Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   PC verseucht? 100% CPU auslastung (https://www.trojaner-board.de/104827-pc-verseucht-100-cpu-auslastung.html)

Question 06.11.2011 02:01
PC verseucht? 100% CPU auslastung
 
Hallo Leute, da mein Prozessor in letzter Zeit eine 100% auslastung hatte, und das durchgehend und zocken unmöglich wurde habe ich mein System komplett neu aufgesetzt. Fazit: Alles so wie vorher :daumenrunter:

Hier meine LOGs

OTL.txtOTL Logfile:
Code:
OTL logfile created on: 06.11.2011 01:27:37 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\******\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 20,70% Memory free
7,99 Gb Paging File | 3,90 Gb Available in Paging File | 48,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580,85 Gb Total Space | 551,18 Gb Free Space | 94,89% Space Free | Partition Type: NTFS
Drive D: | 3,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: *****-PC | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\******\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Windows\SysWOW64\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\OptimalSuite Common\AMDSrv.exe (appsmaker)
PRC - C:\Program Files (x86)\appsmaker\AppBooster 2.0\appbooster.exe (appsmaker)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Max\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll ()
MOD - C:\Users\*****\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll ()
MOD - C:\Users\*****\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll ()
MOD - C:\Users\*****\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SpeedBoosterSvc) -- C:\Program Files (x86)\Common Files\OptimalSuite Common\BoostService.exe (appsmaker)
SRV - (AMOptimalDiskService) -- C:\Program Files (x86)\Common Files\OptimalSuite Common\AMDSrv.exe (appsmaker)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 25 2F 8B FC 9B CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.05 21:52:04 | 000,000,000 | ---D | M]
 
