| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner - weg nach Systemwiederherstellung?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.06.2012, 14:02
| #1 | ||
| |  Bundespolizei Trojaner - weg nach Systemwiederherstellung? Hallo ihr. Ich habe das gleiche Problem wie jener User in diesem Thread, auf den ich leider nicht antworten konnte, was ich sonst lieber getan hätte, als ein neues Thema zu erstellen: http://www.trojaner-board.de/102459-...rstellung.html Der Trojaner scheint ruhig nach der Wiederherstellung des Systems auf ein älteres Datum, auch nach einem Runter und wieder Hochfahren, doch ich möchte lieber sicher gehen. Ich habe die Schritte die in dem alten Thread angegeben waren schon mal befolgt und poste einfach gleich mal die Logs  Ich hoffe ihr könnt mir weiterhelfen, will das Ding runter haben. Hier einmal von Malware: Zitat:
OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.06.2012 15:20:23 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\XXX\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
1013,30 Mb Total Physical Memory | 404,87 Mb Available Physical Memory | 39,96% Memory free
1,99 Gb Paging File | 1,16 Gb Available in Paging File | 58,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 52,00 Gb Total Space | 28,29 Gb Free Space | 54,41% Space Free | Partition Type: NTFS
Drive D: | 76,95 Gb Total Space | 76,85 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Computer Name: GOLDEN | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0070CE78-D48D-43BB-A285-C629019AE1B8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2C139EAD-F191-4418-83D0-48B1DB68B932}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{431697DD-ADD2-4C29-9811-C36E4A343832}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C9C2F111-16E3-452F-8E77-74F5086FD749}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28DC0538-7463-4400-9718-88822F02FD91}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{2E0E6BDB-9D93-4A99-B1C5-B2C5F42F2514}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{33A2D829-A092-456F-AD64-8EC09A03D078}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{34CCB822-D716-4AF5-9E5B-631F751939D3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{3C5D70C9-02AD-48C5-8780-5750A7CF1010}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4E7B4ADF-71AE-441D-8F71-178217FEFBF7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{666EAEF7-2C31-4B09-97BB-B073A4D46567}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{72ADF450-7CB8-4D02-963B-FCF7DCCE781C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{798652A5-5048-421E-8C22-67E7196A2A28}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B3702187-7D9A-42F8-BFCE-84226A7C03EE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CE218C06-29AA-4AC6-9E5B-B813DBF9D294}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{DE433D38-F211-40B2-A386-62091E3E62E6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E5AA9444-D72F-4460-824B-889E40DAC166}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E932CD42-7A11-4EC6-841B-D2AB7DBA171D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F9A13331-7AC9-4222-824F-6FB4510A571A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{96540678-BBAE-4F49-85F3-F15389612D4D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{AFC39FBC-79AF-4E16-838F-C317FE20D06D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{3CF0AC8C-38F9-4DBE-AF52-EB02655A41FE}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{E7794614-6057-43DD-88FD-75554F610335}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05709317-05C6-BED8-3DE2-AB2D8EEAA485}" = twhirl
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3159 Banner Remover 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18AA278D-E0B9-4F99-ACCC-070978A38453}" = Easy Resolution Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1" = twhirl
"Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.06.2012 11:27:22 | Computer Name = Golden | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 13.06.2012 11:34:31 | Computer Name = Golden | Source = VSS | ID = 8194
Description =
Error - 13.06.2012 14:46:29 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.06.2012 14:46:30 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.06.2012 14:46:53 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.06.2012 14:48:55 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Samsung\easy
display manager\RunGfxUI64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.06.2012 14:49:16 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.06.2012 14:49:18 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.06.2012 16:48:49 | Computer Name = Golden | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 13.06.2012 17:47:36 | Computer Name = Golden | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 18.06.2012 07:14:31 | Computer Name = Golden | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 18.06.2012 07:17:56 | Computer Name = Golden | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:16:50 on ?18.?06.?2012 was unexpected.
Error - 18.06.2012 07:18:44 | Computer Name = Golden | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 18.06.2012 07:36:14 | Computer Name = Golden | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 18.06.2012 07:44:50 | Computer Name = Golden | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 18.06.2012 08:02:52 | Computer Name = Golden | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 18.06.2012 08:06:45 | Computer Name = Golden | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 18.06.2012 08:07:16 | Computer Name = Golden | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.
Error - 18.06.2012 08:07:23 | Computer Name = Golden | Source = DCOM | ID = 10005
Description =
Error - 18.06.2012 08:07:22 | Computer Name = Golden | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053
< End of report >
Uuund noch ein log, diesmal von SUPERantiSpyware: Zitat:
Geändert von Aniwolf (18.06.2012 um 14:52 Uhr) |
|
19.06.2012, 13:27
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundespolizei Trojaner - weg nach Systemwiederherstellung? Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
| Themen zu Bundespolizei Trojaner - weg nach Systemwiederherstellung? |
| alten, anti-malware, antworten, autostart, dateien, dateisystem, datum, einfach, erstellen, explorer, gen, heuristiks/extra, heuristiks/shuriken, hochfahren, install.exe, malware, malwarebytes, neues, problem, registrierung, required, runter, service, speicher, systemwiederherstellung, thema, thread, trojaner, version, worte |
Linear-Darstellung
