Jump to content

Rjd2

Members
  • Content Count

    4
  • Joined

  • Last visited

About Rjd2

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Not yet. But I think it might come back. I ran FRST before I posted here also and still after the restart I got the security warning of malwarebytes. Maybe the 2nd time running FRST helped. If not I will reply to this thread, okay? Thank you for your support!
  2. Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01 durchgeführt von grziw (01-06-2018 19:14:57) Run:2 Gestartet von G:\Downloads Geladene Profile: grziw & (Verfügbare Profile: grziw) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** CloseProcesses: CreateRestorePoint: HKLM\...\Run: [diskdriver] => C:\WINDOWS\system32\diskdriver.exe [2069504 2018-06-01] (Microsoft Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG S2 WinDefendSecurity; C:\WINDOWS\system32\windfn.exe [2218496 2018-05-28] (Microsoft Corporation) [Datei ist nicht signiert] S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X] Task: {687B0E30-1A96-4A3D-ABB9-BB0878CB1BA5} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG AlternateDataStreams: C:\Users\Public\AppData:CSM [472] HKU\S-1-5-21-1589878200-2074267544-266894676-1001\Software\Classes\regfile: regedit.exe "%1" <==== ACHTUNG HKLM\...\StartupApproved\Run: => "diskdriver" C:\WINDOWS\system32\diskdriver.exe C:\WINDOWS\system32\windfn.exe C:\WINDOWS\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B C:\WINDOWS\system32\setup4.2.6.tmp C:\WINDOWS\system32\Drivers\6873241A.sys C:\WINDOWS\system32\Drivers\33241540.sys EmptyTemp: ***************** Prozesse erfolgreich geschlossen. Fehler: (0) Erstellen eines Wiederherstellungspunktes gescheitert. "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\diskdriver" => nicht gefunden "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => erfolgreich entfernt "HKLM\System\CurrentControlSet\Services\WinDefendSecurity" => erfolgreich entfernt WinDefendSecurity => Dienst erfolgreich entfernt "HKLM\System\CurrentControlSet\Services\cpuz145" => erfolgreich entfernt cpuz145 => Dienst erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{687B0E30-1A96-4A3D-ABB9-BB0878CB1BA5}" => erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{687B0E30-1A96-4A3D-ABB9-BB0878CB1BA5}" => erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => nicht gefunden C:\Users\Public\AppData => ":CSM" ADS erfolgreich entfernt "HKU\S-1-5-21-1589878200-2074267544-266894676-1001\Software\Classes\regfile" => erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\diskdriver" => erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\diskdriver" => nicht gefunden "C:\WINDOWS\system32\diskdriver.exe" => nicht gefunden C:\WINDOWS\system32\windfn.exe => erfolgreich verschoben C:\WINDOWS\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B => erfolgreich verschoben C:\WINDOWS\system32\setup4.2.6.tmp => erfolgreich verschoben C:\WINDOWS\system32\Drivers\6873241A.sys => erfolgreich verschoben C:\WINDOWS\system32\Drivers\33241540.sys => erfolgreich verschoben =========== EmptyTemp: ========== BITS transfer queue => 10510336 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11643892 B Java, Flash, Steam htmlcache => 6574451 B Windows/system/drivers => 0 B Edge => 0 B Chrome => 92369745 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 0 B grziw => 1199556 B RecycleBin => 0 B EmptyTemp: => 116.6 MB temporäre Dateien entfernt. ================================ Das System musste neu gestartet werden. ==== Ende von Fixlog 19:15:01 ==== Hi Aura, thank you very much! Somehow no editor opened after scanning. I copied the logfile from the same directory as FRST.
  3. Hello, some days ago I noticed some performance issues on my PC. Somehow I got a miner using my GPU in the background. Eventually I bought Malware Bytes Premium to get rid of it permanently. Unfortunately after every restart I get a threat detection even though I deleted them after sending them to quarantine. After trying it alone for some evenings I'm seeking some help here. Please let me know if I need to provide further information. Best regards! mb_log.txt Addition.txt FRST.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.