Ich hasse dieses Vista
Bitte Rechtsklick-->ausführen-->als Administrator
Dann müsste es Problemlos laufen 
Bitte das bei allen Tools machen
Hallo,
jetzt hat es funktioniert.
SmitFraudFix v2.403
Scan done at 8:50:11,79, 13.03.2009
Run from C:\Users\Jrgen\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
F:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Jürgen\AppData\Local\cwwmk.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
F:\Program Files\CDBurnerXP\NMSAccessU.exe
F:\Program Files\OO Software\CleverCache\ooccag.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
F:\Program Files\TeamViewer3\TeamViewer_Service.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
F:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
F:\program files\Mozilla Firefox\firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Jrgen
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\JRGEN~1\AppData\Local\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Jrgen\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\Users\JRGEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Cheap ***please notify moderator / bitte melden*** Online.url FOUND !
C:\Users\JRGEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Cheap Software.url FOUND !
C:\Users\JRGEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Search Online.url FOUND !
C:\Users\JRGEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\VIP Casino.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\JRGEN~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd3.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\adialhk.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\kloehk.dll acaptuser32.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) 82562V-2 10/100 Network Connection
DNS Server Search Order: 192.168.178.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBB80554-C5CC-472F-A829-EFB85698F2BA}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBB80554-C5CC-472F-A829-EFB85698F2BA}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DBB80554-C5CC-472F-A829-EFB85698F2BA}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DBB80554-C5CC-472F-A829-EFB85698F2BA}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Wusst ich es doch
muss ja gehen
Die Auswertung von www.virustotal.com fehlt mir noch
Code: [Auswählen]
C:\Users\Jürgen\AppData\Local\cwwmk.exeBitte nachreichenBitte starte deinen Rechner nun in den Abgesicherten Modus und lass das Tool erneut laufen
Gib bitte in das DOS-Fenster 2 ein
speichere den Bericht auf deinem Desktop
Nun wieder in den Normalen Modus wechseln und ein neues HJT-Log erstellen und mir posten
Hallo,
hier das neue HJT-Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:57, on 13.03.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Jürgen\AppData\Local\cwwmk.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Windows\System32\mobsync.exe
F:\program files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - f:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ooccctrl.exe] F:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [cwwmk] "c:\users\jürgen\appdata\local\cwwmk.exe" cwwmk
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download aller Links mit IDM - F:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV Video Inhalt mit IDM - F:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download mit IDM - F:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: f:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: f:\program files\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll acaptuser32.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c986fde72b16bf) (gupdate1c986fde72b16bf) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMSAccessU - Unknown owner - F:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - F:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - F:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - F:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
--
End of file - 7303 bytes
und den raport txt:
SmitFraudFix v2.403
Scan done at 18:45:10,41, 13.03.2009
Run from N:\Sicherungsplatte\Systemschutz\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\Users\JRGEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Cheap ***please notify moderator / bitte melden*** Online.url Deleted
