| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: CPU-Auslastung permanent zu hochWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
09.02.2013, 21:41
| #1 |
| |  CPU-Auslastung permanent zu hoch Hallo liebes Board, ich habe folgendes Problem, seit einiger Zeit kann ich mir keine videos etc. mehr im Internet angucken da sie nur am haken sind! Wenn ich den Taskmanager starte sehe ich das meine Cpu-Auslastung permanent an die 100% geht...nun habe ich aber keine weiteren Programme oder ähnliches im Hintergrund laufen, sondern nur das Internet. Habe mich im Vorfeld schonmal informiert und es könnte nun gut möglich sein das ich mir einen Trojaner oder ähnliches eingefangen habe. Avira findet nichts beim suchscan und Avast (was ich vorher hatte) erkannte auch nichts. Ich hoffe ihr könnt mir weiterhelfen! zu den wichtigsten Daten (sollte etwas fehlen nur bescheid geben): -Win7 -Firefox als Browser -Avira als AntiVir-Programm Geändert von Hundert30 (09.02.2013 um 21:46 Uhr) Grund: Schreibfehler |
|
11.02.2013, 12:33
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  CPU-Auslastung permanent zu hoch Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
|
11.02.2013, 21:36
| #3 |
| | CPU-Auslastung permanent zu hoch otl-scan:
__________________Code:
ATTFilter OTL Extras logfile created on: 11.02.2013 21:15:15 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georg\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,21% Memory free
4,00 Gb Paging File | 2,45 Gb Available in Paging File | 61,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 189,91 Gb Total Space | 78,43 Gb Free Space | 41,30% Space Free | Partition Type: NTFS
Drive D: | 327,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-65504206-4180296385-2226514737-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035D7C1E-A5A1-40C8-AAA2-F68F459DF39F}" = lport=57207 | protocol=17 | dir=in | name=pando media booster |
"{0D9B67B4-A905-432D-9A87-4440488B5466}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2734ED66-6468-461D-B35A-A4654FD48A44}" = lport=57207 | protocol=6 | dir=in | name=pando media booster |
"{349CD5D6-EC51-4532-B6B1-22CFE27FE984}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3665AA15-41D7-4BC1-A4CF-8A3C87DC5AB8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3F939087-ADE6-45C4-8EE5-8297EBBB7DDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45735374-2A5E-4023-B3D0-A99B2A3DF129}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6B6801ED-4120-4723-BD97-DFF02DD6D0C8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{75CE0198-6CD8-42E8-8DB1-791DCD7C9F30}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F935322-EEFE-464E-B6F1-88B2E088146C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92749F3C-6E68-478B-9954-5D2B800D73D2}" = lport=57207 | protocol=6 | dir=in | name=pando media booster |
"{AB8BF256-BFF6-4A19-B54D-EC2119EACECC}" = lport=57207 | protocol=17 | dir=in | name=pando media booster |
"{EB23F873-DBAF-4258-B373-EA76CFB1F1BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC153BF0-D2AA-4C3D-9F53-4F727156E701}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066F8923-EF9B-4C37-B260-9E0FE61B3173}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1BAA401D-8298-4575-AEF0-B843C8576F2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2942D4B9-197A-457A-9A47-7A8C247D4801}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2A7BFB2C-7E01-4D2E-9EFD-54EED3E25704}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2C0B3E7B-9B77-4094-AB77-C9AEB5620075}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5BDABA81-518B-4FCF-A8AC-39E765BB5F25}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F59C567-8E28-4AD7-8B78-9DAABB1C12ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{763EBB1F-4932-4C68-9D33-E9D3D74D7252}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EDE31CA-9B2B-443F-8C59-A74559AB778C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7FF5188C-3244-4E64-BA78-598AE3A1DCBA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{84428B10-E4E0-47CD-BF57-5FF2ADC3423D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A703BED1-E980-484F-82F9-ACB22C951E50}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A9C77FBC-A28E-4A69-ACEB-5B402394E002}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE413816-1BE0-40CF-B406-67D68169AC6F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C586AFEC-7C17-4178-9156-25ED1F38EB09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C90E3FCD-E625-4C31-8AD4-13EA3E9445AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE4E4DDF-151B-4C94-B953-78272CC37C09}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7F4AA29-00CD-49CC-A6D0-3BA6B40F0312}" = protocol=6 | dir=out | app=system |
"{D93E131B-2D21-4CFD-B839-3BBA529AA98D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DE99C6BB-40F9-4DE4-86B4-2A230EE428EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9E86D2C-9BF4-4213-8A42-9819A97FF534}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FF87DEF6-1962-4B64-A6F0-00AF0D7469C6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{239ECFAE-777B-4CC8-9386-E9EFC1D3E920}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{34FFBDE5-8780-4FDB-8B3A-66ABA050E12D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{056ECC50-D337-49C9-B351-4B159053B245}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{4B57EE4D-E24C-45B4-BB16-0A09F0F9B766}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Age of Empires 2.0" = Microsoft Age of Empires II
