habe was falsch gemacht.
Diese Collect and suspect Sache ist bei mir nicht aufgetaucht. Ansonsten sah alles zumindest so aus, als würde alles wunderbar funktionieren.
Hier die Logs:
ADWCleaner: Code:
# AdwCleaner v2.115 - Datei am 30/03/2013 um 18:45:16 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Chris - CHRIS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Chris\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\d1ovbg0f.default\foxydeal.sqlite
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\d1ovbg0f.default\jetpack
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\d1ovbg0f.default\prefs.js
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\d1ovbg0f.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1610 octets] - [30/03/2013 18:45:16]
########## EOF - C:\AdwCleaner[S1].txt - [1670 octets] ##########
JRT: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.4 (03.29.2013:1)
OS: Windows 7 Professional x64
Ran by Chris on 30.03.2013 at 18:50:09,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] "C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\d1ovbg0f.default\extensions\jid0-8tN1572BjKN38NbylynGgV1L2AU@jetpack.xpi"
Emptied folder: C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\d1ovbg0f.default\minidumps [234 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.03.2013 at 18:55:52,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Combofix: Code:
ComboFix 13-03-30.01 - Chris 30.03.2013 18:58:07.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.12286.9408 [GMT 1:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Chris\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-28 bis 2013-03-30 ))))))))))))))))))))))))))))))
.
.
2013-03-30 18:04 . 2013-03-30 18:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-30 17:57 . 2013-03-30 17:57 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F79731-8D28-4843-8991-87A0907D79CB}\offreg.dll
2013-03-30 13:58 . 2013-03-30 13:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-30 13:58 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-30 13:58 . 2013-03-30 13:58 -------- d-----w- c:\users\Chris\AppData\Local\Programs
2013-03-30 01:24 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F79731-8D28-4843-8991-87A0907D79CB}\mpengine.dll
2013-03-25 18:08 . 2013-03-25 18:08 -------- d-----w- C:\Guild Wars 2
2013-03-25 16:15 . 2013-03-28 16:43 -------- d-----w- c:\users\Chris\AppData\Roaming\Vidoe
2013-03-25 16:15 . 2013-03-27 17:34 -------- d-----w- c:\users\Chris\AppData\Roaming\Cyape
2013-03-24 16:06 . 2013-03-24 16:06 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-24 16:06 . 2013-03-24 16:06 -------- d-----w- c:\program files (x86)\Java
2013-03-23 07:26 . 2013-03-23 21:27 -------- d-----w- c:\users\Chris\AppData\Roaming\Awesomium
2013-03-22 16:45 . 2013-03-22 16:45 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-03-22 16:45 . 2013-03-22 16:45 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-03-22 16:43 . 2013-03-22 21:00 -------- d-----w- C:\Marvel Heroes Beta
2013-03-22 16:41 . 2013-03-22 16:42 -------- d-----w- c:\programdata\bitraider
2013-03-18 22:17 . 2013-03-18 22:17 -------- d-----w- c:\users\Chris\AppData\Local\Apps
2013-03-18 22:17 . 2013-03-19 16:52 -------- d-----w- c:\users\Chris\AppData\Local\Deployment
2013-03-17 11:48 . 2013-03-20 20:26 -------- d-----w- c:\users\Chris\AppData\Roaming\Might & Magic Heroes VI
2013-03-07 20:38 . 2013-03-07 20:38 -------- d-----w- c:\program files (x86)\BlueStacks
2013-03-07 20:38 . 2013-03-07 20:38 -------- d-----w- c:\programdata\BlueStacks
2013-03-06 19:20 . 2013-03-06 19:20 -------- d-----w- c:\users\Chris\AppData\Local\Funcom
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-24 16:06 . 2012-07-26 15:18 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-24 16:06 . 2012-02-20 07:37 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-12 19:07 . 2012-04-05 12:02 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 19:07 . 2011-12-22 21:16 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-16 12:46 . 2011-12-22 21:58 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-02 17:38 . 2013-02-02 17:38 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-02-02 17:38 . 2013-02-02 17:38 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-02-02 17:38 . 2013-02-02 17:38 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-02-02 17:38 . 2013-02-02 17:38 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-01-28 16:28 . 2011-12-22 23:10 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-13 21:17 . 2013-02-28 07:15 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-28 07:15 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-28 07:15 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-28 07:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 07:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 07:14 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 07:14 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 07:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 07:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 07:15 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 07:15 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 07:15 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-28 07:15 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 07:14 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-28 07:15 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-28 07:14 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-28 07:14 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-28 07:14 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-28 07:14 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-28 07:14 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-28 07:14 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-28 07:14 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-28 07:14 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-28 07:15 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-28 07:15 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-28 07:14 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-28 07:15 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-28 07:14 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-28 07:14 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-28 07:14 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-28 07:14 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-28 07:14 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-28 07:14 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-28 07:14 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-28 07:14 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-28 07:15 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-28 07:15 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-28 07:14 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-28 07:14 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-28 07:14 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-28 07:15 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-28 07:14 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-28 07:15 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-28 07:15 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-28 07:14 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-28 07:14 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-08 05:40 . 2013-02-16 12:41 97792 ----a-w- c:\windows\system32\mshtmled.dll
2013-01-05 05:53 . 2013-02-16 12:41 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-16 12:41 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-16 12:41 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-28 07:15 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11 . 2013-02-28 07:15 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-01-04 05:46 . 2013-02-16 12:41 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-16 12:41 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-16 12:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-16 12:41 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-16 12:41 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-16 12:41 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-16 12:41 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-16 12:41 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-16 12:41 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-16 12:41 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Chris\AppData\Roaming\Ageqy ----
.
