| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner W7x64, safe mode geht nicht, FRST müsste D scannenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.08.2013, 12:51
| #1 |
| |  GVU Trojaner W7x64, safe mode geht nicht, FRST müsste D scannen Hallo, ich habe mir irgendwie diesen verdammten GVU Trojaner eingefangen. Was mein Problem schwieriger macht ist, dass mein Laufwerk mit Bitlocker verschlüsselt und ich einige Anstalten machen musste um irgendetwas zu erreichen. Mittlerweile habe ich es geschafft in den Reparaturmodus zu kommen und kann auf das Dateisystem zugreifen. FRST64.exe startet, wirft aber ein nichtssagendes file aus, da mein Betriebsssystem auf D: liegt. Wie kann ich FRST beibringen D: statt C: zu scannen? Gibt es eine andere Methode? Wie gesagt, komme an alle files, CMD funktioniert, safe mode nicht, wiederherstellungspunkte leider auch nicht. Danke für eure Hilfe! ok, ein einfaches D: dahinter hat es wohl gebracht, also frst64.exe D: anbei des frst.txt file FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013
Ran by SYSTEM on 16-08-2013 13:49:41
Running from F:\
Windows 7 Enterprise (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-08] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-09-29] (Realtek Semiconductor)
HKLM\...\Run: [SAPinit] - C:\Program Files (x86)\SAP\RPW.reg [1206 2006-04-05] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe"
HKLM-x32\...\Run: [SoftGridTray] - C:\Program Files (x86)\Microsoft Application Virtualization Client\SFTTray.exe [853352 2010-12-27] (Microsoft Corporation)
HKLM-x32\...\Run: [SVGViewer] - wscript.exe "C:\Program Files (x86)\Common Files\Adobe\SVG Viewer 3.0\CustomUser.vbs" [x]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215360 2011-09-14] (McAfee, Inc.)
HKLM-x32\...\Run: [McAfee Host Intrusion Prevention Tray] - C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe [979104 2010-06-15] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [JRE150_16_init] - C:\Program Files (x86)\Java\jre1.5.0_16\JREInit.bat [492 2011-11-09] ()
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [701872 2013-01-23] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-11-27] (McAfee, Inc.)
HKU\Administrator\...\Policies\system: [NoDispScrSavPage] 1
HKU\Default\...\Policies\system: [NoDispScrSavPage] 1
HKU\Default User\...\Policies\system: [NoDispScrSavPage] 1
HKU\ng257ab\...\Policies\system: [NoDispScrSavPage] 1
HKU\ta-admin-ng257ab\...\Policies\system: [NoDispScrSavPage] 1
HKU\TH8706\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Temp\nxtncuwiyxuopqkxo.exe [62464 2013-08-16] (Valve Corporation) <===== ATTENTION
HKU\TH8706\...\Policies\system: [NoDispScrSavPage] 1
HKU\TH8706\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\TH8706\...\Command Processor: "C:\Temp\nxtncuwiyxuopqkxo.exe" <===== ATTENTION!
Startup: C:\Users\TH8706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Services (Whitelisted) =================
S2 ciscod.exe; C:\Program Files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe [66480 2013-01-23] (Cisco Systems, Inc.)
S2 enterceptAgent; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [1498224 2010-06-15] (McAfee, Inc.)
S2 hips; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [39840 2010-08-03] (McAfee, Inc.)
S2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [239528 2011-06-14] (Microsoft Corp.)
S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199008 2012-12-13] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [209760 2011-09-14] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [162192 2012-01-04] (McAfee, Inc.)
S2 RCAgentMgr; C:\Windows\system32\RCAgentMgr.exe [8704 2011-12-13]
S2 SccmIpcheck; C:\Windows\SysWOW64\SccmIpcheck.exe [27648 2011-01-07]
S3 smstsmgr; C:\Windows\SysWOW64\CCM\TSManager.exe [246632 2011-07-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 Firehk; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)
S3 FirehkMP; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)
S3 firelm01; C:\Windows\system32\drivers\firelm01.sys [38968 2010-06-15] (McAfee, Inc.)
S0 FirePM; C:\Windows\System32\Drivers\FirePM.sys [186784 2010-06-15] (McAfee, Inc.)
S1 FireTDI; C:\Windows\system32\Drivers\FireTDI.sys [254520 2010-06-15] (McAfee, Inc.)
S1 FireTDI; C:\Windows\system32\Drivers\FireTDI.sys [254520 2010-06-15] (McAfee, Inc.)
S3 FscBapi; C:\Windows\System32\DRIVERS\FscBapi.sys [26952 2012-11-13] (Fujitsu Technology Solutions)
S3 FscEfDmi; C:\Windows\System32\DRIVERS\FscEfDmi.sys [25416 2012-11-13] (Fujitsu Technology Solutions)
S3 FscGabi; C:\Windows\System32\DRIVERS\FscGabi.sys [29512 2012-11-13] (Fujitsu Technology Solutions)
S3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2009-06-21] (FUJITSU LIMITED)
S3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2009-06-21] (FUJITSU LIMITED)
S3 HIPK; C:\Windows\System32\drivers\HIPK.sys [138904 2010-08-03] (McAfee, Inc.)