[2011.11.05 21:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2011.11.05 21:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.05 21:57:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.09.29 08:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B161DDD-2461-49BF-92F4-29CADAC6F2F7}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.13 18:29:38 | 000,000,122 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.06 00:44:13 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.11.06 00:44:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Malwarebytes
[2011.11.06 00:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.06 00:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.06 00:43:36 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.06 00:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.06 00:16:12 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2011.11.06 00:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011.11.06 00:15:08 | 000,000,000 | ---D | C] -- C:\Intel
[2011.11.05 23:37:38 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.11.05 23:37:32 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.11.05 23:37:31 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.11.05 23:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2011.11.05 23:36:57 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\TuneUp Software
[2011.11.05 23:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2011.11.05 23:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.11.05 23:34:34 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\AppBooster
[2011.11.05 23:34:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.11.05 23:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\appsmaker
[2011.11.05 23:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\OptimalSuite Common
[2011.11.05 23:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\appsmaker
[2011.11.05 23:14:31 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Avira
[2011.11.05 23:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011.11.05 22:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.11.05 22:53:34 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.11.05 22:53:34 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.11.05 22:53:34 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.11.05 22:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.11.05 22:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.11.05 22:43:39 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\.minecraft
[2011.11.05 22:31:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\TS3Client
[2011.11.05 22:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011.11.05 22:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2011.11.05 22:25:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Skype
[2011.11.05 22:10:07 | 000,539,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2011.11.05 22:06:54 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.11.05 22:06:54 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.11.05 22:04:28 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Macromedia
[2011.11.05 22:04:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Adobe
[2011.11.05 22:04:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.11.05 21:58:14 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011.11.05 21:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.11.05 21:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011.11.05 21:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.11.05 21:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.11.05 21:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011.11.05 21:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011.11.05 21:57:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2011.11.05 21:57:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011.11.05 21:57:32 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\WinRAR
[2011.11.05 21:57:32 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.11.05 21:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.11.05 21:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.11.05 21:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.11.05 21:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.11.05 21:57:23 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.11.05 21:57:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.11.05 21:57:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.11.05 21:57:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.11.05 21:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.11.05 21:57:14 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.11.05 21:57:03 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.11.05 21:57:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011.11.05 21:52:16 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Mozilla
[2011.11.05 21:52:16 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Mozilla
[2011.11.05 21:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.11.05 21:41:34 | 000,000,000 | R--D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.11.05 21:41:34 | 000,000,000 | R--D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.11.05 21:41:33 | 000,000,000 | R--D | C] -- C:\Users\Max\Searches
[2011.11.05 21:41:19 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Identities
[2011.11.05 21:41:14 | 000,000,000 | R--D | C] -- C:\Users\Max\Contacts
[2011.11.05 21:41:11 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\VirtualStore
[2011.11.05 21:40:51 | 000,000,000 | --SD | C] -- C:\Users\Max\AppData\Roaming\Microsoft
[2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Videos
[2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Saved Games
[2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Pictures
[2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Music
[2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Links
[2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Favorites
[2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Downloads
[2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Documents
[2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Desktop
[2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Vorlagen
[2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\AppData\Local\Verlauf
[2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\AppData\Local\Temporary Internet Files
[2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Startmenü
[2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\SendTo
[2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Recent
[2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Netzwerkumgebung
[2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Lokale Einstellungen
[2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Documents\Eigene Videos
[2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Documents\Eigene Musik
[2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Eigene Dateien
[2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Documents\Eigene Bilder
[2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Druckumgebung
[2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Cookies
[2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\AppData\Local\Anwendungsdaten
[2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Anwendungsdaten
[2011.11.05 21:40:51 | 000,000,000 | -H-D | C] -- C:\Users\Max\AppData
[2011.11.05 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Temp
[2011.11.05 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Microsoft
[2011.11.05 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Media Center Programs
[2011.11.05 21:40:34 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.11.05 21:34:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.11.05 21:32:23 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.11.05 21:31:32 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011.11.05 13:30:46 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011.11.05 13:30:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\OEM
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.06 00:44:21 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.11.06 00:43:44 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.06 00:29:07 | 003,085,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.06 00:29:07 | 000,684,954 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011.11.06 00:29:07 | 000,680,010 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2011.11.06 00:29:07 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.06 00:29:07 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.06 00:29:07 | 000,127,070 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011.11.06 00:29:07 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.06 00:29:07 | 000,124,006 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2011.11.06 00:29:07 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.06 00:21:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.06 00:21:27 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.06 00:20:35 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.06 00:20:35 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.05 23:37:24 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.11.05 23:37:24 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2011.11.05 23:33:52 | 000,001,199 | ---- | M] () -- C:\Users\Public\Desktop\appsmaker AppBooster 2.0.lnk
[2011.11.05 22:53:53 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.11.05 22:28:54 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011.11.05 22:04:23 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.11.05 21:58:14 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.11.05 21:58:09 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.11.05 21:57:48 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011.11.05 21:57:37 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011.11.05 21:57:32 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2011.11.05 21:57:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.11.05 21:57:19 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.11.05 21:57:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.11.05 21:57:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.11.05 21:52:05 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.11.05 21:38:14 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.05 21:36:48 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.11.05 21:36:48 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011.11.01 19:35:52 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.11.01 19:35:42 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.11.01 19:35:40 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.10.19 16:56:15 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2011.11.06 00:43:44 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.05 23:37:24 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.11.05 23:37:24 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2011.11.05 23:37:23 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011.11.05 23:33:52 | 000,001,199 | ---- | C] () -- C:\Users\Public\Desktop\appsmaker AppBooster 2.0.lnk
[2011.11.05 22:53:53 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.11.05 22:28:54 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011.11.05 21:58:14 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.11.05 21:58:09 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.11.05 21:57:48 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.11.05 21:57:48 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011.11.05 21:57:37 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011.11.05 21:57:32 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2011.11.05 21:52:05 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.11.05 21:52:05 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.11.05 21:41:44 | 000,001,405 | ---- | C] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.11.05 21:41:36 | 000,001,439 | ---- | C] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.11.05 21:36:37 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.11.05 21:36:27 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.11.05 21:31:32 | 3217,235,968 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.11.05 23:20:49 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\.minecraft
[2011.11.05 23:34:42 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\AppBooster
[2011.11.05 22:58:28 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TS3Client
[2011.11.05 23:36:57 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TuneUp Software
[2009.07.14 06:08:49 | 000,001,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---











Extras.txt

OTL Logfile:
Code:
OTL Extras logfile created on: 06.11.2011 01:27:37 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\*****\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 20,70% Memory free
7,99 Gb Paging File | 3,90 Gb Available in Paging File | 48,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580,85 Gb Total Space | 551,18 Gb Free Space | 94,89% Space Free | Partition Type: NTFS
Drive D: | 3,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"appsmaker_AppBooster20_is1" = appsmaker AppBooster 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Steam App 24960" = Battlefield: Bad Company 2
"TeamViewer 6" = TeamViewer 6
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.1.11
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.11.2011 20:40:32 | Computer Name = Max-PC | Source = System Restore | ID = 8193
Description =
 
Error - 05.11.2011 20:40:35 | Computer Name = Max-PC | Source = VSS | ID = 13
Description =
 
