|
Plagegeister aller Art und deren Bekämpfung: SysWOW64\Update_.exe trotz löschen bei Neustart wieder da und Autorun ebenfallsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.03.2015, 19:46 | #1 |
| SysWOW64\Update_.exe trotz löschen bei Neustart wieder da und Autorun ebenfalls Hi, ich habe 4 Dateien die darauf hinweisen das sie wohl möglich ein Virus sind. Wenn ich sie entferne sind sie beim Neustart wider da. Außerdem gibt es 2 Autoruns: "C:\Windows\SysWOW64\Start.vbs" "C:\Windows\SysWOW64\update_.exe" Wenn Windows startet bringt er die Fehlermeldung das Start.vbs nicht gefunden wird. Was damit zusammenhängt das sie nicht unter den 4 Dateien ist. Wenn ich die Autoruns deaktiviere bzw. lösche sind sie beim Neustart auch wieder da. Ich habe folgendes schon gemacht: TDSSKiller->RogueKiller->Malwarebytes Antimalwarebytes->AdwCleaner->KasperskyCleanup2015. Nach all den Durchläufen habe ich alles was als detected gekennzeichnet war gelöscht und den PC neugestartet trotzdem gleiches Problem wie oben beschrieben. Merken tue ich allgemein von den 4 Dateien aber nix also keine hohe CPU Auslastung oder schlechtes Internet usw. Hier ein Screenshot der Dateien: Und wenn jemand die 4 Dateien braucht hier sind sie in einer Zip verpackt(auf eigene Gefahr): https://mega.co.nz/#!rVEjjZbQ!OQ9Rx25OmTg1hYFjmPWDE8YxAmyObXJdTeDF6v5Sp3I |
04.03.2015, 19:47 | #2 |
/// the machine /// TB-Ausbilder | SysWOW64\Update_.exe trotz löschen bei Neustart wieder da und Autorun ebenfalls hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
04.03.2015, 20:40 | #3 |
| SysWOW64\Update_.exe trotz löschen bei Neustart wieder da und Autorun ebenfalls Addition:
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01 Ran by Thomas at 2015-03-04 20:30:26 Running from E:\Thomas\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.7.9.0 - ASUSTek COMPUTER INC.) ASUS GPU Tweak (x32 Version: 2.7.9.0 - ASUSTek COMPUTER INC.) Hidden Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth) Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios) Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: - ) Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version: - ) Canon MX340 series Benutzerregistrierung (HKLM-x32\...\Canon MX340 series Benutzerregistrierung) (Version: - ) Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - Canon Inc.) Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version: - FromSoftware, Inc) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Evolve (HKLM-x32\...\Steam App 273350) (Version: - Turtle Rock Studios) FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden H1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Sony Online Entertainment) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Livestreamer 1.11.1 (HKLM-x32\...\Livestreamer) (Version: - ) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Monaco (HKLM-x32\...\Steam App 113020) (Version: - Pocketwatch Games) Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla) Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla) Mozilla Thunderbird 31.5.0 (x86 de) (HKU\S-1-5-21-1030566271-2103650782-4024173496-1000\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software) RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.13004.105 - raidcall.com) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.78.1218.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.) Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios) Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics) Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - Firaxis Games) SpeedRunners (HKLM-x32\...\Steam App 207140) (Version: - DoubleDutch Games) Spotify (HKU\S-1-5-21-1030566271-2103650782-4024173496-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SteelSeries Engine 3.3.3 (HKLM\...\SteelSeries Engine 3) (Version: 3.3.3 - SteelSeries ApS) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - ) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN) WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 01-03-2015 04:25:36 BACKUP bevor ps, sony vegas 01-03-2015 04:54:50 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 01-03-2015 04:54:57 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 01-03-2015 04:55:11 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 01-03-2015 04:55:22 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 03-03-2015 02:46:27 DirectX wurde installiert ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-03-01 05:00 - 00007800 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {3A8564A1-53A5-4C5E-B2AD-2C711F26E755} - System32\Tasks\avast! Emergency Update => E:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-22] (AVAST Software) Task: {3F7ACE29-11FA-4595-88C6-7956563F4BCD} - System32\Tasks\CCleanerSkipUAC => E:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {6427DE8E-B6D5-4CF5-972E-576C30A851C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.) Task: {67C8FC38-AD3A-46BE-8FAF-382C0F22E173} - System32\Tasks\SamsungMagician => E:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.) Task: {9F229934-D651-4CD5-B5A7-F1FF343A9748} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe Task: {B7B4EFF9-7B80-46C9-AA26-AF94F4A19767} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-02-02 17:48 - 2015-02-02 17:48 - 17833984 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe 2015-01-03 18:28 - 2015-01-03 18:28 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\x2api.dll 2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe 2015-02-22 01:49 - 2015-02-22 01:49 - 00388208 _____ () E:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll 2015-02-22 01:49 - 2015-02-22 01:49 - 05851328 _____ () E:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll 2015-03-04 19:52 - 2015-03-04 19:52 - 02916352 _____ () E:\Program Files\AVAST Software\Avast\defs\15030403\algo.dll 2015-02-22 01:49 - 2015-02-22 01:49 - 04495336 _____ () E:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll 2015-02-22 02:41 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-02-22 02:41 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-02-22 02:41 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-02-22 02:41 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-02-22 02:41 - 2015-02-19 00:51 - 02360000 _____ () C:\Program Files (x86)\Steam\video.dll 2015-02-22 02:41 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-02-22 02:41 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-02-22 02:41 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-02-22 02:41 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-02-22 02:41 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-02-22 02:41 - 2015-02-19 00:51 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-02-22 01:49 - 2015-02-22 01:49 - 38562088 _____ () E:\Program Files\AVAST Software\Avast\libcef.dll 2015-02-22 02:41 - 2015-01-28 02:30 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2015-01-11 20:56 - 2015-01-11 20:56 - 00301568 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Vender.dll 2015-01-20 17:00 - 2015-01-20 17:00 - 00057344 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Exeio.dll 2015-02-22 00:33 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll 2015-02-22 00:33 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll 2015-02-22 00:33 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1030566271-2103650782-4024173496-1000\Control Panel\Desktop\\Wallpaper -> E:\Thomas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Speed Launcher => 1425052406 MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon ==================== Accounts: ============================= Administrator (S-1-5-21-1030566271-2103650782-4024173496-500 - Administrator - Disabled) Gast (S-1-5-21-1030566271-2103650782-4024173496-501 - Limited - Disabled) Thomas (S-1-5-21-1030566271-2103650782-4024173496-1000 - Administrator - Enabled) => E:\Thomas ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/04/2015 08:08:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (03/04/2015 08:08:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "GhFlt" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (03/04/2015 08:08:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz Percentage of memory in use: 25% Total physical RAM: 8120.46 MB Available physical RAM: 6021.12 MB Total Pagefile: 16239.11 MB Available Pagefile: 13640.08 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.57 GB) (Free:60.85 GB) NTFS Drive e: (Volume) (Fixed) (Total:1863.01 GB) (Free:1668.08 GB) NTFS Drive f: (Volume) (Fixed) (Total:931.51 GB) (Free:930.23 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 23273AD3) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 111.8 GB) (Disk ID: CE3D14D2) Partition: GPT Partition Type. ======================================================== Disk: 2 (Size: 931.5 GB) (Disk ID: 886262F2) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Hier die FRST.txt die ist zu lang fürs Forum daher Pastebin: hxxp://pastebin.com/s0fA07kZ Andere Scans die ich im nachhinein gemacht habe. Malwarescan eine Datei hat angeschlagen: hxxp://virusscan.jotti.org/de/scanresult/5c8cd24059c8ae08f36918bc2048341b31af77bd Und Virustotal da hat die Update_CPU.exe angeschlagen: https://www.virustotal.com/en/file/6ab6594bf3866f106c49dc08b06bce36c1a3d01dd38f9f9098f6d8b745a7756c/analysis/1425498887/ Geändert von jailjail (04.03.2015 um 21:07 Uhr) |
05.03.2015, 07:23 | #4 |
/// the machine /// TB-Ausbilder | SysWOW64\Update_.exe trotz löschen bei Neustart wieder da und Autorun ebenfalls Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu SysWOW64\Update_.exe trotz löschen bei Neustart wieder da und Autorun ebenfalls |
auslastung, autorun, autoruns, c:\windows, cpu, cpu auslastung, dateien, detected, fehlermeldung, folge, gelöscht, hohe, hohe cpu, hängt, internet, löschen, malwarebytes, neustart, problem, screenshot, sp3, startet, trotz, update, virus, windows |