| |
| |||||||
Log-Analyse und Auswertung: PC verseucht? 100% CPU auslastungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.11.2011, 02:01
| #1 |
| |  PC verseucht? 100% CPU auslastung Hallo Leute, da mein Prozessor in letzter Zeit eine 100% auslastung hatte, und das durchgehend und zocken unmöglich wurde habe ich mein System komplett neu aufgesetzt. Fazit: Alles so wie vorher  Hier meine LOGs OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 06.11.2011 01:27:37 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\******\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 20,70% Memory free 7,99 Gb Paging File | 3,90 Gb Available in Paging File | 48,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 580,85 Gb Total Space | 551,18 Gb Free Space | 94,89% Space Free | Partition Type: NTFS Drive D: | 3,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: *****-PC | User Name: ******* | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\******\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Windows\SysWOW64\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\OptimalSuite Common\AMDSrv.exe (appsmaker) PRC - C:\Program Files (x86)\appsmaker\AppBooster 2.0\appbooster.exe (appsmaker) ========== Modules (No Company Name) ========== MOD - C:\Users\Max\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll () MOD - C:\Users\*****\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll () MOD - C:\Users\*****\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll () MOD - C:\Users\*****\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SpeedBoosterSvc) -- C:\Program Files (x86)\Common Files\OptimalSuite Common\BoostService.exe (appsmaker) SRV - (AMOptimalDiskService) -- C:\Program Files (x86)\Common Files\OptimalSuite Common\AMDSrv.exe (appsmaker) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 25 2F 8B FC 9B CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.05 21:52:04 | 000,000,000 | ---D | M] [2011.11.05 21:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2011.11.05 21:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.05 21:57:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.09.29 08:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B161DDD-2461-49BF-92F4-29CADAC6F2F7}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.13 18:29:38 | 000,000,122 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.06 00:44:13 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.11.06 00:44:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Malwarebytes [2011.11.06 00:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.06 00:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.06 00:43:36 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.06 00:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.06 00:16:12 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2011.11.06 00:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2011.11.06 00:15:08 | 000,000,000 | ---D | C] -- C:\Intel [2011.11.05 23:37:38 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2011.11.05 23:37:32 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2011.11.05 23:37:31 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2011.11.05 23:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2011.11.05 23:36:57 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\TuneUp Software [2011.11.05 23:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012 [2011.11.05 23:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011.11.05 23:34:34 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\AppBooster [2011.11.05 23:34:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2011.11.05 23:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\appsmaker [2011.11.05 23:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\OptimalSuite Common [2011.11.05 23:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\appsmaker [2011.11.05 23:14:31 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Avira [2011.11.05 23:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2011.11.05 22:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.11.05 22:53:34 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.11.05 22:53:34 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.11.05 22:53:34 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.11.05 22:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.11.05 22:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.11.05 22:43:39 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\.minecraft [2011.11.05 22:31:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\TS3Client [2011.11.05 22:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2011.11.05 22:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2011.11.05 22:25:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Skype [2011.11.05 22:10:07 | 000,539,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe [2011.11.05 22:06:54 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2011.11.05 22:06:54 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2011.11.05 22:04:28 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Macromedia [2011.11.05 22:04:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Adobe [2011.11.05 22:04:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011.11.05 21:58:14 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2011.11.05 21:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.11.05 21:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2011.11.05 21:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.11.05 21:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2011.11.05 21:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2011.11.05 21:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2011.11.05 21:57:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2011.11.05 21:57:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2011.11.05 21:57:32 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\WinRAR [2011.11.05 21:57:32 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.11.05 21:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.11.05 21:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2011.11.05 21:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.11.05 21:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.11.05 21:57:23 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.11.05 21:57:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.11.05 21:57:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.11.05 21:57:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.11.05 21:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011.11.05 21:57:14 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011.11.05 21:57:03 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.11.05 21:57:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2011.11.05 21:52:16 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Mozilla [2011.11.05 21:52:16 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Mozilla [2011.11.05 21:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011.11.05 21:41:34 | 000,000,000 | R--D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.11.05 21:41:34 | 000,000,000 | R--D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.11.05 21:41:33 | 