| |
| |||||||
Log-Analyse und Auswertung: Physikalischer Speicher sehr hochWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.10.2011, 16:38
| #1 |
| |  Physikalischer Speicher sehr hoch Hallo Trojaner-Board, und zwar habe ich das Problem, dass bei mir die Auslastung immer sehr Hoch ist, obwohl nichts im Task-Manager zu sehen ist. Svhost.exe ist auf 50mb daher denke ich nicht, dass es an einem Virus liegt. Mein System: CPU: Intel Core 2 Duo CPU T7300 @ 2.00GHz Ram: 2 GB Grafik: Ati mobility Radeon HD 2600 mit 512 MB Betriebssystem: Windows 7 64 Bit Hier mal die Logs: Extras.TxtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.10.2011 17:12:15 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Konto\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,31% Memory free
4,00 Gb Paging File | 2,85 Gb Available in Paging File | 71,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 125,54 Gb Free Space | 84,28% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 132,57 Gb Free Space | 88,95% Space Free | Partition Type: NTFS
Computer Name: KONTO-PC | User Name: Konto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Internet Security 2012
"{3310874F-9295-4269-2DC3-0C48BC50E4AE}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE79451B-00C5-94F7-28FA-B2C33AA3BB06}" = ATI Catalyst Install Manager
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Bitdefender" = Bitdefender Internet Security 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E407C1-D9C5-6F18-6EC0-ECC553DB4625}" = ccc-core-static
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{31A26771-4EFA-DBAC-6854-9C9537CE3AA7}" = Catalyst Control Center Graphics Light
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{6136238B-9413-EB7C-A202-1E1C2078EA0D}" = Catalyst Control Center Core Implementation
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{B1EFEA92-B257-E213-6999-B039B371D741}" = Catalyst Control Center Localization German
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"ENTERPRISE" = Microsoft Office Enterprise 2007
"iPhone_Backup_Switch_1.0" = iPhone Backup Switch
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"SopCast" = SopCast 3.4.0
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"vShare.tv plugin" = vShare.tv plugin 1.3
"World of Warcraft" = World of Warcraft
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.10.2011 11:43:53 | Computer Name = Konto-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 205298
Error - 17.10.2011 11:50:08 | Computer Name = Konto-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1725696562-QkxaMDAwMkUyMDFgJUQ5RDRCMDhGQkN9RjBWdjExbw==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.
Error - 17.10.2011 17:30:22 | Computer Name = Konto-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1725696562-QkxaMDAwMkUyMDFgJUQ5RDRCMDhGQkN9RjBWdjExbw==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.
Error - 17.10.2011 19:19:54 | Computer Name = Konto-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1725696562-QkxaMDAwMkUyMDFgJUQ5RDRCMDhGQkN9RjBWdjExbw==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.
Error - 17.10.2011 19:29:21 | Computer Name = Konto-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1725696562-QkxaMDAwMkUyMDFgJUQ5RDRCMDhGQkN9RjBWdjExbw==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.
Error - 18.10.2011 08:04:56 | Computer Name = Konto-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1725696562-QkxaMDAwMkUyMDFgJUQ5RDRCMDhGQkN9RjBWdjExbw==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.
Error - 18.10.2011 10:03:28 | Computer Name = Konto-PC | Source = Application Hang | ID = 1002
Description = Programm OneClick.exe, Version 10.0.4410.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ab0 Startzeit:
01cc8d8d67c46ba8 Endzeit: 1658 Anwendungspfad: C:\Program Files (x86)\TuneUp Utilities
2011\OneClick.exe Berichts-ID: cd0fb250-f991-11e0-9258-001b385f4164
Error - 19.10.2011 07:15:48 | Computer Name = Konto-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1725696562-QkxaMDAwMkUyMDFgJUQ5RDRCMDhGQkN9RjBWdjExbw==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.
Error - 20.10.2011 13:11:40 | Computer Name = Konto-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1725696562-QkxaMDAwMkUyMDFgJUQ5RDRCMDhGQkN9RjBWdjExbw==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.
Error - 21.10.2011 09:42:18 | Computer Name = Konto-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1725696562-QkxaMDAwMkUyMDFgJUQ5RDRCMDhGQkN9RjBWdjExbw==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.
[ System Events ]
Error - 20.10.2011 11:56:30 | Computer Name = Konto-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "BitDefender Virus Shield" hat einen ungültigen aktuellen
Status gemeldet: 14
Error - 20.10.2011 12:37:06 | Computer Name = Konto-PC | Source = DCOM | ID = 10010
Description =
Error - 20.10.2011 12:37:09 | Computer Name = Konto-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "BitDefender Virus Shield" hat einen ungültigen aktuellen
Status gemeldet: 14
Error - 20.10.2011 13:07:24 | Computer Name = Konto-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "BitDefender Virus Shield" hat einen ungültigen aktuellen
Status gemeldet: 14
Error - 20.10.2011 13:07:26 | Computer Name = Konto-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "BitDefender Virus Shield" hat einen ungültigen aktuellen
Status gemeldet: 14
Error - 20.10.2011 20:38:52 | Computer Name = Konto-PC | Source = DCOM | ID = 10010
Description =
Error - 20.10.2011 20:39:00 | Computer Name = Konto-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "BitDefender Virus Shield" hat einen ungültigen aktuellen
Status gemeldet: 14
Error - 21.10.2011 09:38:30 | Computer Name = Konto-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "BitDefender Virus Shield" hat einen ungültigen aktuellen
Status gemeldet: 14
Error - 21.10.2011 09:38:31 | Computer Name = Konto-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "BitDefender Virus Shield" hat einen ungültigen aktuellen
Status gemeldet: 14
Error - 21.10.2011 09:43:48 | Computer Name = Konto-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
< End of report >
Ich hoffe ihr könnt mir helfen |
| Themen zu Physikalischer Speicher sehr hoch |
| 64-bit, adobe, adobe flash player, auslastung, c:\windows\system32\rundll32.exe, defender, dll, error, excel, explorer, flash player, format, install.exe, logfile, microsoft office word, mozilla, physikalischer speicher, problem, programm, realtek, registry, rundll, scan, security, shell32.dll, shortcut, software, system, task-manager, teamspeak, trojaner-board, virus, windows |
Baum-Darstellung