Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
50% CPU usage wenn idle...

50% CPU usage wenn idle...


Log-Analyse und Auswertung: 50% CPU usage wenn idle...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 12.12.2016, 22:29   #3
cmdr
 
50% CPU usage wenn idle... - Standard

50% CPU usage wenn idle...


das ist der durchlauf, bei dem bitcoinminer gefunden wurden.

Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/10/12 00:27:50 +0200</date>
<logfile>mbam-log-2016-10-12 (00-27-50).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.1.1043</version>
<malware-database>v2016.02.16.06</malware-database>
<rootkit-database>v2016.02.08.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>SATAN</hostname>
<ip>192.168.0.12</ip>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>m</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>409106</objects>
<time>886</time>
<processes>7</processes>
<modules>13</modules>
<keys>1</keys>
<values>3</values>
<datas>0</datas>
<folders>0</folders>
<files>25</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><pid>1924</pid><hash>e581d38e2f6aae88f77b2c5560a47888</hash></process>
<process><path>C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><pid>1764</pid><hash>1551e27fd9c0d4622153fe83a361916f</hash></process>
<process><path>C:\Temporary\iehighutil.exe</path><vendor>Trojan.BitCoinMiner</vendor><action>delete-on-reboot</action><pid>2388</pid><hash>ca9c7fe27f1a270ff0b40db229d87090</hash></process>
<process><path>C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><pid>3356</pid><hash>c4a23d24a4f5c57111629ae7b2526799</hash></process>
<process><path>C:\Users\Teng\AppData\Roaming\svchost.exe</path><vendor>Trojan.Agent</vendor><action>delete-on-reboot</action><pid>2644</pid><hash>67ffca97ddbc82b4b99dcf3bbd46c33d</hash></process>
<process><path>C:\Users\Teng\AppData\Local\Temp\chrome.exe</path><vendor>Trojan.PasswordStealer</vendor><action>delete-on-reboot</action><pid>1696</pid><hash>293ddb86f5a47bbb047f4a02956f7d83</hash></process>
<process><path>C:\Users\Teng\AppData\Roaming\EthMine\svchost.exe</path><vendor>Trojan.Agent</vendor><action>delete-on-reboot</action><pid>1776</pid><hash>0e582140089160d65afa948e946fc937</hash></process>
<module><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core.multiarray.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>e87e174a33660f275be37e3afd06946c</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core.scalarmath.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>acba79e8a6f3e2549ea0efc9669d966a</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core.umath.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>016573ee8b0e2412ce70eccc5aa9bf41</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core._dotblas.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>1c4af66b16835fd7dd61f8c0a261a65a</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\numpy.fft.fftpack_lite.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>4a1c98c98c0d023470ce5d5bba49ed13</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\numpy.lib._compiled_base.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>0561e57c38616bcb4af4c0f8ca398e72</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\numpy.linalg.lapack_lite.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>7aecb3ae51484ee8211d3286ed16748c</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\numpy.random.mtrand.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>6df919489504d06662dceccc31d2da26</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\pyopencl._cl.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>a0c66df4732675c12c127642e51e837d</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\select.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>a5c10b56c6d3e94d0e303c7ca55e5da3</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\_ctypes.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>363067fa079287afac92dade5ba8b64a</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\_hashlib.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>0363144d2772043291ad407811f2bd43</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\_socket.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>f76f0d5467322214a995199f9e6504fc</hash></module>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Time</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>e581d38e2f6aae88f77b2c5560a47888</hash></key>
<value><path>HKU\S-1-5-21-896307261-3574068607-3140626432-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>iehighutil</valuename><vendor>Trojan.BitCoinMiner</vendor><action>success</action><valuedata>&quot;C:\Temporary\iehighutil.exe&quot;</valuedata><hash>ca9c7fe27f1a270ff0b40db229d87090</hash></value>
<value><path>HKU\S-1-5-21-896307261-3574068607-3140626432-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>{DB49928F-3F27-5CE5-C191-37ECBFB20947}</valuename><vendor>Trojan.ZbotR.Gen</vendor><action>success</action><valuedata>C:\Users\Teng\AppData\Roaming\Ivyl\onaq.exe</valuedata><hash>7ee841208e0b0432196bd3bb758e52ae</hash></value>
<value><path>HKU\S-1-5-21-896307261-3574068607-3140626432-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>FlashBit</valuename><vendor>Trojan.Agent</vendor><action>success</action><valuedata>C:\Users\Teng\AppData\Roaming\EthMine\svchost.exe</valuedata><hash>0e582140089160d65afa948e946fc937</hash></value>
<file><path>C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>e581d38e2f6aae88f77b2c5560a47888</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>1551e27fd9c0d4622153fe83a361916f</hash></file>
<file><path>C:\Temporary\iehighutil.exe</path><vendor>Trojan.BitCoinMiner</vendor><action>delete-on-reboot</action><hash>ca9c7fe27f1a270ff0b40db229d87090</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>c4a23d24a4f5c57111629ae7b2526799</hash></file>
<file><path>C:\Users\Teng\AppData\Roaming\svchost.exe</path><vendor>Trojan.Agent</vendor><action>delete-on-reboot</action><hash>67ffca97ddbc82b4b99dcf3bbd46c33d</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\c5ba51c8822b2ebb730d18f8bab93d8a.elf</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>5d09a8b99dfc3ef837064c6cd52e04fc</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\d4ce4f36e508153bf25ab6a8dcde7f0d.elf</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>d096e57c39609d9990ad5365b053d030</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core.multiarray.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>e87e174a33660f275be37e3afd06946c</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core.scalarmath.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>acba79e8a6f3e2549ea0efc9669d966a</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core.umath.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>016573ee8b0e2412ce70eccc5aa9bf41</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core._dotblas.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>1c4af66b16835fd7dd61f8c0a261a65a</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.fft.fftpack_lite.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>4a1c98c98c0d023470ce5d5bba49ed13</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.lib._compiled_base.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>0561e57c38616bcb4af4c0f8ca398e72</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.linalg.lapack_lite.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>7aecb3ae51484ee8211d3286ed16748c</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.random.mtrand.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>6df919489504d06662dceccc31d2da26</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\pyopencl._cl.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>a0c66df4732675c12c127642e51e837d</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\select.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>a5c10b56c6d3e94d0e303c7ca55e5da3</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\_ctypes.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>363067fa079287afac92dade5ba8b64a</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\_hashlib.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>0363144d2772043291ad407811f2bd43</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\_socket.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>f76f0d5467322214a995199f9e6504fc</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\library.zip</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>92d4f9683762a1950639ad0b91725ba5</hash></file>
<file><path>C:\Users\m\AppData\Local\temp\chrome.exe</path><vendor>Trojan.PasswordStealer</vendor><action>success</action><hash>de8874eda9f057df3e4578d451b32bd5</hash></file>
<file><path>C:\Users\Teng\AppData\Local\Temp\chrome.exe</path><vendor>Trojan.PasswordStealer</vendor><action>delete-on-reboot</action><hash>293ddb86f5a47bbb047f4a02956f7d83</hash></file>
<file><path>C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrome.com.url</path><vendor>Trojan.Agent.E</vendor><action>success</action><hash>74f2f8694c4de452287875e1f70dc838</hash></file>
<file><path>C:\Users\Teng\AppData\Roaming\EthMine\svchost.exe</path><vendor>Trojan.Agent</vendor><action>delete-on-reboot</action><hash>0e582140089160d65afa948e946fc937</hash></file>
</items>
</mbam-log>
bei diesem letzten lauf wurde nichts mehr gefunden, trotzdem ist der rechner immer noch extrem langsam...

Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/10/12 00:27:50 +0200</date>
<logfile>mbam-log-2016-10-12 (00-27-50).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.1.1043</version>
<malware-database>v2016.02.16.06</malware-database>
<rootkit-database>v2016.02.08.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>SATAN</hostname>
<ip>192.168.0.12</ip>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>m</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>409106</objects>
<time>886</time>
<processes>7</processes>
<modules>13</modules>
<keys>1</keys>
<values>3</values>
<datas>0</datas>
<folders>0</folders>
<files>25</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><pid>1924</pid><hash>e581d38e2f6aae88f77b2c5560a47888</hash></process>
<process><path>C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><pid>1764</pid><hash>1551e27fd9c0d4622153fe83a361916f</hash></process>
<process><path>C:\Temporary\iehighutil.exe</path><vendor>Trojan.BitCoinMiner</vendor><action>delete-on-reboot</action><pid>2388</pid><hash>ca9c7fe27f1a270ff0b40db229d87090</hash></process>
<process><path>C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><pid>3356</pid><hash>c4a23d24a4f5c57111629ae7b2526799</hash></process>
<process><path>C:\Users\Teng\AppData\Roaming\svchost.exe</path><vendor>Trojan.Agent</vendor><action>delete-on-reboot</action><pid>2644</pid><hash>67ffca97ddbc82b4b99dcf3bbd46c33d</hash></process>
<process><path>C:\Users\Teng\AppData\Local\Temp\chrome.exe</path><vendor>Trojan.PasswordStealer</vendor><action>delete-on-reboot</action><pid>1696</pid><hash>293ddb86f5a47bbb047f4a02956f7d83</hash></process>
<process><path>C:\Users\Teng\AppData\Roaming\EthMine\svchost.exe</path><vendor>Trojan.Agent</vendor><action>delete-on-reboot</action><pid>1776</pid><hash>0e582140089160d65afa948e946fc937</hash></process>
<module><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core.multiarray.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>e87e174a33660f275be37e3afd06946c</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core.scalarmath.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>acba79e8a6f3e2549ea0efc9669d966a</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core.umath.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>016573ee8b0e2412ce70eccc5aa9bf41</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core._dotblas.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>1c4af66b16835fd7dd61f8c0a261a65a</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\numpy.fft.fftpack_lite.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>4a1c98c98c0d023470ce5d5bba49ed13</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\numpy.lib._compiled_base.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>0561e57c38616bcb4af4c0f8ca398e72</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\numpy.linalg.lapack_lite.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>7aecb3ae51484ee8211d3286ed16748c</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\numpy.random.mtrand.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>6df919489504d06662dceccc31d2da26</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\pyopencl._cl.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>a0c66df4732675c12c127642e51e837d</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\select.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>a5c10b56c6d3e94d0e303c7ca55e5da3</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\_ctypes.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>363067fa079287afac92dade5ba8b64a</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\_hashlib.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>0363144d2772043291ad407811f2bd43</hash></module>
<module><path>C:\ProgramData\Microsoft\Windows\Time\_socket.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>f76f0d5467322214a995199f9e6504fc</hash></module>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Time</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>e581d38e2f6aae88f77b2c5560a47888</hash></key>
<value><path>HKU\S-1-5-21-896307261-3574068607-3140626432-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>iehighutil</valuename><vendor>Trojan.BitCoinMiner</vendor><action>success</action><valuedata>&quot;C:\Temporary\iehighutil.exe&quot;</valuedata><hash>ca9c7fe27f1a270ff0b40db229d87090</hash></value>
<value><path>HKU\S-1-5-21-896307261-3574068607-3140626432-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>{DB49928F-3F27-5CE5-C191-37ECBFB20947}</valuename><vendor>Trojan.ZbotR.Gen</vendor><action>success</action><valuedata>C:\Users\Teng\AppData\Roaming\Ivyl\onaq.exe</valuedata><hash>7ee841208e0b0432196bd3bb758e52ae</hash></value>
