Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: dllhost.exe poppt alle 10-20 Sekunden auf

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 26.01.2015, 11:04   #1
kuhlambo12
 
dllhost.exe poppt alle 10-20 Sekunden auf - Standard

dllhost.exe poppt alle 10-20 Sekunden auf



Moin,

wie oben beschrieben gibt es Bootperioden in denen alle 10-20 Sekunden eine Instanz der dllhost.exe aufpoppt und sich nach 1-2 Sekunden wieder schließt. Das Problem ist meistens nach einem Neustart behoben. Parallel dazu blinkt das Ladesymbol am Mauszeiger immer auf, wenn die dllhost.exe startet.
Dieses Problem tritt auch nie beim Systemstart auf, sondern erst nachdem das System einige Zeit gelaufen ist.

Desweiteren hab ich das merkwürdige Problem, dass wenn ich vom PC weggehen, mein Headset weglegen, dann wiederkomme und es aufsetze. Das Geräusch kommt, als wenn ein USB-Gerät eingesteckt würde.

Google konnte mir nicht weiterhelfen. Da gibt es Leute die das gleiche Problem schildern, aber ohne jegliche Lösungen, lediglich Spekulationen.

Emsisoft und Malwarebytes mit Rootkiterkennung sowie TDSSKiller konnten nichts finden.

Die FRST-Logs sind von gestern als das Problem mit der dllhost.exe aufgetreten ist.



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by T (administrator) on TIMPC on 25-01-2015 20:36:14
Running from C:\Users\T\Desktop
Loaded Profiles: T (Available profiles: T)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(TeamSpeak Systems GmbH) F:\Program Files(x86)\TeamSpeak 3 Client\ts3client_win64.exe
(Mozilla Corporation) F:\Program Files(x86)\Mozilla Firefox\firefox.exe
(Sysinternals - www.sysinternals.com) C:\Users\T\Desktop\TB\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\T\AppData\Local\Temp\procexp64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
HKU\S-1-5-21-3416555695-689590634-2451952551-1000\...\MountPoints2: {39072ab4-e697-11e3-aa48-806e6f6e6963} - D:\Run.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\cnbaf2xm.default
FF Homepage: https://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: NoScript - C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\cnbaf2xm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-01]
FF Extension: Adblock Plus - C:\Users\T\AppData\Roaming\Mozilla\Firefox\Profiles\cnbaf2xm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-28]
StartMenuInternet: FIREFOX.EXE - F:\Program Files(x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 20:36 - 2015-01-25 20:36 - 00004608 _____ () C:\Users\T\Desktop\FRST.txt
2015-01-25 20:34 - 2015-01-25 20:34 - 02129920 _____ (Farbar) C:\Users\T\Desktop\FRST64.exe
2015-01-25 19:06 - 2015-01-25 19:06 - 00000000 ____D () C:\Users\T\AppData\Roaming\Macromedia
2015-01-25 19:06 - 2015-01-25 19:06 - 00000000 ____D () C:\Users\T\AppData\Roaming\Adobe
2015-01-25 19:06 - 2015-01-25 19:06 - 00000000 ____D () C:\Users\T\AppData\Local\Macromedia
2015-01-25 19:04 - 2015-01-25 19:04 - 18126512 _____ (Adobe Systems Incorporated) C:\Users\T\Downloads\install_flash_player_16_plugin.exe
2015-01-25 19:04 - 2015-01-25 19:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 19:04 - 2015-01-25 19:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 05:20 - 2015-01-23 05:34 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-23 05:19 - 2015-01-23 05:19 - 00880784 _____ (Google Inc.) C:\Users\T\Downloads\ChromeSetup.exe
2015-01-21 07:20 - 2015-01-23 06:50 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\T\Desktop\tdsskiller.exe
2015-01-14 16:04 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:04 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:04 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:04 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:04 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:04 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:04 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 15:21 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:21 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:21 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:21 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 15:21 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 15:21 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 20:36 - 2014-09-10 16:08 - 00000000 ____D () C:\FRST
2015-01-25 19:52 - 2014-06-17 00:40 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-25 19:26 - 2014-05-28 19:40 - 01985517 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 17:58 - 2014-05-29 02:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 11:39 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 11:39 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 11:36 - 2011-04-12 08:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 11:36 - 2011-04-12 08:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 11:36 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 11:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 11:32 - 2009-07-14 05:51 - 00043088 _____ () C:\Windows\setupact.log
2015-01-23 13:27 - 2010-11-21 04:47 - 00007636 _____ () C:\Windows\PFRO.log
2015-01-19 23:57 - 2014-07-16 23:12 - 00000000 ____D () C:\Users\T\Documents\ManiaPlanet
2015-01-19 23:05 - 2014-05-29 00:36 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2015-01-14 16:06 - 2014-05-28 20:42 - 01592032 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 16:05 - 2014-05-28 20:20 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 16:05 - 2014-05-28 20:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-02 16:08 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT


Some content of TEMP:
====================
C:\Users\T\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\T\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\T\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\T\AppData\Local\Temp\nvStInst.exe
C:\Users\T\AppData\Local\Temp\procexp64.exe
C:\Users\T\AppData\Local\Temp\Quarantine.exe
C:\Users\T\AppData\Local\Temp\sqlite3.dll
C:\Users\T\AppData\Local\Temp\swt-win32-3349.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 00:29

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by T at 2015-01-25 20:36:28
Running from C:\Users\T\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Firefox 35.0 (x86 de) (HKU\S-1-5-21-3416555695-689590634-2451952551-1000\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.6 - En Masse Entertainment)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version:  - Nadeo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

02-01-2015 16:12:23 Windows Update
06-01-2015 20:59:54 Windows Update
13-01-2015 17:44:37 Windows Update
14-01-2015 16:04:53 Windows Update
15-01-2015 03:18:08 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
15-01-2015 03:18:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
20-01-2015 22:02:48 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


==================== Loaded Modules (whitelisted) =============

2014-05-28 22:52 - 2014-05-20 02:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-28 10:14 - 2014-02-28 10:14 - 00173568 _____ () F:\Program Files(x86)\TeamSpeak 3 Client\quazip.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 01080832 _____ () F:\Program Files(x86)\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00833024 _____ () F:\Program Files(x86)\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-06-20 08:48 - 2014-08-06 10:11 - 00102344 _____ () F:\Program Files(x86)\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-06-20 08:49 - 2014-08-06 10:11 - 00108488 _____ () F:\Program Files(x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00030208 _____ () F:\Program Files(x86)\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00233984 _____ () F:\Program Files(x86)\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-06-20 08:54 - 2014-08-06 10:11 - 00563656 _____ () F:\Program Files(x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-06-20 08:55 - 2014-08-06 10:11 - 00579016 _____ () F:\Program Files(x86)\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00159232 _____ () F:\Program Files(x86)\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2015-01-14 03:51 - 2015-01-14 03:51 - 03925104 _____ () F:\Program Files(x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3416555695-689590634-2451952551-500 - Administrator - Disabled)
Gast (S-1-5-21-3416555695-689590634-2451952551-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3416555695-689590634-2451952551-1002 - Limited - Enabled)
T (S-1-5-21-3416555695-689590634-2451952551-1000 - Administrator - Enabled) => C:\Users\T

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2015 11:34:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 04:52:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 04:56:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 01:29:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 11:52:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 00:20:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 09:11:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 00:45:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 06:35:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 06:28:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/24/2015 03:55:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/24/2015 03:55:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (01/20/2015 02:05:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/20/2015 02:05:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (11/20/2014 02:17:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/20/2014 02:17:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (11/13/2014 03:51:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/13/2014 03:51:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (11/03/2014 09:28:40 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎03.‎11.‎2014 um 09:26:03 unerwartet heruntergefahren.