S3 HIPPSK; C:\Windows\System32\drivers\HIPPSK.sys [45424 2010-08-03] (McAfee, Inc.)
S3 HIPQK; C:\Windows\System32\drivers\HIPQK.sys [40152 2010-08-03] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [158712 2012-12-13] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [228752 2012-12-13] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647208 2012-01-04] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100904 2012-12-13] (McAfee, Inc.)
S1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [84424 2010-08-03] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [289152 2012-01-04] (McAfee, Inc.)
S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-03-12] (Intel Corporation)
S3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [761704 2010-12-27] (Microsoft Corporation)
S3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [268648 2010-12-27] (Microsoft Corporation)
S3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [25960 2010-12-27] (Microsoft Corporation)
S3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [22376 2010-12-27] (Microsoft Corporation)
S3 NT_NvcA; system32\DRIVERS\ntnvca.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-16 01:49 - 2013-08-16 01:49 - 00163122 _____ C:\Users\TH8706\AppData\Local\2433f433
2013-08-16 01:49 - 2013-08-16 01:49 - 00163083 _____ C:\ProgramData\2433f433
2013-08-16 01:49 - 2013-08-16 01:49 - 00163063 _____ C:\Users\TH8706\AppData\Roaming\2433f433
2013-08-12 07:08 - 2013-08-12 07:08 - 00000000 ____D C:\Users\TH8706\AppData\Local\Microsoft Help
2013-08-05 06:58 - 2013-08-05 07:09 - 00852769 _____ C:\Users\TH8706\Desktop\Kopie von Lieferantentag_Anmeldungen und Fragen.xlsx
2013-08-05 05:03 - 2013-08-05 05:03 - 00002609 _____ C:\Windows\BiosPassword.log
2013-08-01 03:08 - 2013-08-01 03:08 - 00000000 _____ C:\Windows\oldSMSInstallAccount2013_OK.$w$
2013-07-30 06:37 - 2013-07-30 06:37 - 00014758 _____ C:\Users\TH8706\Desktop\Mappe1.xlsx_
==================== One Month Modified Files and Folders =======
2013-08-16 03:05 - 2012-12-14 00:22 - 00000000 ____D C:\Users\TH8706\AppData\Roaming\SoftGrid Client
2013-08-16 03:04 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-16 03:04 - 2009-07-13 20:51 - 00058435 _____ C:\Windows\setupact.log
2013-08-16 03:03 - 2010-11-20 19:47 - 00030742 _____ C:\Windows\PFRO.log
2013-08-16 02:50 - 2012-07-16 06:49 - 00000475 _____ C:\Windows\SMSCFG.ini
2013-08-16 01:49 - 2013-08-16 01:49 - 00163122 _____ C:\Users\TH8706\AppData\Local\2433f433
2013-08-16 01:49 - 2013-08-16 01:49 - 00163083 _____ C:\ProgramData\2433f433
2013-08-16 01:49 - 2013-08-16 01:49 - 00163063 _____ C:\Users\TH8706\AppData\Roaming\2433f433
2013-08-16 01:06 - 2013-03-28 04:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-16 00:45 - 2011-08-03 00:32 - 00000000 ____D C:\Users\TH8706\Documents\Outlook
2013-08-15 22:52 - 2012-07-16 07:36 - 00737658 _____ C:\Windows\System32\perfh00C.dat
2013-08-15 22:52 - 2012-07-16 07:36 - 00737502 _____ C:\Windows\System32\perfh00A.dat
2013-08-15 22:52 - 2012-07-16 07:36 - 00699272 _____ C:\Windows\System32\perfh007.dat
2013-08-15 22:52 - 2012-07-16 07:36 - 00158208 _____ C:\Windows\System32\perfc00A.dat
2013-08-15 22:52 - 2012-07-16 07:36 - 00149176 _____ C:\Windows\System32\perfc00C.dat
2013-08-15 22:52 - 2012-07-16 07:36 - 00149132 _____ C:\Windows\System32\perfc007.dat
2013-08-15 22:52 - 2009-07-13 21:13 - 03401458 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-15 22:51 - 2009-07-13 20:45 - 00019104 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-15 22:51 - 2009-07-13 20:45 - 00019104 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-15 22:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\security
2013-08-15 07:50 - 2012-12-13 06:34 - 01916928 _____ C:\Windows\WindowsUpdate.log
2013-08-15 07:47 - 2011-08-03 00:50 - 00000000 ____D C:\Users\TH8706\Documents\Privat
2013-08-15 07:32 - 2012-12-13 06:40 - 00002464 _____ C:\Windows\System32\config\netlogon.ftl
2013-08-12 22:53 - 2012-12-14 00:22 - 00004302 __RSH C:\Users\TH8706\ntuser.pol
2013-08-12 22:53 - 2012-12-13 07:20 - 00000000 ____D C:\users\TH8706
2013-08-12 07:08 - 2013-08-12 07:08 - 00000000 ____D C:\Users\TH8706\AppData\Local\Microsoft Help
2013-08-07 14:00 - 2012-12-13 06:52 - 00140992 _____ (McAfee, Inc.) C:\Windows\SysWOW64\KevlarSigs.dll