"Any Video Converter_is1" = Any Video Converter 3.4.0
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Crossfire Europe" = Crossfire Europe
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Studio_is1" = Free Studio version 5.9.0.1212
"Free YouTube Download_is1" = Free YouTube Download version 3.0.14.908
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoScape" = PhotoScape
"Security Task Manager" = Security Task Manager 1.8d
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.01.2013 11:07:24 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire
europe\Aegis64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.01.2013 11:09:41 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 27.01.2013 08:21:32 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire
europe\Aegis64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 27.01.2013 08:23:57 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 29.01.2013 10:19:59 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire
europe\Aegis64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 29.01.2013 10:22:42 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 03.02.2013 05:40:49 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire
europe\Aegis64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.02.2013 05:44:02 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 08.02.2013 10:47:04 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire
europe\Aegis64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 08.02.2013 10:49:30 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ OSession Events ]
Error - 10.11.2012 11:34:01 | Computer Name = Georg-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 08.02.2013 19:54:51 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Google Update-Dienst (gupdate) erreicht.
Error - 08.02.2013 19:54:51 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 09.02.2013 07:02:29 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.
Error - 09.02.2013 09:01:02 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Dnscache erreicht.
Error - 09.02.2013 11:15:12 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Dnscache erreicht.
Error - 09.02.2013 11:15:16 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Google Update-Dienst (gupdate) erreicht.
Error - 09.02.2013 11:15:16 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 09.02.2013 14:17:56 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 10.02.2013 11:29:21 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 11.02.2013 14:36:41 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.
< End of report >
|
|
11.02.2013, 22:12
| #4 |
| | CPU-Auslastung permanent zu hoch zweiter logfile ist leider zu groß um ihn so zu posten demnach muss ich leider ne datei uploaden! |
|
11.02.2013, 23:55
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | CPU-Auslastung permanent zu hoch Irgendwas ging da schief. Bitte OTL neu machen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.02.2013, 19:53
| #6 |
| | CPU-Auslastung permanent zu hoch otl-log1: Code:
ATTFilter OTL Extras logfile created on: 12.02.2013 19:29:42 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georg\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 54,88% Memory free
4,00 Gb Paging File | 2,40 Gb Available in Paging File | 60,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 189,91 Gb Total Space | 78,07 Gb Free Space | 41,11% Space Free | Partition Type: NTFS
Drive D: | 327,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-65504206-4180296385-2226514737-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035D7C1E-A5A1-40C8-AAA2-F68F459DF39F}" = lport=57207 | protocol=17 | dir=in | name=pando media booster |
"{0D9B67B4-A905-432D-9A87-4440488B5466}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2734ED66-6468-461D-B35A-A4654FD48A44}" = lport=57207 | protocol=6 | dir=in | name=pando media booster |
"{349CD5D6-EC51-4532-B6B1-22CFE27FE984}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3665AA15-41D7-4BC1-A4CF-8A3C87DC5AB8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3F939087-ADE6-45C4-8EE5-8297EBBB7DDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45735374-2A5E-4023-B3D0-A99B2A3DF129}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6B6801ED-4120-4723-BD97-DFF02DD6D0C8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{75CE0198-6CD8-42E8-8DB1-791DCD7C9F30}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F935322-EEFE-464E-B6F1-88B2E088146C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92749F3C-6E68-478B-9954-5D2B800D73D2}" = lport=57207 | protocol=6 | dir=in | name=pando media booster |
"{AB8BF256-BFF6-4A19-B54D-EC2119EACECC}" = lport=57207 | protocol=17 | dir=in | name=pando media booster |