Error: (10/23/2014 01:04:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (01/25/2015 11:34:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 04:52:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2015 04:56:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 01:29:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 11:52:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 00:20:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 09:11:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2015 00:45:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 06:35:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 06:28:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 8152.05 MB
Available physical RAM: 6125.03 MB
Total Pagefile: 16302.29 MB
Available Pagefile: 14052.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.57 GB) (Free:70.86 GB) NTFS
Drive f: (HDD) (Fixed) (Total:1863.01 GB) (Free:1732.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7E9DF4B4)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 7E9DF4A3)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Danke für die Hilfe

Edit: Screenie vom Prozess mittels Processexplorer
Angehängte Grafiken
Dateityp: png Dllhostpopup.png (4,6 KB, 124x aufgerufen)
__________________
Beste Grüße,

Kuhlambo12

Geändert von kuhlambo12 (26.01.2015 um 11:24 Uhr)

 

Themen zu dllhost.exe poppt alle 10-20 Sekunden auf
.dll, adware, blinkt, browser, cpu, defender, dllhost.exe, explorer, firefox, flash player, home, homepage, kaspersky, mozilla, neustart, problem, registry, scan, security, sekunden, services.exe, software, svchost.exe, teamspeak, temp, windows




Ähnliche Themen: dllhost.exe poppt alle 10-20 Sekunden auf


  1. PC hakt alle paar Sekunden bei aktiver Internetverbindung
    Log-Analyse und Auswertung - 15.10.2014 (9)
  2. Browser lädt alle 10 Sekunden neu
    Log-Analyse und Auswertung - 23.03.2014 (13)
  3. HP Laptop friert alle 3-5 Minuten für 20 Sekunden ein
    Plagegeister aller Art und deren Bekämpfung - 19.01.2014 (15)
  4. CPU alle paar sekunden auf 100%
    Alles rund um Windows - 03.09.2013 (1)
  5. Win 8 friert für 5-20 Sekunden ein (ca alle 10 Minuten)
    Alles rund um Windows - 22.08.2013 (0)
  6. Explorer startet alle paar Sekunden neu
    Plagegeister aller Art und deren Bekämpfung - 27.09.2011 (15)
  7. Antivirus: zeigt alle 10 Sekunden Virus an (Recycle.Bin\...)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2011 (1)
  8. Explorer Restart alle 5 Sekunden
    Log-Analyse und Auswertung - 26.04.2011 (3)
  9. Virus? Alle 6 Sekunden automatischer Tastendruck
    Log-Analyse und Auswertung - 11.01.2010 (3)
  10. ingame alle 2 sekunden - 2 sekunden aufhänger
    Netzwerk und Hardware - 20.04.2009 (2)
  11. Pc hängt alle paar sekunden
    Log-Analyse und Auswertung - 17.10.2008 (0)
  12. Explorer.exe startet alle 5 Sekunden neu
    Log-Analyse und Auswertung - 16.08.2008 (1)
  13. Firefox Werbefenster alle 30 Sekunden/HJT Log-File
    Log-Analyse und Auswertung - 16.07.2008 (0)
  14. Icons und Taskleiste verschwinden alle paar Sekunden
    Log-Analyse und Auswertung - 15.05.2008 (8)
  15. Einschränkung: Neue Postings nur alle 60 Sekunden
    Lob, Kritik und Wünsche - 12.07.2007 (4)
  16. Inet alle 5mins für 30 sekunden weg
    Plagegeister aller Art und deren Bekämpfung - 22.07.2005 (4)
  17. explorer verschwindet alle 4 sekunden
    Log-Analyse und Auswertung - 16.06.2005 (6)

Zum Thema dllhost.exe poppt alle 10-20 Sekunden auf - Moin, wie oben beschrieben gibt es Bootperioden in denen alle 10-20 Sekunden eine Instanz der dllhost.exe aufpoppt und sich nach 1-2 Sekunden wieder schließt. Das Problem ist meistens nach einem - dllhost.exe poppt alle 10-20 Sekunden auf...
Archiv
Du betrachtest: dllhost.exe poppt alle 10-20 Sekunden auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.