Jump to content

sebflex

Members
 View Profile  See their activity

  • Posts

    17

  • Joined

  • Last visited

Reputation

0 Neutral
  1. sebflex
    no
  2. sebflex
    Fixlog_13-07-2017 12.58.36.txt
  3. sebflex
    Here you go DESKTOP-PC1VFG6.zip
  4. sebflex
    I deleted the folder like you said in your previous post, but i can't see that the process returns in task manager. Like i said it comes back after restart, the process and the folder
  5. sebflex
    In this registry paths "WINMSUPDATE" was found...searched with a special registry search tool Find in registry.txt
  6. sebflex
    I get it after restart again, i think
  7. sebflex
    The files are getting generating again after reboot...<.<
  8. sebflex
    All in the same folder... Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/8/17 Scan Time: 10:42 AM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2317 License: Trial -System Information- OS: Windows 10 (Build 15063.447) CPU: x64 File System: NTFS User: DESKTOP-PC1VFG6\sebas -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 356648 Threats Detected: 13 Threats Quarantined: 13 Time Elapsed: 2 min, 44 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 1 RiskWare.BitCoinMiner, HKU\S-1-5-21-3152681954-642030058-311187522-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WinMSUpdate, Quarantined, [112], [412574],1.0.2317 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 RiskWare.BitCoinMiner, C:\USERS\SEBAS\APPDATA\ROAMING\WinMSUP, Quarantined, [112], [412574],1.0.2317 File: 11 RiskWare.BitCoinMiner, C:\Users\sebas\AppData\Roaming\WinMSUP\cpu_tromp_AVX.dll, Quarantined, [112], [412574],1.0.2317 RiskWare.BitCoinMiner, C:\Users\sebas\AppData\Roaming\WinMSUP\cpu_tromp_SSE2.dll, Quarantined, [112], [412574],1.0.2317 RiskWare.BitCoinMiner, C:\Users\sebas\AppData\Roaming\WinMSUP\cudart32_75.dll, Quarantined, [112], [412574],1.0.2317 RiskWare.BitCoinMiner, C:\Users\sebas\AppData\Roaming\WinMSUP\cudart32_80.dll, Quarantined, [112], [412574],1.0.2317 RiskWare.BitCoinMiner, C:\Users\sebas\AppData\Roaming\WinMSUP\cudart64_75.dll, Quarantined, [112], [412574],1.0.2317 RiskWare.BitCoinMiner, C:\Users\sebas\AppData\Roaming\WinMSUP\cudart64_80.dll, Quarantined, [112], [412574],1.0.2317 RiskWare.BitCoinMiner, C:\Users\sebas\AppData\Roaming\WinMSUP\cuda_djezo.dll, Quarantined, [112], [412574],1.0.2317 RiskWare.BitCoinMiner, C:\Users\sebas\AppData\Roaming\WinMSUP\cuda_tromp.dll, Quarantined, [112], [412574],1.0.2317 RiskWare.BitCoinMiner, C:\Users\sebas\AppData\Roaming\WinMSUP\cuda_tromp_75.dll, Quarantined, [112], [412574],1.0.2317 RiskWare.BitCoinMiner, C:\Users\sebas\AppData\Roaming\WinMSUP\WinMSUpdate.exe, Quarantined, [112], [412574],1.0.2317 RiskWare.BitCoinMiner, C:\Users\sebas\AppData\Roaming\WinMSUP\WinMSUpdater.exe, Quarantined, [112], [412574],1.0.2317 Physical Sector: 0 (No malicious items detected) (end)
  9. sebflex
    The big problem is, that the .exe will start again after restarting the pc... FRST_05-07-2017 15.39.46.txt Addition_05-07-2017 15.39.46.txt
  10. sebflex
    Came back
  11. sebflex
    Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-07-2017 durchgeführt von sebas (05-07-2017 14:42:27) Run:1 Gestartet von C:\Users\sebas\Downloads Geladene Profile: sebas (Verfügbare Profile: sebas) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-3152681954-642030058-311187522-1001\...\Run: [WinMSUpdate] => C:\Users\sebas\AppData\Roaming\WinMSUP\WinMSUpdater.exe [5120 2017-07-03] (Microsoft) HKU\S-1-5-21-3152681954-642030058-311187522-1001\...\StartupApproved\Run: => "WinMSUpdate" C:\Users\sebas\AppData\Roaming\WinMSUP EmptyTemp: ***************** Prozesse erfolgreich geschlossen. Wiederherstellungspunkt wurde erfolgreich erstellt. HKU\S-1-5-21-3152681954-642030058-311187522-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WinMSUpdate => Wert erfolgreich entfernt HKU\S-1-5-21-3152681954-642030058-311187522-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\WinMSUpdate => Wert erfolgreich entfernt HKU\S-1-5-21-3152681954-642030058-311187522-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinMSUpdate => Wert nicht gefunden. C:\Users\sebas\AppData\Roaming\WinMSUP => erfolgreich verschoben =========== EmptyTemp: ========== BITS transfer queue => 7888896 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 53496489 B Java, Flash, Steam htmlcache => 492 B Windows/system/drivers => 1345524 B Edge => 826 B Chrome => 24714502 B Firefox => 8600580 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile32 => 128 B LocalService => 0 B NetworkService => 3726 B sebas => 94019165 B RecycleBin => 0 B EmptyTemp: => 181.3 MB temporäre Dateien entfernt. ================================ Das System musste neu gestartet werden. ==== Ende von Fixlog 14:42:35 ====
  12. sebflex
    Addition_05-07-2017 14.30.10.txt FRST_05-07-2017 14.30.10.txt
  13. sebflex
    Yes
  14. sebflex
    Forget it, this support is 0/10
  15. sebflex
    No help?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.