| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Hohe CPU AuslastungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.11.2009, 21:04
| #1 |
| |  Hohe CPU Auslastung Hallo liebe Forumsmitglieder! Bei meinem PC ist die CPU kurz nach dem Start nur zwischen 1 und 5% ausgelastet, sobald aber ein Programm gestartet wird, schnellt diese Hoch und bleibt dann selbst wenn keine Programme mehr laufen zwischen 60 und 100%. Hijackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:01:24, on 09.11.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\Windows\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE D:\Programme\Java\jre6\bin\jqs.exe D:\WINDOWS\Explorer.EXE D:\Programme\CDBurnerXP\NMSAccessU.exe D:\WINDOWS\system32\nvsvc32.exe D:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe D:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe D:\WINDOWS\system32\svchost.exe D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE D:\WINDOWS\system32\SearchIndexer.exe D:\Programme\Synaptics\SynTP\SynTPEnh.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\PROGRA~1\LAUNCH~1\LManager.exe D:\WINDOWS\system32\ctfmon.exe D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\Programme\WinTV\WinTV7\WinTVTray.exe D:\WINDOWS\system32\wbem\unsecapp.exe D:\Programme\Trend Micro\HijackThis\HijackThis.exe D:\Programme\Windows Media Player\wmplayer.exe D:\Programme\Telekom Austria\Connectionmanager\Connectionmanager.exe D:\Programme\Mozilla Firefox\firefox.exe D:\WINDOWS\system32\mspaint.exe D:\WINDOWS\system32\SearchProtocolHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66016 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66016 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66016 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66016 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66016 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Apoint] D:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [SynTPEnh] D:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [amd_dc_opt] D:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [AVP] "D:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LManager] D:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Programme\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "D:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MySpaceIM] D:\Programme\MySpace\IM\MySpaceIM.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Global Startup: AutorunsDisabled O4 - Global Startup: WinTV Recording Status..lnk = D:\Programme\WinTV\WinTV7\WinTVTray.exe O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220808702752 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254497466312 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9ABDDF93-E279-486E-BBFB-D122EAE5B073}: NameServer = 195.3.96.67 213.33.98.136 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - D:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Unknown owner - D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - D:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - D:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: Pml Driver HPZ12 - HP - D:\Windows\system32\HPZipm12.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 8130 bytes bmwGTR |
|
11.11.2009, 13:07
| #2 |
| | Hohe CPU Auslastung Als Nachtrag das Ergebniss von RIST:
__________________info.txt: Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2009-11-11 13:02:37
======Uninstall list======
-->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Acer Crystal Eye-->D:\Programme\InstallShield Installation Information\{4BB1DCED-84D3-47F9-B718-5947E904593E}\setup.exe -runfromtemp -l0x0007 -removeonly
Adobe Download Manager-->"D:\WINDOWS\system32\rundll32.exe" "D:\Programme\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001}
Adobe Shockwave Player 11.5-->"D:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
ALPS Touch Pad Driver-->D:\Programme\Apoint2K\Uninstap.exe ADDREMOVE
AMD Processor Driver-->D:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0007 -removeonly
aonUpdate-->"D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{DEC678D1-B2BE-43DD-B123-21503011D8C9}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
aonUpdate-->D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{DEC678D1-B2BE-43DD-B123-21503011D8C9}\Setup.exe
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros for Acer Driver 5.3.0.56_Foxconn Installation Program-->D:\Programme\InstallShield Installation Information\{F70D5D8C-C1AF-40B3-9E47-3BB5F19EEA3A}\setup.exe -runfromtemp -l0x0009 -removeonly
Avanquest update-->"D:\Programme\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
CCleaner-->"D:\Programme\CCleaner\uninst.exe"
CDBurnerXP-->"D:\Programme\CDBurnerXP\unins000.exe"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->D:\WINDOWS\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)-->D:\WINDOWS\SQLTools9_KB970892_ENU\Hotfix.exe /Uninstall
Hauppauge WinTV 7-->D:\PROGRA~1\INSTAL~1\UNWISE32.EXE D:\PROGRA~1\WinTV\WinTV7\WinTV7.LOG
Highspeed-Internet-Installation-->"D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{020929D2-16D8-46F4-BC83-F11B82E6A72B}\Breitband-Internet-Installation.exe" REMOVE=TRUE MODIFY=FALSE
Highspeed-Internet-Installation-->D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{020929D2-16D8-46F4-BC83-F11B82E6A72B}\Breitband-Internet-Installation.exe
HijackThis 2.0.2-->"D:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Foto- und Bildbearbeitung 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series-->D:\Programme\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber -->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
K-Lite Codec Pack 5.4.0 (Corporate)-->"D:\Programme\K-Lite Codec Pack\unins000.exe"
Launch Manager-->D:\WINDOWS\UnInst32.exe LManager.UNI