2013-08-05 05:03 - 2013-08-05 05:03 - 00002609 _____ C:\Windows\BiosPassword.log
2013-08-05 05:03 - 2012-12-13 23:36 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-01 05:46 - 2011-08-03 00:57 - 00000000 ____D C:\Users\TH8706\Documents\TempLabour
2013-08-01 03:08 - 2013-08-01 03:08 - 00000000 _____ C:\Windows\oldSMSInstallAccount2013_OK.$w$
2013-07-30 00:14 - 2013-06-13 00:00 - 00000000 _____ C:\Windows\DCMRemediation_BrowsingNetwork_KO.$w$
2013-07-30 00:14 - 2013-06-10 23:35 - 00009999 _____ C:\Windows\BrowsingNetwork.log
2013-07-29 02:37 - 2012-12-13 06:41 - 00118940 __RSH C:\ProgramData\ntuser.pol
2013-07-25 05:26 - 2013-07-25 05:26 - 00001554 _____ C:\Users\TH8706\Desktop\GOContactSync.exe - Verknüpfung.lnk
2013-07-25 05:14 - 2013-07-25 05:14 - 00000000 ____D C:\Windows\System32\appmgmt
2013-07-25 05:14 - 2013-07-25 05:14 - 00000000 ____D C:\Program Files (x86)\GO Contact Sync
2013-07-25 04:02 - 2009-07-13 20:45 - 00346712 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-25 03:59 - 2010-11-20 22:30 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-25 03:59 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-25 03:59 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-25 03:56 - 2013-07-25 03:56 - 00000000 _____ C:\Windows\W76P024.$w$
2013-07-25 03:56 - 2012-12-13 06:54 - 00050349 _____ C:\Windows\upgrade.log
2013-07-25 03:55 - 2012-12-13 06:39 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-25 03:55 - 2012-07-16 07:08 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-07-25 03:55 - 2012-07-16 06:42 - 00029406 _____ C:\Windows\App.log
2013-07-25 03:54 - 2013-03-28 04:50 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-25 03:54 - 2013-03-28 04:50 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-25 03:54 - 2012-12-13 06:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-25 03:53 - 2012-07-16 06:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-25 03:52 - 2013-07-25 03:52 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-25 03:52 - 2013-07-25 03:52 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-25 03:43 - 2013-07-25 03:43 - 00000714 _____ C:\Windows\instmsgy.txt
2013-07-18 03:39 - 2012-12-14 02:08 - 00000000 ____D C:\Users\TH8706\AppData\Local\SAP
2013-07-18 02:04 - 2013-07-18 01:58 - 03142656 _____ C:\Users\TH8706\Desktop\Übersicht Bürgerschaften_2012 Kommentare MH.xls
2013-07-18 00:29 - 2013-01-16 04:28 - 00012397 _____ C:\Windows\LocalAdminGroup.log
Files to move or delete:
====================
C:\Temp\nxtncuwiyxuopqkxo.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2013-04-25 03:03] - [2012-10-18 10:02] - 0027136 ____A (Microsoft Corporation) DFDE777FAF31DC25E3624E8071073146
C:\Windows\SysWOW64\svchost.exe
[2013-04-25 03:03] - [2012-10-18 09:40] - 0021504 ____A (Microsoft Corporation) FFB38D8AFD6F4FCA1D46D64F1EDE0B9F
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-04-25 03:04] - [2012-10-18 14:00] - 0296808 ____A (Microsoft Corporation) DF83AA1C4278E2C0E36C0479C1555A9C
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 4007.17 MB
Available physical RAM: 3336.93 MB
Total Pagefile: 4005.32 MB
Available Pagefile: 3351.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (OSDisk) (Fixed) (Total:118.84 GB) (Free:35.41 GB) NTFS (Disk=0 Partition=1)
Drive e: (KRD10) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (BDEDrive) (Fixed) (Total:0.39 GB) (Free:0 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 5F7534EC)
Partition 1: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=400 MB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 961 MB) (Disk ID: 6E652072)
No partition Table on disk 1.
LastRegBack: 2013-08-12 01:05
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- |
| Themen zu GVU Trojaner W7x64, safe mode geht nicht, FRST müsste D scannen |
| alten, andere, association, bitlocker, cmd, erreiche, farbar, farbar recovery scan tool, file, files, frst64.exe, funktionier, funktioniert, gvu - trojaner - abgesicherter modus geht nicht, hilfe!, irgendetwas, laufwerk, methode, problem, scan, scanne, scannen, starte, startet, troja, trojaner, verdammte, verdammten, verschlüsselt, wiederherstellungspunkte, win7 64bit, wscript.exe |
Baum-Darstellung