Loesche im abgesicherten Modus:
C:\WINDOWS\System32\crsss.exe [Gaobot Trojan.]
Removing autostart entries from the registry prevents the malware from executing at startup.
1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
3. In the right panel, locate and delete the entry:
Win32 USB2.0 Driver= "W32USB2.EXE"
4. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Runservices
5. In the right panel, locate and delete the entry:
Win32 USB2.0 Driver= "W32USB2.EXE"
6. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Runonce
7. In the right panel, locate and delete the entry:
Win32 USB2.0 Driver= "W32USB2.EXE"
8. In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
9. In the right panel, locate and delete the entry:
Win32 USB2.0 Driver= "W32USB2.EXE"
10. In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Runonce
11. In the right panel, locate and delete the entry:
Win32 USB2.0 Driver= "W32USB2.EXE"
12. In the left panel, locate and delete the following keys:
* HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Win32 USB2.0 Driver
* HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root
\LEGACY_WIN32_USB2.0_DRIVER
* HKEY_LOCAL_MACHINE\System\ControlSet001\Services
\Win32 USB2.0 Driver
* Close Registry Editor.
NOTE: If you were not able to terminate the malware process as described in the previous procedure, restart your system.
zu den anderen prozessen hab ich nix gefunden.
zur sicherheit nochmal im abgesicherten modus mit a² free, ad-aware 6 und Spybot scannen.