"{EB23F873-DBAF-4258-B373-EA76CFB1F1BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC153BF0-D2AA-4C3D-9F53-4F727156E701}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066F8923-EF9B-4C37-B260-9E0FE61B3173}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1BAA401D-8298-4575-AEF0-B843C8576F2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2942D4B9-197A-457A-9A47-7A8C247D4801}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2A7BFB2C-7E01-4D2E-9EFD-54EED3E25704}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2C0B3E7B-9B77-4094-AB77-C9AEB5620075}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5BDABA81-518B-4FCF-A8AC-39E765BB5F25}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F59C567-8E28-4AD7-8B78-9DAABB1C12ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{763EBB1F-4932-4C68-9D33-E9D3D74D7252}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EDE31CA-9B2B-443F-8C59-A74559AB778C}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7FF5188C-3244-4E64-BA78-598AE3A1DCBA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{84428B10-E4E0-47CD-BF57-5FF2ADC3423D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A703BED1-E980-484F-82F9-ACB22C951E50}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A9C77FBC-A28E-4A69-ACEB-5B402394E002}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE413816-1BE0-40CF-B406-67D68169AC6F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C586AFEC-7C17-4178-9156-25ED1F38EB09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C90E3FCD-E625-4C31-8AD4-13EA3E9445AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE4E4DDF-151B-4C94-B953-78272CC37C09}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7F4AA29-00CD-49CC-A6D0-3BA6B40F0312}" = protocol=6 | dir=out | app=system |
"{D93E131B-2D21-4CFD-B839-3BBA529AA98D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DE99C6BB-40F9-4DE4-86B4-2A230EE428EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9E86D2C-9BF4-4213-8A42-9819A97FF534}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FF87DEF6-1962-4B64-A6F0-00AF0D7469C6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{239ECFAE-777B-4CC8-9386-E9EFC1D3E920}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{34FFBDE5-8780-4FDB-8B3A-66ABA050E12D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{056ECC50-D337-49C9-B351-4B159053B245}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{4B57EE4D-E24C-45B4-BB16-0A09F0F9B766}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Age of Empires 2.0" = Microsoft Age of Empires II
"Any Video Converter_is1" = Any Video Converter 3.4.0
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Crossfire Europe" = Crossfire Europe
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Studio_is1" = Free Studio version 5.9.0.1212
"Free YouTube Download_is1" = Free YouTube Download version 3.0.14.908
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoScape" = PhotoScape
"Security Task Manager" = Security Task Manager 1.8d
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.01.2013 11:07:24 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire
europe\Aegis64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 24.01.2013 11:09:41 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 27.01.2013 08:21:32 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire
europe\Aegis64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 27.01.2013 08:23:57 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 29.01.2013 10:19:59 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire
europe\Aegis64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 29.01.2013 10:22:42 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 03.02.2013 05:40:49 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire
europe\Aegis64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.02.2013 05:44:02 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 08.02.2013 10:47:04 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\sg interactive\crossfire
europe\Aegis64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 08.02.2013 10:49:30 | Computer Name = Georg-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ OSession Events ]
Error - 10.11.2012 11:34:01 | Computer Name = Georg-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 09.02.2013 07:02:29 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.
Error - 09.02.2013 09:01:02 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Dnscache erreicht.
Error - 09.02.2013 11:15:12 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Dnscache erreicht.
Error - 09.02.2013 11:15:16 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Google Update-Dienst (gupdate) erreicht.
Error - 09.02.2013 11:15:16 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 09.02.2013 14:17:56 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 10.02.2013 11:29:21 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 11.02.2013 14:36:41 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.
Error - 12.02.2013 14:19:18 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.
Error - 12.02.2013 14:19:49 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Dnscache erreicht.