000,000,000 | R--D | C] -- C:\Users\Max\Searches [2011.11.05 21:41:19 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Identities [2011.11.05 21:41:14 | 000,000,000 | R--D | C] -- C:\Users\Max\Contacts [2011.11.05 21:41:11 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\VirtualStore [2011.11.05 21:40:51 | 000,000,000 | --SD | C] -- C:\Users\Max\AppData\Roaming\Microsoft [2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Videos [2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Saved Games [2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Pictures [2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Music [2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Links [2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Favorites [2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Downloads [2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Documents [2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\Desktop [2011.11.05 21:40:51 | 000,000,000 | R--D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Vorlagen [2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\AppData\Local\Verlauf [2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\AppData\Local\Temporary Internet Files [2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Startmenü [2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\SendTo [2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Recent [2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Netzwerkumgebung [2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Lokale Einstellungen [2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Documents\Eigene Videos [2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Documents\Eigene Musik [2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Eigene Dateien [2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Documents\Eigene Bilder [2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Druckumgebung [2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Cookies [2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\AppData\Local\Anwendungsdaten [2011.11.05 21:40:51 | 000,000,000 | -HSD | C] -- C:\Users\Max\Anwendungsdaten [2011.11.05 21:40:51 | 000,000,000 | -H-D | C] -- C:\Users\Max\AppData [2011.11.05 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Temp [2011.11.05 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Microsoft [2011.11.05 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Media Center Programs [2011.11.05 21:40:34 | 000,000,000 | -HSD | C] -- C:\Recovery [2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\Programme [2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.11.05 21:40:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2011.11.05 21:34:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011.11.05 21:32:23 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011.11.05 21:31:32 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011.11.05 13:30:46 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2011.11.05 13:30:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\OEM ========== Files - Modified Within 30 Days ========== [2011.11.06 00:44:21 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.11.06 00:43:44 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.06 00:29:07 | 003,085,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.06 00:29:07 | 000,684,954 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2011.11.06 00:29:07 | 000,680,010 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2011.11.06 00:29:07 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.06 00:29:07 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.06 00:29:07 | 000,127,070 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2011.11.06 00:29:07 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.06 00:29:07 | 000,124,006 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2011.11.06 00:29:07 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.06 00:21:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.06 00:21:27 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys [2011.11.06 00:20:35 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.06 00:20:35 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.05 23:37:24 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.11.05 23:37:24 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2011.11.05 23:33:52 | 000,001,199 | ---- | M] () -- C:\Users\Public\Desktop\appsmaker AppBooster 2.0.lnk [2011.11.05 22:53:53 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.11.05 22:28:54 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2011.11.05 22:04:23 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.11.05 21:58:14 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.11.05 21:58:09 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.11.05 21:57:48 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk [2011.11.05 21:57:37 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2011.11.05 21:57:32 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk [2011.11.05 21:57:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.11.05 21:57:19 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.11.05 21:57:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.11.05 21:57:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.11.05 21:52:05 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.11.05 21:38:14 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.05 21:36:48 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2011.11.05 21:36:48 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2011.11.01 19:35:52 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2011.11.01 19:35:42 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2011.11.01 19:35:40 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2011.10.19 16:56:15 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2011.11.06 00:43:44 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.05 23:37:24 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.11.05 23:37:24 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2011.11.05 23:37:23 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2011.11.05 23:33:52 | 000,001,199 | ---- | C] () -- C:\Users\Public\Desktop\appsmaker AppBooster 2.0.lnk [2011.11.05 22:53:53 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.11.05 22:28:54 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2011.11.05 21:58:14 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.11.05 21:58:09 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.11.05 21:57:48 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk [2011.11.05 21:57:48 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk [2011.11.05 21:57:37 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2011.11.05 21:57:32 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk [2011.11.05 21:52:05 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.11.05 21:52:05 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.11.05 21:41:44 | 000,001,405 | ---- | C] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011.11.05 21:41:36 | 000,001,439 | ---- | C] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.11.05 21:36:37 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011.11.05 21:36:27 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011.11.05 21:31:32 | 3217,235,968 | -HS- | C] () -- C:\hiberfil.sys [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.11.05 23:20:49 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\.minecraft [2011.11.05 23:34:42 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\AppBooster [2011.11.05 22:58:28 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TS3Client [2011.11.05 23:36:57 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TuneUp Software [2009.07.14 06:08:49 | 000,001,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.11.2011 01:27:37 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\*****\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 20,70% Memory free