Mathcad 2001 Professional-->MsiExec.exe /X{31A38B62-9168-4052-920A-F1405F43FEA8}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->D:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->D:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005 Language Pack - DEU-->D:\Programme\Gemeinsame Dateien\Microsoft Shared\Help 8\Microsoft Document Explorer 2005 Language Pack - DEU\install.exe
Microsoft Document Explorer 2005 Language Pack - DEU-->MsiExec.exe /X{4B6E1EA9-4704-4750-868A-AEB398168DA6}
Microsoft Document Explorer 2005-->D:\Programme\Gemeinsame Dateien\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Internationalized Domain Names Mitigation APIs-->"D:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"D:\Windows\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"D:\Windows\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"d:\Programme\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual J# 2.0 Redistributable Package-->D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)-->D:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Microsoft Visual Studio 2005 Professional Edition - ENU-->D:\Programme\Microsoft Visual Studio 2005\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket-->"D:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Mobiles Internet für unterwegs-->"D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A3A8CD8B-0C54-4DA7-9845-1DDD4A2C5412}\CM.exe" REMOVE=TRUE MODIFY=FALSE
Mobiles Internet für unterwegs-->D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A3A8CD8B-0C54-4DA7-9845-1DDD4A2C5412}\CM.exe
Mozilla Firefox (3.5.5)-->D:\Programme\Mozilla Firefox\uninstall\helper.exe
MSDN Library for Visual Studio 2005 - German-->MsiExec.exe /X{1DA750F9-797D-469C-A45C-215E656D7307}
MSDN Library für Visual Studio 2005 - Deutsch-->msiexec /i {1DA750F9-797D-469C-A45C-215E656D7307}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MySpaceIM-->D:\Programme\MySpace\IM\Uninstall.exe
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->D:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RunDll32 D:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 D:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Programme\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x7 anything
Runtime 8.0 Libraries-->MsiExec.exe /I{EA4FA30B-7321-4428-90E9-28B088EC8DC9}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)-->D:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971090)-->D:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {BECB938C-6BC2-48C6-A0A6-4B61E85F584C} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673)-->D:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {964C8238-245C-4475-BB6E-D19D2C1220F2} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"D:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"D:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"D:\Windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"D:\Windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"D:\Windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"D:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"D:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"D:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"D:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"D:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"D:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->D:\WINDOWS\system32\MacroMed\Flash\genuinst.exe D:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB969947)-->"D:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sony Ericsson PC Suite 6.009.00-->"D:\Programme\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Synaptics Pointing Device Driver-->rundll32.exe "D:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->D:\Programme\SystemRequirementsLab\Uninstall.exe
Uninstall 1.0.0.1-->"D:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows Internet Explorer 8 (KB968220)-->"D:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB969497)-->"D:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB971180)-->"D:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB971930)-->"D:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB972636)-->"D:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB973874)-->"D:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB975364)-->"D:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976749)-->"D:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update Service-->D:\Programme\Sony Ericsson\Update Service\uninst.exe
VLC media player 1.0.3-->D:\Programme\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 8-->"D:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->D:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live ID-Anmelde-Assistent-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"D:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"D:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"D:\Windows\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"D:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
WinRAR-->D:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"D:\Windows\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
======Security center information======
AV: Kaspersky Internet Security
FW: Kaspersky Internet Security
======System event log======
Computer Name: 3BDV-JANSEL-DAV
Event Code: 26
Message: Anwendungspopup: : Machine Check:
Record Number: 5
Source Name: Application Popup
Time Written: 20091022091657.000000+120
Event Type: Informationen
User:
Computer Name: 3BDV-JANSEL-DAV
Event Code: 26
Message: Anwendungspopup: : Machine Check: Regs
Record Number: 4
Source Name: Application Popup
Time Written: 20091022091657.000000+120
Event Type: Informationen
User:
Computer Name: 3BDV-JANSEL-DAV
Event Code: 26
Message: Anwendungspopup: : Machine Check:
Record Number: 3
Source Name: Application Popup
Time Written: 20091022091657.000000+120
Event Type: Informationen
User:
Computer Name: 3BDV-JANSEL-DAV
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.