<value><path>HKU\S-1-5-21-896307261-3574068607-3140626432-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>FlashBit</valuename><vendor>Trojan.Agent</vendor><action>success</action><valuedata>C:\Users\Teng\AppData\Roaming\EthMine\svchost.exe</valuedata><hash>0e582140089160d65afa948e946fc937</hash></value>
<file><path>C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>e581d38e2f6aae88f77b2c5560a47888</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>1551e27fd9c0d4622153fe83a361916f</hash></file>
<file><path>C:\Temporary\iehighutil.exe</path><vendor>Trojan.BitCoinMiner</vendor><action>delete-on-reboot</action><hash>ca9c7fe27f1a270ff0b40db229d87090</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>c4a23d24a4f5c57111629ae7b2526799</hash></file>
<file><path>C:\Users\Teng\AppData\Roaming\svchost.exe</path><vendor>Trojan.Agent</vendor><action>delete-on-reboot</action><hash>67ffca97ddbc82b4b99dcf3bbd46c33d</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\c5ba51c8822b2ebb730d18f8bab93d8a.elf</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>5d09a8b99dfc3ef837064c6cd52e04fc</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\d4ce4f36e508153bf25ab6a8dcde7f0d.elf</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>d096e57c39609d9990ad5365b053d030</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core.multiarray.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>e87e174a33660f275be37e3afd06946c</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core.scalarmath.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>acba79e8a6f3e2549ea0efc9669d966a</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core.umath.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>016573ee8b0e2412ce70eccc5aa9bf41</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core._dotblas.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>1c4af66b16835fd7dd61f8c0a261a65a</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.fft.fftpack_lite.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>4a1c98c98c0d023470ce5d5bba49ed13</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.lib._compiled_base.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>0561e57c38616bcb4af4c0f8ca398e72</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.linalg.lapack_lite.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>7aecb3ae51484ee8211d3286ed16748c</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.random.mtrand.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>6df919489504d06662dceccc31d2da26</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\pyopencl._cl.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>a0c66df4732675c12c127642e51e837d</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\select.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>a5c10b56c6d3e94d0e303c7ca55e5da3</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\_ctypes.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>363067fa079287afac92dade5ba8b64a</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\_hashlib.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>0363144d2772043291ad407811f2bd43</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\_socket.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>delete-on-reboot</action><hash>f76f0d5467322214a995199f9e6504fc</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\library.zip</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>92d4f9683762a1950639ad0b91725ba5</hash></file>
<file><path>C:\Users\m\AppData\Local\temp\chrome.exe</path><vendor>Trojan.PasswordStealer</vendor><action>success</action><hash>de8874eda9f057df3e4578d451b32bd5</hash></file>
<file><path>C:\Users\Teng\AppData\Local\Temp\chrome.exe</path><vendor>Trojan.PasswordStealer</vendor><action>delete-on-reboot</action><hash>293ddb86f5a47bbb047f4a02956f7d83</hash></file>
<file><path>C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrome.com.url</path><vendor>Trojan.Agent.E</vendor><action>success</action><hash>74f2f8694c4de452287875e1f70dc838</hash></file>
<file><path>C:\Users\Teng\AppData\Roaming\EthMine\svchost.exe</path><vendor>Trojan.Agent</vendor><action>delete-on-reboot</action><hash>0e582140089160d65afa948e946fc937</hash></file>
</items>
</mbam-log>
eine zusätzliche info vielleicht noch: ich habe ein offizielles windows 7 drauf, allerdings konnte ich schon sehr lange nicht mehr updaten, weil ich das damals irgendwie über ne alte xp-installation drüber installiert habe. frag mich bitte nicht, wie ich das gemacht habe, ich wollte einfach irgendwie die alten platten noch miteingebaut haben. seitdem macht er sperenzchen, was das update von windows und flash angeht...
__________________
 

