50% CPU usage wenn idle...

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/10/20 15:45:49 +0200</date>
<logfile>mbam-log-2014-10-20 (15-45-49).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.3.1025</version>
<malware-database>v2014.09.19.05</malware-database>
<rootkit-database>v2014.09.18.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>m</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>368441</objects>
<time>626</time>
<processes>2</processes>
<modules>0</modules>
<keys>1</keys>
<values>3</values>
<datas>0</datas>
<folders>0</folders>
<files>23</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\Temporary\ieutil.exe</path><vendor>PUP.BitCoinMiner</vendor><action>delete-on-reboot</action><pid>24716</pid><hash>661b3bb45c1f86b0b6ccb23da35ed030</hash></process>
<process><path>C:\Temporary\iehighutil.exe</path><vendor>Trojan.Agent.MNR</vendor><action>delete-on-reboot</action><pid>18064</pid><hash>11705d927506e55139bba5b755af817f</hash></process>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Time</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>6c155e914b30d3630e0db9a64fb553ad</hash></key>
<value><path>HKU\S-1-5-21-896307261-3574068607-3140626432-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>{DB49928F-3F27-5CE5-C191-37ECBFB20947}</valuename><vendor>Trojan.Kryptik</vendor><action>success</action><valuedata>C:\Users\Teng\AppData\Roaming\Ivyl\onaq.exe</valuedata><hash>86fb826d700bfb3b6f9dbd399769ed13</hash></value>
<value><path>HKU\S-1-5-21-896307261-3574068607-3140626432-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON</path><valuename>shell</valuename><vendor>Hijack.Shell.Gen</vendor><action>success</action><valuedata>C:\Users\Teng\AppData\Roaming\EelguyPf\f1YRdTk.exe,explorer.exe</valuedata><hash>4f3227c8e29988ae0e9a7762bc47aa56</hash></value>
<value><path>HKU\S-1-5-21-896307261-3574068607-3140626432-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>iehighutil</valuename><vendor>Trojan.Agent.MNR</vendor><action>success</action><valuedata>&quot;C:\Temporary\iehighutil.exe&quot;</valuedata><hash>11705d927506e55139bba5b755af817f</hash></value>
<file><path>C:\Temporary\ieutil.exe</path><vendor>PUP.BitCoinMiner</vendor><action>success</action><hash>661b3bb45c1f86b0b6ccb23da35ed030</hash></file>
<file><path>C:\Users\Teng\AppData\Roaming\Ivyl\onaq.exe</path><vendor>Trojan.Kryptik</vendor><action>success</action><hash>86fb826d700bfb3b6f9dbd399769ed13</hash></file>
<file><path>C:\Users\Teng\AppData\Roaming\Imge\noce.exe</path><vendor>Trojan.VBKrypt</vendor><action>success</action><hash>6f122ec16d0edd59e0c1fcbcbb45de22</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>6c155e914b30d3630e0db9a64fb553ad</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>6c15618eb0cb241243d956093dc7b947</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>d5acdf102952ec4aee2f77e8659f4ab6</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\c5ba51c8822b2ebb730d18f8bab93d8a.elf</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>9fe2bf30a3d8221461bdb1ae7391946c</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\d4ce4f36e508153bf25ab6a8dcde7f0d.elf</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>a6db3fb0c1baef476faf2d329e6639c7</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core.multiarray.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>532ee50ae09bd16572add78846be6d93</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core.scalarmath.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>99e8fef16e0d58defb24cb94a95b37c9</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core.umath.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>99e8bc332f4ce55124fb5609897b7a86</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.core._dotblas.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>dfa28d62e299f44296895c033fc58f71</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.fft.fftpack_lite.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>98e933bcc0bb40f6d44be9761fe5b848</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.lib._compiled_base.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>ceb324cb18632b0b72ad8cd3f41028d8</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.linalg.lapack_lite.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>453c12ddb7c4e254e73807585aaa10f0</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\numpy.random.mtrand.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>ccb508e794e7ac8a46d93629b2527b85</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\pyopencl._cl.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>2e53e50a3e3df2441f00d48b7a8a8d73</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\select.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>473a707f0d6e2a0c1a05e47b30d455ab</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\_ctypes.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>2c5542ad5f1c9f971b04114e976da25e</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\_hashlib.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>513019d66813bb7b8e91abb4d430c33d</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\_socket.pyd</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>f78a757a4f2c0f271d024619a75dfb05</hash></file>
<file><path>C:\ProgramData\Microsoft\Windows\Time\library.zip</path><vendor>Trojan.BtcMiner.TS</vendor><action>success</action><hash>463b6788ef8cef475cc40b543aca5fa1</hash></file>
<file><path>C:\Temporary\iehighutil.exe</path><vendor>Trojan.Agent.MNR</vendor><action>delete-on-reboot</action><hash>11705d927506e55139bba5b755af817f</hash></file>
</items>
</mbam-log>
         

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/12/04 20:04:33 +0100</date>
<logfile>mbam-log-2016-12-04 (20-00-02).xml</logfile>
<isadmin>no</isadmin>
</header>
<engine>
<version>2.2.1.1043</version>
<malware-database>v2016.12.04.08</malware-database>
<rootkit-database>v2016.11.20.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>SATAN</hostname>
<ip>192.168.0.12</ip>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Teng</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>235540</objects>
<time>502</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>