Record Number: 2
Source Name: EventLog
Time Written: 20091022091637.000000+120
Event Type: Informationen
User:
Computer Name: 3BDV-JANSEL-DAV
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.
Record Number: 1
Source Name: EventLog
Time Written: 20091022091637.000000+120
Event Type: Informationen
User:
=====Application event log=====
Computer Name: 3BDV-JANSEL-DAV
Event Code: 26018
Message: A self-generated certificate was successfully loaded for encryption.
Record Number: 34561
Source Name: MSSQL$SQLEXPRESS
Time Written: 20091022091306.000000+120
Event Type: Informationen
User:
Computer Name: 3BDV-JANSEL-DAV
Event Code: 17137
Message: Starting up database 'msdb'.
Record Number: 34560
Source Name: MSSQL$SQLEXPRESS
Time Written: 20091022091305.000000+120
Event Type: Informationen
User:
Computer Name: 3BDV-JANSEL-DAV
Event Code: 17663
Message: Server name is '3BDV-JANSEL-DAV\SQLEXPRESS'. This is an informational message only. No user action is required.
Record Number: 34559
Source Name: MSSQL$SQLEXPRESS
Time Written: 20091022091305.000000+120
Event Type: Informationen
User:
Computer Name: 3BDV-JANSEL-DAV
Event Code: 17137
Message: Starting up database 'model'.
Record Number: 34558
Source Name: MSSQL$SQLEXPRESS
Time Written: 20091022091305.000000+120
Event Type: Informationen
User:
Computer Name: 3BDV-JANSEL-DAV
Event Code: 958
Message: The resource database build version is 9.00.4035. This is an informational message only. No user action is required.
Record Number: 34557
Source Name: MSSQL$SQLEXPRESS
Time Written: 20091022091302.000000+120
Event Type: Informationen
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Devmgr_show_details"=1
"Devmgr_show_nonpresent_devices"=1
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;D:\Windows\system32;D:\Windows;D:\Windows\System32\Wbem;D:\Programme\Microsoft SQL Server\90\Tools\binn\;D:\Programme\Gemeinsame Dateien\Teleca Shared;D:\WINDOWS\system32\WindowsPowerShell\v1.0;D:\Programme\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=4802
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VS80COMNTOOLS"=D:\Programme\Microsoft Visual Studio 2005\Common7\Tools\
"windir"=%SystemRoot%
"CLASSPATH"=.;D:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=D:\Programme\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
mfg bmwGTR Geändert von bmwGTR (11.11.2009 um 13:21 Uhr) |
|
11.11.2009, 14:43
| #3 |
| | Hohe CPU Auslastung Hier das Logfile von Malware Bytes:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3145
Windows 5.1.2600 Service Pack 3
11.11.2009 14:42:28
mbam-log-2009-11-11 (14-42-28).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 216023
Laufzeit: 52 minute(s), 59 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
D:\Programme\Cryptload\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{1DD462D9-E300-49EA-92EA-512B24216D63}\RP443\A0101937.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
bmwGTR |
|
| Themen zu Hohe CPU Auslastung |
| adobe, ausgelastet, auslastung, avp, avp.exe, bho, cdburnerxp, computer, cpu, excel, explorer, firefox, gservice, hkus\s-1-5-18, hohe cpu, hohe cpu auslastung, internet, internet explorer, internet security, kaspersky, keine programme, launch, logfile, mozilla, nvidia, object, plug-in, programm, rundll, schutz, security, skype.exe, software, system, windows, windows xp |
Linear-Darstellung