7,99 Gb Paging File | 3,90 Gb Available in Paging File | 48,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580,85 Gb Total Space | 551,18 Gb Free Space | 94,89% Space Free | Partition Type: NTFS
Drive D: | 3,55 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"appsmaker_AppBooster20_is1" = appsmaker AppBooster 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Steam App 24960" = Battlefield: Bad Company 2
"TeamViewer 6" = TeamViewer 6
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.1.11
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05.11.2011 20:40:32 | Computer Name = Max-PC | Source = System Restore | ID = 8193
Description =
Error - 05.11.2011 20:40:35 | Computer Name = Max-PC | Source = VSS | ID = 13
Description =
Error - 05.11.2011 20:40:35 | Computer Name = Max-PC | Source = VSS | ID = 12292
Description =
Error - 05.11.2011 20:40:35 | Computer Name = Max-PC | Source = VSS | ID = 8193
Description =
Error - 05.11.2011 20:40:35 | Computer Name = Max-PC | Source = System Restore | ID = 8193
Description =
Error - 05.11.2011 20:41:02 | Computer Name = Max-PC | Source = VSS | ID = 13
Description =
Error - 05.11.2011 20:41:02 | Computer Name = Max-PC | Source = VSS | ID = 12292
Description =
Error - 05.11.2011 20:42:37 | Computer Name = Max-PC | Source = MsiInstaller | ID = 11935
Description =
Error - 05.11.2011 20:46:54 | Computer Name = Max-PC | Source = VSS | ID = 13
Description =
Error - 05.11.2011 20:46:54 | Computer Name = Max-PC | Source = VSS | ID = 12292
Description =
[ System Events ]
Error - 05.11.2011 18:12:34 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80071a2d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2491683)
Error - 05.11.2011 18:12:34 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80071a2d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2544893)
Error - 05.11.2011 18:12:34 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80071a2d fehlgeschlagen: Sicherheitsupdate für Windows*7 für x64-basierte
Systeme (KB2442962)
Error - 05.11.2011 18:13:00 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80071a2d fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
(KB2616676)
Error - 05.11.2011 18:13:00 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80071a2d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2511455)
Error - 05.11.2011 18:13:00 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80071a2d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2564958)
Error - 05.11.2011 18:13:00 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80071a2d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2419640)
Error - 05.11.2011 18:13:00 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80071a2d fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
(KB2345886)
Error - 05.11.2011 18:13:00 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80071a2d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2556532)
Error - 05.11.2011 18:13:00 | Computer Name = Max-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80071a2d fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
(KB979538)
< End of report >
Hijackthis Log HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:01:36, on 06.11.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Java\jre6\bin\javaw.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Java\jre6\bin\javaw.exe C:\Program Files (x86)\Java\jre6\bin\javaw.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\javaw.exe C:\Users\Max\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: appsmaker OptimalDisk Service (AMOptimalDiskService) - appsmaker - C:\Program Files (x86)\Common Files\OptimalSuite Common\AMDSrv.exe O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: appsmaker SpeedBooster 2.0 Service (SpeedBoosterSvc) - appsmaker - C:\Program Files (x86)\Common Files\OptimalSuite Common\BoostService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 5552 bytes Malware Bericht Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8094 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 06.11.2011 02:03:21 mbam-log-2011-11-06 (02-03-21).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 294587 Laufzeit: 1 Stunde(n), 15 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Max\AppData\Local\Temp\icreinstall\flvplayersetup.exe (Adware.Agent) -> Quarantined and deleted successfully. Könnt ihr mir helfen? Früher lief mein PC top.... Grüße |
|
06.11.2011, 04:46
| #2 |
| | PC verseucht? 100% CPU auslastung Hier noch mein Rootkit log
__________________aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-11-06 03:51:15 ----------------------------- 03:51:15.880 OS Version: Windows x64 6.1.7600 03:51:15.880 Number of processors: 2 586 0x170A 03:51:15.881 ComputerName: MAX-PC UserName: Max 03:51:18.754 Initialize success 03:51:56.220 AVAST engine defs: 11110503 03:52:24.702 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 03:52:24.704 Disk 0 Vendor: WDC_WD6400BEVT-22A0RT0 01.01A01 Size: 610480MB BusType: 11 03:52:26.740 Disk 0 MBR read successfully 03:52:26.744 Disk 0 MBR scan 03:52:26.768 Disk 0 Windows 7 default MBR code 03:52:26.771 Service scanning 03:52:28.763 Modules scanning 03:52:28.767 Disk 0 trace - called modules: 03:52:28.796 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 03:52:28.799 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c73060] 03:52:28.803 3 CLASSPNP.SYS[fffff8800186443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004760060] 03:52:30.286 AVAST engine scan C:\Windows 03:52:41.365 AVAST engine scan C:\Windows\system32 03:54:29.552 AVAST engine scan C:\Windows\system32\drivers 03:54:45.786 AVAST engine scan C:\Users\Max 03:55:47.164 AVAST engine scan C:\ProgramData 03:55:58.086 Scan finished successfully 03:57:17.460 Disk 0 MBR has been saved successfully to "C:\Users\Max\Desktop\MBR.dat" 03:57:17.465 The log file has been saved successfully to "C:\Users\Max\Desktop\aswMBR.txt" |
|
06.11.2011, 15:45
| #3 |
| | PC verseucht? 100% CPU auslastung Push..................
__________________ |
|
| Themen zu PC verseucht? 100% CPU auslastung |
| 100% cpu, 64-bit, antivir, auslastung, autorun, avira, bho, c:\windows\system32\rundll32.exe, desktop, error, firefox, flash player, format, helper, home, icreinstall, install.exe, langs, logfile, mbamservice.exe, mozilla, msiinstaller, plug-in, prozessor, registry, rundll, scan, sched.exe, security, shell32.dll, shortcut, software, system, teamspeak, updates, webcheck, windows, windows xp |
Linear-Darstellung