C:\Users\JRGEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Cheap Software.url Deleted
C:\Users\JRGEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Search Online.url Deleted
C:\Users\JRGEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\VIP Casino.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBB80554-C5CC-472F-A829-EFB85698F2BA}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBB80554-C5CC-472F-A829-EFB85698F2BA}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Sorry,
Datei cwwmk.exe empfangen 2009.03.13 19:29:58 (CET)
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.03.13 -
AhnLab-V3 5.0.0.2 2009.03.13 -
AntiVir 7.9.0.114 2009.03.13 -
Authentium 5.1.0.4 2009.03.13 W32/Skintrim.1!Generic
Avast 4.8.1335.0 2009.03.12 -
AVG 8.0.0.237 2009.03.13 -
BitDefender 7.2 2009.03.13 -
CAT-QuickHeal 10.00 2009.03.13 -
ClamAV 0.94.1 2009.03.13 -
Comodo 1053 2009.03.13 -
DrWeb 4.44.0.09170 2009.03.13 -
eSafe 7.0.17.0 2009.03.12 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.13 W32/Skintrim.1!Generic
F-Secure 8.0.14470.0 2009.03.13 -
Fortinet 3.117.0.0 2009.03.13 -
GData 19 2009.03.13 -
Ikarus T3.1.1.45.0 2009.03.13 -
K7AntiVirus 7.10.668 2009.03.12 -
Kaspersky 7.0.0.125 2009.03.13 -
McAfee 5552 2009.03.13 -
McAfee+Artemis 5552 2009.03.13 -
McAfee-GW-Edition 6.7.6 2009.03.13 Trojan.LooksLike.Dropper
Microsoft 1.4405 2009.03.13 Trojan:Win32/Skintrim.gen!D
NOD32 3935 2009.03.13 -
Norman 6.00.06 2009.03.13 -
nProtect 2009.1.8.0 2009.03.13 -
Panda 10.0.0.10 2009.03.13 Suspicious file
PCTools 4.4.2.0 2009.03.13 -
Prevx1 V2 2009.03.13 -
Rising 21.20.42.00 2009.03.13 -
Sophos 4.39.0 2009.03.13 -
Sunbelt 3.2.1858.2 2009.03.13 -
Symantec 1.4.4.12 2009.03.13 -
TheHacker 6.3.3.0.281 2009.03.13 -
TrendMicro 8.700.0.1004 2009.03.13 -
VBA32 3.12.10.1 2009.03.12 -
ViRobot 2009.3.13.1648 2009.03.13 -
VirusBuster 4.6.5.0 2009.03.13 -
weitere Informationen
File size: 208896 bytes
MD5...: cfec25c1a0762085cfbb2415ba6bf295
SHA1..: 613c1acc2763fef2b80bc3620a18aa1c8109a93f
SHA256: 577d1296c92156a863c9bcd9da03d3b4a7f502f88ae8bc74fb99513154a242b5
SHA512: 369f7b3ff36754702cbb8507dcbb43f3a9b4177c8773bab57ed32c066e4ec4aa<br>b7e7910cdf9b0034c651317c944effb5af5dacbc554c14ced6548afcfac421a2
ssdeep: 6144:GVPjIMLOTw3cSWY3u0+q2ibplj5MTd/4U:GVb7LOk3cS0q2i3OTd<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
Hat dir diese Antwort geholfen?
Die Datei bitte an folgende E-mail adresse schicken:
[email protected]
damit ich sie an die anderen AV Hersteller schicken kann.
Nach der Anweisung von Ersguterjunge
Lade dir ComboFix herunter
Lese dir die Aneitung dazu bitte genau durch oder drucke sie gegebens aus
Bitte ComboFix noch nichtstarten
Schliesse alle Programme
Trenne Dich von Netz
Starte HiJackThis--->do a scan only-->Häckchen bei den Einträgen aus der Code-Box setzten
Code: [Auswählen]
O4 - HKCU\..\Run: [cwwmk] "c:\users\jürgen\appdata\local\cwwmk.exe" cwwmkNun auf Fix checked klicken-->mit OK bestätigenRechner neu starten
Nun starte HJT noch einmal
do a scan only--->rechts unten auf Config klicken--->nun auf Misk Tools--->Hier auf delete a file on reboot
Navigiere nun im zu diesem Ordner
Code: [Auswählen]
"c:\users\jürgen\appdata\local\cwwmk.exe" cwwmkBeantworte die Fragen mit Ja und starte den Rechner neuNun klicke auf ComboFix und führe es laut Anleitung aus
Lese dir alle Warnungen was auftreten durch und beantworte sie mit JA
Poste bitte die Logfile von ComboFix
EDIT
Wir versenden solche Datein weiter damit auch die Hersteller vn AntiVir Programmen diese zu den nächsten Updates hinzufügen können
Hallo ud guten Morgen,
ich muß die Log-Datei in mehreren Teilen schicken, da sie zu grß ist.
ComboFix 09-03-13.02 - Jürgen 2009-03-14 8:52:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.3325.2487 [GMT 1:00]
ausgeführt von:: c:\users\Jürgen\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Jürgen\AppData\Local\cwwmk.dat
c:\users\Jürgen\AppData\Local\cwwmk.exe
c:\users\Jürgen\AppData\Local\cwwmk_nav.dat
c:\users\Jürgen\AppData\Local\cwwmk_navps.dat
c:\windows\system32\FTPx.dll
c:\windows\system32\MabryObj.dll
c:\windows\system32\tmp.reg
D:\Autorun.inf
.
((((((((((((((((((((((( Dateien erstellt von 2009-02-14 bis 2009-03-14 ))))))))))))))))))))))))))))))
.