Error - 05.11.2011 20:40:35 | Computer Name = Max-PC | Source = VSS | ID = 12292
Description =
 
Error - 05.11.2011 20:40:35 | Computer Name = Max-PC | Source = VSS | ID = 8193
Description =
 
Error - 05.11.2011 20:40:35 | Computer Name = Max-PC | Source = System Restore | ID = 8193
Description =
 
Error - 05.11.2011 20:41:02 | Computer Name = Max-PC | Source = VSS | ID = 13
Description =
 
Error - 05.11.2011 20:41:02 | Computer Name = Max-PC | Source = VSS | ID = 12292
Description =
 
Error - 05.11.2011 20:42:37 | Computer Name = Max-PC | Source = MsiInstaller | ID = 11935
Description =
 
Error - 05.11.2011 20:46:54 | Computer Name = Max-PC | Source = VSS | ID = 13
Description =
 
Error - 05.11.2011 20:46:54 | Computer Name = Max-PC | Source = VSS | ID = 12292
Description =
 
[ System Events ]
Error - 05.11.2011 18:12:34 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80071a2d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2491683)
 
Error - 05.11.2011 18:12:34 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80071a2d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2544893)
 
Error - 05.11.2011 18:12:34 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80071a2d fehlgeschlagen: Sicherheitsupdate für Windows*7 für x64-basierte
 Systeme (KB2442962)
 
Error - 05.11.2011 18:13:00 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80071a2d fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
 (KB2616676)
 
Error - 05.11.2011 18:13:00 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80071a2d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2511455)
 
Error - 05.11.2011 18:13:00 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80071a2d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2564958)
 
Error - 05.11.2011 18:13:00 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80071a2d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2419640)
 
Error - 05.11.2011 18:13:00 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80071a2d fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
 (KB2345886)
 
Error - 05.11.2011 18:13:00 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80071a2d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2556532)
 
Error - 05.11.2011 18:13:00 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80071a2d fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
 (KB979538)
 
 
< End of report >
--- --- ---






Hijackthis Log


HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:01:36, on 06.11.2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\javaw.exe
C:\Users\Max\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: appsmaker OptimalDisk Service (AMOptimalDiskService) - appsmaker - C:\Program Files (x86)\Common Files\OptimalSuite Common\AMDSrv.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: appsmaker SpeedBooster 2.0 Service (SpeedBoosterSvc) - appsmaker - C:\Program Files (x86)\Common Files\OptimalSuite Common\BoostService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5552 bytes
--- --- ---



Malware Bericht


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8094

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06.11.2011 02:03:21
mbam-log-2011-11-06 (02-03-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 294587
Laufzeit: 1 Stunde(n), 15 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Max\AppData\Local\Temp\icreinstall\flvplayersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.




Könnt ihr mir helfen? Früher lief mein PC top....

Grüße

Question 06.11.2011 04:46
Hier noch mein Rootkit log


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-06 03:51:15
-----------------------------
03:51:15.880 OS Version: Windows x64 6.1.7600
03:51:15.880 Number of processors: 2 586 0x170A
03:51:15.881 ComputerName: MAX-PC UserName: Max
03:51:18.754 Initialize success
03:51:56.220 AVAST engine defs: 11110503
03:52:24.702 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
03:52:24.704 Disk 0 Vendor: WDC_WD6400BEVT-22A0RT0 01.01A01 Size: 610480MB BusType: 11
03:52:26.740 Disk 0 MBR read successfully
03:52:26.744 Disk 0 MBR scan
03:52:26.768 Disk 0 Windows 7 default MBR code
03:52:26.771 Service scanning
03:52:28.763 Modules scanning
03:52:28.767 Disk 0 trace - called modules:
03:52:28.796 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
03:52:28.799 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c73060]
03:52:28.803 3 CLASSPNP.SYS[fffff8800186443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004760060]
03:52:30.286 AVAST engine scan C:\Windows
03:52:41.365 AVAST engine scan C:\Windows\system32
03:54:29.552 AVAST engine scan C:\Windows\system32\drivers
03:54:45.786 AVAST engine scan C:\Users\Max
03:55:47.164 AVAST engine scan C:\ProgramData
03:55:58.086 Scan finished successfully
03:57:17.460 Disk 0 MBR has been saved successfully to "C:\Users\Max\Desktop\MBR.dat"
03:57:17.465 The log file has been saved successfully to "C:\Users\Max\Desktop\aswMBR.txt"

Question 06.11.2011 15:45
Push..................


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:54 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19