Ich hoffe das alles so geklappt hat. Gmer und Osam sind bisschen anders verlaufen als in der Beschreibung der Links
Der Gmer-Log:
GMER Logfile: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-06 01:58:29
Windows 6.1.7601 Service Pack 1
Running: 5ivszzpf.exe
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@hapnghmhoncpbkgf 0x6A 0x61 0x66 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@iaflihdmmnjfjccaaj 0x63 0x61 0x66 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@iajoofkocefpgihiah 0x69 0x61 0x6B 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@dbhfdikcecmippbipgplpekaggiebchbkejbjomk 0x68 0x61 0x6B 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@jbhfdikcecmippbipgplodllgdaeenhkmcjopdnoipjbjlmmagja 0x68 0x61 0x6B 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@dbhfdikcecmippbipgplaeppgedkhefoimeiilcm 0x62 0x62 0x70 0x70 ...
---- Files - GMER 1.0.15 ----
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\08 Mexico Böhse Onkelz.mp3 8241256 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\01 Ich lieb Mich Böhse Onkelz.mp3 6604264 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\02 Nur die Besten sterben jung Böhse Onkelz.mp3 10333432 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\03 Keine ist wie Du Böhse Onkelz.mp3 12979972 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\04 Wieder mal`nen Tag verschenkt Böhse Onkelz.mp3 10360576 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\05 Heilige Lieder Böhse Onkelz.mp3 11847232 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\06 Wir ham noch lange nicht genug Böhse Onkelz.mp3 9766540 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\07 Stunde des Siegers Böhse Onkelz.mp3 12629188 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\09 Der Fuckin´ Metal Mann Böhse Onkelz.mp3 11953720 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\10 Erinnerung Böhse Onkelz.mp3 14068864 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\11 Das erste Blut Böhse Onkelz.mp3 11763712 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\12 Es ist soweit Böhse Onkelz.mp3 7465564 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\13 Eine dieser Nächte Böhse Onkelz.mp3 11626948 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\14 Lügenmarsch Böhse Onkelz.mp3 10054684 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\15 Könge für einen Tag Böhse Onkelz.mp3 10847080 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\16 Mädchen Böhse Onkelz2.mp3 2190996 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\17 Keiner wusste wie´s geschah.mp3 7738048 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\18 Nenn mich Gott.mp3 7823656 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\19 Hässlich brutal und gewahltätig Böhse Onkelz.mp3 8473024 bytes
---- EOF - GMER 1.0.15 ----
--- --- ---
Hier der Osam-Log:
Ich konnte den Online-Scan nicht überspringen und nur 2 mal "next" klicken. Danach kam schon das "finish"-Fenster und danach hab ich den Log gespeichert. Oder sollte ich da sonst noch was machen?
OSAM Logfile: Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 02:07:43 on 06.10.2012
OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 15.0.1
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Common]
-----( %SystemRoot%\Tasks )-----
"HPCeeScheduleForJasmin.job" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
"FacebookUpdateTaskUserS-1-5-21-2757323760-757079131-3812645846-1000Core.job" - "Facebook Inc." - C:\Users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-2757323760-757079131-3812645846-1000UA.job" - "Facebook Inc." - C:\Users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"HP 3D DriveGuard" - ? - C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\hpaccelerometercp.CPL (File not found)
"Nero BurnRights" - "Nero AG" - C:\Program Files (x86)\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found)
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files (x86)\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office10\OLKFSTUB.DLL
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? - (File not found | COM-object registry key not found)
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found)
[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7M" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7M\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Facebook Messenger.lnk" - "Facebook" - C:\Users\Jasmin\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Facebook Update" - "Facebook Inc." - "C:\Users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"KiesPDLR" - ? - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"KiesPreload" - "Samsung" - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"FreePDF Assistant" - "shbox.de" - C:\Program Files (x86)\FreePDF_XP\fpassist.exe
"Guard.Mail.ru.gui" - ? - "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui
"HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"HPCam_Menu" - "CyberLink Corp." - "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"WinampAgent" - "Nullsoft, Inc." - "C:\Program Files (x86)\Winamp\winampa.exe"
"WirelessAssistant" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll (File found, but it contains no detailed information)
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found)
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
"BingBar Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
"Easybits Shared Services for Windows" (ezSharedSvc) - ? - C:\Windows\System32\ezsvc7.dll (File not found)
"Firebird Guardian - DefaultInstance" (FirebirdGuardianDefaultInstance) - "Firebird Project" - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
"Firebird Server - DefaultInstance" (FirebirdServerDefaultInstance) - "Firebird Project" - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
"Guard.Mail.ru" (Guard.Mail.ru) - ? - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
"HP Quick Synchronization Service" (HPDrvMntSvc.exe) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
"HP Software Framework Service" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
"HP Support Assistant Service" (HP Support Assistant Service) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]
Und hier der Log von aswMBR: Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-06 02:12:48
-----------------------------
02:12:48.568 OS Version: Windows x64 6.1.7601 Service Pack 1
02:12:48.568 Number of processors: 2 586 0x602
02:12:48.569 ComputerName: JASMIN-PC UserName: Jasmin
02:12:51.294 Initialize success
02:14:45.304 AVAST engine defs: 12100502
02:15:01.751 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:15:01.756 Disk 0 Vendor: WDC_WD6400BEVT-60A0RT0 01.01A01 Size: 610480MB BusType: 11
02:15:01.774 Disk 0 MBR read successfully
02:15:01.781 Disk 0 MBR scan
02:15:01.791 Disk 0 unknown MBR code
02:15:01.799 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
02:15:01.820 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596181 MB offset 409600
02:15:01.856 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13995 MB offset 1221388288
02:15:01.880 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
02:15:01.945 Disk 0 scanning C:\Windows\system32\drivers
02:15:15.391 Service scanning
02:15:51.918 Modules scanning
02:15:51.932 Disk 0 trace - called modules:
02:15:52.317 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
02:15:52.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800467e790]
02:15:52.340 3 CLASSPNP.SYS[fffff8800110e43f] -> nt!IofCallDriver -> [0xfffffa800467d2e0]
02:15:52.353 5 hpdskflt.sys[fffff8800200b189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80045fc060]
02:15:55.526 AVAST engine scan C:\Windows
02:16:02.004 AVAST engine scan C:\Windows\system32
02:18:52.781 AVAST engine scan C:\Windows\system32\drivers
02:19:13.847 AVAST engine scan C:\Users\Jasmin
02:41:46.051 AVAST engine scan C:\ProgramData
02:44:40.000 Scan finished successfully
02:57:46.169 Disk 0 MBR has been saved successfully to "C:\Users\Jasmin\Desktop\MBR.dat"
02:57:46.175 The log file has been saved successfully to "C:\Users\Jasmin\Desktop\aswMBR.txt"
|
aswMBR.exe und speichere die Datei auf deinem Desktop.