2009-03-14 08:39 . 2009-03-14 08:39 <DIR> d-------- c:\program files\CCleaner
2009-03-13 18:51 . 2009-03-13 18:51 <DIR> d-------- c:\program files\Trend Micro
2009-03-12 16:19 . 2009-03-12 16:19 <DIR> d-------- c:\users\Jürgen\AppData\Roaming\Malwarebytes
2009-03-12 16:19 . 2009-03-12 16:19 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-12 16:19 . 2009-03-12 16:19 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-10 15:46 . 2009-03-10 15:46 <DIR> d-------- c:\users\All Users\Apple Computer
2009-03-10 15:46 . 2009-03-10 15:46 <DIR> d-------- c:\programdata\Apple Computer
2009-03-08 14:10 . 2009-03-08 14:11 518 --a------ c:\windows\ST6UNST.004
2009-03-08 14:08 . 2009-03-08 14:10 582 --a------ c:\windows\ST6UNST.003
2009-03-08 12:39 . 2009-03-08 12:39 <DIR> d-------- c:\program files\Dkill95
2009-03-08 12:39 . 1996-11-06 13:05 302,592 --a------ c:\windows\unin0407.exe
2009-03-08 09:56 . 2009-03-08 09:57 827 --a------ c:\windows\ST6UNST.002
2009-03-06 13:48 . 2009-03-06 13:48 <DIR> d-------- c:\users\Jürgen\AppData\Roaming\Apple Computer
2009-03-06 13:47 . 2009-03-06 13:47 <DIR> d-------- c:\users\All Users\Apple
2009-03-06 13:47 . 2009-03-06 13:47 <DIR> d-------- c:\programdata\Apple
2009-03-06 13:47 . 2009-03-06 13:47 <DIR> d-------- c:\program files\Bonjour
2009-03-06 13:47 . 2009-03-06 13:47 <DIR> d-------- c:\program files\Apple Software Update
2009-03-06 11:53 . 2009-03-06 11:53 <DIR> d-------- c:\users\All Users\Fighters
2009-03-06 11:53 . 2009-03-06 11:53 <DIR> d-------- c:\programdata\Fighters
2009-03-06 11:53 . 2009-03-06 13:21 <DIR> d-------- c:\program files\Fighters
2009-03-05 15:38 . 2009-03-05 15:38 <DIR> d-------- c:\windows\System32\Adobe
2009-03-05 15:38 . 2009-03-05 15:38 <DIR> d-------- c:\windows\Profiles
2009-03-05 15:38 . 2009-03-05 15:38 <DIR> d-------- c:\users\Jürgen\AppData\Roaming\InterTrust
2009-03-05 15:36 . 2009-03-13 09:18 <DIR> d-------- c:\program files\StarMoney 6.0 S-Edition
2009-03-05 15:36 . 1998-11-06 14:33 244,417 --a------ c:\windows\System32\odbcjet.hlp
2009-03-05 15:36 . 1999-03-05 21:15 74,000 --a------ c:\windows\System32\msrclr40.dll
2009-03-05 15:36 . 1999-03-05 21:15 28,944 --a------ c:\windows\System32\msrecr40.dll
2009-03-05 15:36 . 1998-11-06 14:38 8,198 --a------ c:\windows\System32\odbcjet.cnt
2009-03-03 15:27 . 2008-10-28 23:08 723,504 --a------ c:\windows\System32\vnetlib.dll
2009-03-03 15:27 . 2008-10-28 23:07 399,920 --a------ c:\windows\System32\vmnat.exe
2009-03-03 15:27 . 2008-10-28 23:08 326,192 --a------ c:\windows\System32\vmnetdhcp.exe
2009-03-03 15:27 . 2008-10-28 17:03 55,856 --a------ c:\windows\System32\vnetinst.dll
2009-03-03 15:27 . 2008-10-28 17:03 50,736 -ra------ c:\windows\System32\vmnetbridge.dll
2009-03-03 15:27 . 2008-10-28 17:03 31,280 -ra------ c:\windows\System32\drivers\vmnetbridge.sys
2009-03-03 15:27 . 2008-10-28 23:08 26,288 --a------ c:\windows\System32\drivers\vmnetuserif.sys
2009-03-03 15:27 . 2008-10-28 17:03 18,736 -ra------ c:\windows\System32\drivers\vmnet.sys
2009-03-03 15:27 . 2008-10-28 17:03 16,560 --a------ c:\windows\System32\drivers\vmnetadapter.sys
2009-03-03 15:26 . 2008-10-28 17:03 31,280 --a------ c:\windows\System32\drivers\vmusb.sys
2009-03-03 15:26 . 2008-10-28 23:08 23,216 --a------ c:\windows\System32\drivers\VMkbd.sys
2009-03-03 15:24 . 2009-03-14 08:50 <DIR> d-------- c:\users\All Users\VMware
2009-03-03 15:24 . 2009-03-14 08:50 <DIR> d-------- c:\programdata\VMware
2009-03-03 15:23 . 2009-03-03 15:23 <DIR> d-------- c:\program files\VMware
2009-03-03 15:18 . 2009-03-03 15:18 <DIR> d-------- c:\users\All Users\IM
2009-03-03 15:18 . 2009-03-03 15:18 <DIR> d-------- c:\programdata\IM
2009-03-03 13:47 . 2009-03-03 13:47 <DIR> d-------- c:\windows\uninstall\VISTA Tuning