.
---- Directory of c:\users\Chris\AppData\Roaming\Cyape ----
.
2013-03-27 17:34 . 2013-03-29 18:29 10045 ----a-w- c:\users\Chris\AppData\Roaming\Cyape\taoc.olu
2013-03-26 16:47 . 2013-03-28 16:42 3519372 ----a-w- c:\users\Chris\AppData\Roaming\Cyape\taoc.tmp
.
---- Directory of c:\users\Chris\AppData\Roaming\Goefn ----
.
.
---- Directory of c:\users\Chris\AppData\Roaming\Omerta ----
.
2013-02-09 20:30 . 2013-02-09 20:30 245275 ----a-w- c:\users\Chris\AppData\Roaming\Omerta\screenshot.tga
2013-02-09 20:30 . 2013-02-09 20:30 3510580 ----a-w- c:\users\Chris\AppData\Roaming\Omerta\save\00020.auto.sav
2013-02-09 20:00 . 2013-02-09 20:00 3497806 ----a-w- c:\users\Chris\AppData\Roaming\Omerta\save\00019.auto.sav
2013-02-09 15:40 . 2013-02-09 20:30 4211 ----a-w- c:\users\Chris\AppData\Roaming\Omerta\logs\Omerta.exe-20130209-16.40.31-50f578b8.log
2013-02-05 21:00 . 2013-02-05 21:00 230330 ----a-w- c:\users\Chris\AppData\Roaming\Omerta\save\00014.sav
2013-02-05 21:00 . 2013-02-05 21:00 230337 ----a-w- c:\users\Chris\AppData\Roaming\Omerta\save\00013.city.sav
2013-02-05 20:07 . 2013-02-05 21:01 3753 ----a-w- c:\users\Chris\AppData\Roaming\Omerta\logs\Omerta.exe-20130205-21.07.39-50f578b8.log
2013-02-03 11:53 . 2013-02-09 18:50 675 ----a-w- c:\users\Chris\AppData\Roaming\Omerta\save\save.lua
2013-02-03 11:36 . 2013-02-09 20:30 3309440 ----a-w- c:\users\Chris\AppData\Roaming\Omerta\district_pluto
2013-02-03 11:17 . 2013-02-03 11:17 53 ----a-w- c:\users\Chris\AppData\Roaming\Omerta\UserId.lua
2013-02-03 11:17 . 2013-02-09 20:30 438 ----a-w- c:\users\Chris\AppData\Roaming\Omerta\DeveloperStorage.lua
2013-02-03 11:17 . 2013-02-03 17:36 5551 ----a-w- c:\users\Chris\AppData\Roaming\Omerta\logs\Omerta.exe-20130203-12.17.00-50f578b8.log
.
---- Directory of c:\users\Chris\AppData\Roaming\Ryuz ----
.
2012-02-13 19:19 . 2012-07-19 17:50 415853 ----a-w- c:\users\Chris\AppData\Roaming\Ryuz\tauqq.wai
.
---- Directory of c:\users\Chris\AppData\Roaming\Ugyku ----
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSU"="c:\program files (x86)\Medion AG\NSU\NSU.exe" [2011-10-20 1789440]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-26 1631144]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-09-28 136416]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-02-15 601976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe [2012-6-17 1370224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\bitraider\BRSptSvc.exe [2013-03-22 949528]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [2012-11-25 25832]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-12-22 834544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-02-15 71032]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-02-15 384888]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{C335382D-59A1-40E1-8FAA-946B0AA697DB}: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\d1ovbg0f.default\
FF - ExtSQL: 2013-02-15 09:29; jid0-8tN1572BjKN38NbylynGgV1L2AU@jetpack; c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\d1ovbg0f.default\extensions\jid0-8tN1572BjKN38NbylynGgV1L2AU@jetpack.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Carte - c:\gamescampus\DE\Carte\uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2945886007-329671581-1404254205-1000\Software\SecuROM\License information*]
"datasecu"=hex:a0,32,5d,64,cc,a6,ed,b9,a3,7d,9f,80,b5,3a,c8,5f,a1,0f,d7,82,d4,
88,24,41,2b,23,0c,ee,02,62,19,c5,9a,66,56,3b,13,e2,d5,dc,ef,ca,d9,d7,9a,ce,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-30 19:06:13
ComboFix-quarantined-files.txt 2013-03-30 18:06
ComboFix2.txt 2013-03-30 15:35
.
Vor Suchlauf: 37 Verzeichnis(se), 70.712.918.016 Bytes frei
Nach Suchlauf: 38 Verzeichnis(se), 70.671.183.872 Bytes frei
.
- - End Of File - - D6EB2FC1C0552BBCCB0CA9B13AFC7675
Nun... GMER log kann ich das alte leider nicht mehr anbieten, das habe ich gelöscht nachdem ich es ein wenig verkackt habe es aufzuteilen (frag nicht, wollte es in 2 unterschiedliche .txt aufteilen und dann hab ich mich vertan, dann war alles durcheinander etc.)
Aber ich habe ein neues Log gemacht das ich mit anhänge... nun ist es nichtmal mehr halb so groß
EDIT:
Hatte gerade einen BLuescreen... ich glaub zum ersten Mal überhaupt seit Windows 7.
Wollts nur mitgeteilt haben nicht dass das irgendwie auf was wichtiges noch hinweist. |
AdwCleaner auf deinen Desktop.
TDSSKiller.exe und speichere diese Datei auf dem Desktop
aswMBR.exe und speichere die Datei auf deinem Desktop.
WARNUNG an die MITLESER: 
Textbox.