Themen zu 50% CPU usage wenn idle...
50% cpu, angeblich, coin-miner, cpu, gefunde, gelöscht, glaube, hilfe, hilfe!, malwarebytes, nicht, nicht mehr, wirklich


« Laptop bereinigen nach "Microsoft-Anruf" | Win10 adware/hijacking probleme »


Ähnliche Themen: 50% CPU usage wenn idle...


  1. erhöhte CPU-Last nach paar Minuten idle
    Plagegeister aller Art und deren Bekämpfung - 05.12.2016 (3)
  2. CPU Auslastung hoch komische Datei IDLE
    Alles rund um Windows - 18.06.2016 (9)
  3. Wenn ich etwas anklicke scheint es so als wenn es mehrfach passiert
    Alles rund um Windows - 14.05.2016 (0)
  4. Problem mit TCP Ports PID 0 und System Idle Prozess , ständig neue Verbindung
    Plagegeister aller Art und deren Bekämpfung - 20.04.2016 (6)
  5. Win 7 (64) - CPU 100% sobald Browser geöffnet, Idle ok. Auch bei anderen Anwendungen meist 100% CPU
    Log-Analyse und Auswertung - 09.07.2015 (5)
  6. Hohe CPU-Last im Idle (Systemunterbrechung wird mit über 20% CPU-Last im Schnitt angezeigt)
    Plagegeister aller Art und deren Bekämpfung - 29.11.2013 (7)
  7. Bei Internetverbindungsaufbau GPU Last hoch trotz idle
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (5)
  8. CPU im idle 68°C bei spielen 100% auslastung
    Log-Analyse und Auswertung - 13.11.2012 (9)
  9. CPU USAGE bei 100%
    Alles rund um Windows - 25.05.2012 (3)
  10. deutliche Traffic-Anzeige an Router und Modem, CPU: idle: werde ich gescannt?
    Netzwerk und Hardware - 03.03.2011 (4)
  11. Critical Error RAM memory usage .. HDD ... "Scanner" öffnet sich dauernd
    Plagegeister aller Art und deren Bekämpfung - 06.01.2011 (13)
  12. CPU Usage konstant bei 30% und mehr
    Plagegeister aller Art und deren Bekämpfung - 08.06.2010 (4)
  13. Vista wird immer lahmer und hat hohe cpu usage - Virus ?
    Log-Analyse und Auswertung - 03.02.2008 (0)
  14. Was tun, wenn Trojaner da?
    Plagegeister aller Art und deren Bekämpfung - 09.02.2006 (2)
  15. Was ist wenn...
    Plagegeister aller Art und deren Bekämpfung - 20.03.2005 (50)
  16. BACKDOOR Trojaner - Firewall, idle und Emule
    Plagegeister aller Art und deren Bekämpfung - 20.07.2004 (21)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema 50% CPU usage wenn idle... - das ist der durchlauf, bei dem bitcoinminer gefunden wurden. Code: Alles auswählen Aufklappen ATTFilter <?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2016/10/12 00:27:50 +0200</date> <logfile>mbam-log-2016-10-12 (00-27-50).xml</logfile> <isadmin>yes</isadmin> </header> <engine> <version>2.2.1.1043</version> <malware-database>v2016.02.16.06</malware-database> - 50% CPU usage wenn idle......
Archiv
Du betrachtest: 50% CPU usage wenn idle... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131