< End of report >
|
|
13.02.2013, 09:20
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | CPU-Auslastung permanent zu hoch Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.02.2013, 19:52
| #8 |
| | CPU-Auslastung permanent zu hochCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.13.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Georg :: GEORG-PC [administrator]
13.02.2013 19:51:11
mbar-log-2013-02-13 (19-51-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26304
Time elapsed: 12 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
14.02.2013, 11:06
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | CPU-Auslastung permanent zu hoch Was ist mit GMER?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2013, 20:25
| #10 |
| | CPU-Auslastung permanent zu hoch GMER: Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-14 20:21:57
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5 Maxtor_6B200M0 rev.BANC1B70 189,92GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Georg\AppData\Local\Temp\fgloqpob.sys
---- System - GMER 2.0 ----
SSDT 8E516846 ZwCreateSection
SSDT 8E516850 ZwRequestWaitReplyPort
SSDT 8E51684B ZwSetContextThread
SSDT 8E516855 ZwSetSecurityObject
SSDT 8E51685A ZwSystemDebugControl
SSDT 8E5167E7 ZwTerminateProcess
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A3F9E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A791C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82A8030C 4 Bytes [46, 68, 51, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82A80668 4 Bytes [50, 68, 51, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82A806AC 4 Bytes [4B, 68, 51, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82A80728 4 Bytes [55, 68, 51, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82A8077C 4 Bytes [5A, 68, 51, 8E]
.text ...
? System32\Drivers\spwj.sys Das System kann den angegebenen Pfad nicht finden. !
PAGE ataport.SYS!DllUnload + 1 88CEDAD7 4 Bytes JMP 84A731D9
.text USBPORT.SYS!DllUnload 8D843DB9 5 Bytes JMP 85C341D8
.text ae980za4.SYS 8FD7A000 12 Bytes [44, 98, E1, 82, EE, 96, E1, ...]
.text ae980za4.SYS 8FD7A00D 9 Bytes [77, E1, 82, 48, 9B, E1, 82, ...] {JA 0xffffffe3; OR BYTE [EAX-0x65], 0xe1; ADD BYTE [EAX], 0x0}
.text ae980za4.SYS 8FD7A017 170 Bytes [00, DE, C7, B1, 88, E6, C5, ...]
.text ae980za4.SYS 8FD7A0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ae980za4.SYS 8FD7A0CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text ad1ydun9.SYS 8FDB1000 12 Bytes [44, 98, E1, 82, EE, 96, E1, ...]
.text ad1ydun9.SYS 8FDB100D 9 Bytes [77, E1, 82, 48, 9B, E1, 82, ...] {JA 0xffffffe3; OR BYTE [EAX-0x65], 0xe1; ADD BYTE [EAX], 0x0}
.text ad1ydun9.SYS 8FDB1017 170 Bytes [00, DE, C7, B1, 88, E6, C5, ...]
.text ad1ydun9.SYS 8FDB10C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ad1ydun9.SYS 8FDB10CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtCreateFile + 6 774A55CE 4 Bytes [28, 90, D9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtCreateFile + B 774A55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtMapViewOfSection + 6 774A5C2E 4 Bytes [28, 93, D9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtMapViewOfSection + B 774A5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenFile + 6 774A5CDE 4 Bytes [68, 90, D9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenFile + B 774A5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcess + 6 774A5D8E 4 Bytes [A8, 91, D9, 00] {TEST AL, 0x91; FLD DWORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcess + B 774A5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcessToken + B 774A5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcessTokenEx + 6 774A5DAE 4 Bytes [A8, 92, D9, 00] {TEST AL, 0x92; FLD DWORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenProcessTokenEx + B 774A5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThread + 6 774A5E0E 4 Bytes [68, 91, D9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThread + B 774A5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThreadToken + 6 774A5E1E 4 Bytes [68, 92, D9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThreadToken + B 774A5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtOpenThreadTokenEx + B 774A5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtQueryAttributesFile + 6 774A5F3E 4 Bytes [A8, 90, D9, 00] {TEST AL, 0x90; FLD DWORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtQueryAttributesFile + B 774A5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtQueryFullAttributesFile + B 774A5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtSetInformationFile + 6 774A663E 4 Bytes [28, 91, D9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtSetInformationFile + B 774A6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtSetInformationThread + 6 774A669E 4 Bytes [28, 92, D9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtSetInformationThread + B 774A66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtUnmapViewOfSection + 6 774A69BE 4 Bytes [68, 93, D9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2756] ntdll.dll!NtUnmapViewOfSection + B 774A69C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtCreateFile + 6 774A55CE 4 Bytes [28, 58, 0F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtCreateFile + B 774A55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtMapViewOfSection + 6 774A5C2E 4 Bytes [28, 5B, 0F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtMapViewOfSection + B 774A5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenFile + 6 774A5CDE 4 Bytes [68, 58, 0F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenFile + B 774A5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcess + 6 774A5D8E 4 Bytes [A8, 59, 0F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcess + B 774A5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcessToken + 6 774A5D9E 4 Bytes CALL 764A6CFC C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcessToken + B 774A5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcessTokenEx + 6 774A5DAE 4 Bytes [A8, 5A, 0F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenProcessTokenEx + B 774A5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThread + 6 774A5E0E 4 Bytes [68, 59, 0F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThread + B 774A5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThreadToken + 6 774A5E1E 4 Bytes [68, 5A, 0F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThreadToken + B 774A5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThreadTokenEx + 6 774A5E2E 4 Bytes CALL 764A6D8D C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtOpenThreadTokenEx + B 774A5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtQueryAttributesFile + 6 774A5F3E 4 Bytes [A8, 58, 0F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtQueryAttributesFile + B 774A5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtQueryFullAttributesFile + 6 774A5FEE 4 Bytes CALL 764A6F4B C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtQueryFullAttributesFile + B 774A5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtSetInformationFile + 6 774A663E 4 Bytes [28, 59, 0F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtSetInformationFile + B 774A6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtSetInformationThread + 6 774A669E 4 Bytes [28, 5A, 0F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtSetInformationThread + B 774A66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtUnmapViewOfSection + 6 774A69BE 4 Bytes [68, 5B, 0F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!NtUnmapViewOfSection + B 774A69C3 1 Byte [E2]
---- Kernel IAT/EAT - GMER 2.0 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88A20042] \SystemRoot\System32\Drivers\spwj.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88A206D6] \SystemRoot\System32\Drivers\spwj.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88A20800] \SystemRoot\System32\Drivers\spwj.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88A2013E] \SystemRoot\System32\Drivers\spwj.sys
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortNotification] 000003E3
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortQuerySystemTime] 8B24568B
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortReadPortUchar] 50522046
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortStallExecution] FFED23E8
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortWritePortUchar] 08C483FF
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortWritePortUlong] 0874FF85
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortGetPhysicalAddress] FF53006A
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 08C483D7
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortGetScatterGatherList] 81107D8B
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortGetParentBusType] 0003E5FF
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortRequestCallback] 0F840F00
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 81000001
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0003E3FF
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortCompleteRequest] EC840F00
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortCopyMemory] 8B000000
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortEtwTraceLog] 0001F88E
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] FC8E0B00
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0F000001
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 0000DA84
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortReadPortBufferUshort] ECF2E800
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortInitialize] [8E8BFFFF] \SystemRoot\system32\drivers\RTKVAC.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.)
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortGetDeviceBase] 000001F8
IAT \SystemRoot\System32\Drivers\ae980za4.SYS[ataport.SYS!AtaPortDeviceStateChange] 01E08E01
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\ad1ydun9.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
---- User IAT/EAT - GMER 2.0 ----
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2316] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [754FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [754FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [754FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2316] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [754FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2316] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [754FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2316] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [754FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2316] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [754FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA0 0xC4 0x1E 0xCA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x31 0x10 0x99 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF5 0xEA 0x7D 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA2 0x1F 0xDA 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA0 0xC4 0x1E 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x31 0x10 0x99 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF5 0xEA 0x7D 0x19 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x53 0xF9 0xFB 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
---- EOF - GMER 2.0 ----
|
|
15.02.2013, 10:48
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | CPU-Auslastung permanent zu hoch aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu CPU-Auslastung permanent zu hoch |
| 100%, avast, board, cpu-auslastung, daten, eingefangen, fehlen, folge, folgendes, hintergrund, hoffe, interne, internet, laufen, nichts, problem, programme, schonmal, starte, taskmanager, trojaner, videos, weiterhelfen, zu hoch, ähnliches |
Hybrid-Darstellung