2009-03-02 15:44 . 2009-03-03 13:47 <DIR> d-------- c:\windows\uninstall
2009-03-02 15:44 . 2009-03-02 15:44 <DIR> d-------- c:\program files\EMME
2009-03-02 11:04 . 2009-03-02 11:04 <DIR> d-------- c:\program files\Date * bitte keine illegalen Tipps *er 2000
2009-03-02 11:04 . 2009-03-02 11:04 519 --a------ c:\windows\ST6UNST.001
2009-03-02 11:02 . 2009-03-08 14:10 249,856 --------- c:\windows\Setup1.exe
2009-03-02 11:02 . 2009-03-08 14:10 73,216 --a------ c:\windows\ST6UNST.EXE
2009-03-02 11:02 . 2009-03-02 11:03 813 --a------ c:\windows\ST6UNST.000
2009-03-02 10:43 . 2009-03-12 16:25 <DIR> d-------- c:\users\Jürgen\AppData\Roaming\ProtectDisc
2009-03-02 10:41 . 2009-03-02 10:41 <DIR> d-------- c:\users\All Users\DATA BECKER Downloads
2009-03-02 10:41 . 2009-03-02 10:41 <DIR> d-------- c:\programdata\DATA BECKER Downloads
2009-03-02 10:41 . 2009-03-02 10:41 <DIR> d-------- c:\program files\ProtectDisc Driver Installer
2009-03-02 10:41 . 2009-03-02 10:41 <DIR> d-------- c:\program files\ProtectDisc
2009-03-02 10:41 . 2009-03-02 10:41 <DIR> d-------- c:\program files\Common Files\DATA BECKER Shared
2009-02-26 22:05 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\System32\D3DX9_39.dll
2009-02-26 22:05 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\System32\D3DCompiler_39.dll
2009-02-26 22:05 . 2008-07-31 10:40 509,448 --a------ c:\windows\System32\XAudio2_2.dll
2009-02-26 22:05 . 2008-07-12 08:18 467,984 --a------ c:\windows\System32\d3dx10_39.dll
2009-02-26 22:05 . 2008-07-31 10:41 238,088 --a------ c:\windows\System32\xactengine3_2.dll
2009-02-26 22:05 . 2008-07-31 10:41 68,616 --a------ c:\windows\System32\XAPOFX1_1.dll
2009-02-25 22:52 . 2009-02-27 12:39 <DIR> d-------- c:\program files\Saints Row 2
2009-02-21 10:06 . 2009-02-21 10:11 <DIR> d-------- c:\users\Jürgen\AppData\Roaming\U3
2009-02-20 10:31 . 2009-03-11 17:27 <DIR> d-------- c:\users\Jürgen\AppData\Roaming\VMware
2009-02-20 10:22 . 2009-03-03 15:26 1,024 --a------ C:\.rnd
2009-02-19 16:59 . 2009-03-03 16:15 2,562 --a------ c:\windows\diagwrn.xml
2009-02-19 16:59 . 2009-03-03 16:15 1,908 --a------ c:\windows\diagerr.xml
2009-02-19 16:08 . 2008-04-14 19:51 171,136 -rahs---- C:\grldr
2009-02-18 12:46 . 2009-02-18 12:46 <DIR> d-------- c:\users\Jürgen\AppData\Roaming\Webcammax
2009-02-18 10:51 . 2009-02-18 10:51 <DIR> d-------- c:\windows\Full Speed
2009-02-17 16:40 . 2008-11-04 00:56 327,192 --a------ c:\windows\System32\drivers\iaStor.sys
2009-02-17 16:40 . 2006-11-10 15:25 319,456 --a------ c:\windows\System32\difxapi.dll
2009-02-17 16:38 . 2008-11-13 07:41 252,544 --a------ c:\windows\System32\PROUnstl.exe
2009-02-17 16:38 . 2006-01-12 14:52 1,904 --------- c:\windows\System32\SetupBD.din
2009-02-17 16:36 . 2008-12-04 22:55 217,728 --a------ c:\windows\System32\drivers\e1e6032.sys
2009-02-17 16:36 . 2007-12-14 12:06 121,440 --a------ c:\windows\System32\e1000msg.dll
2009-02-17 16:36 . 2008-11-18 16:23 57,464 --a------ c:\windows\System32\NicInE6.dll
2009-02-17 16:36 . 2007-08-24 07:58 28,272 --a------ c:\windows\System32\NicCo26.dll
2009-02-17 16:36 . 2008-11-13 11:59 2,789 --a------ c:\windows\System32\e1e6032.din
2009-02-17 16:19 . 2009-02-17 16:19 <DIR> d-------- c:\users\Jürgen\AppData\Roaming\Logitech
2009-02-17 16:19 . 2009-02-17 16:19 <DIR> d-------- c:\users\All Users\LogiShrd
2009-02-17 16:19 . 2009-02-17 16:19 <DIR> d-------- c:\programdata\LogiShrd
2009-02-17 16:19 . 2009-02-17 16:19 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-02-17 16:19 . 2009-02-17 16:19 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-02-17 16:19 . 2009-02-17 16:19 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-02-17 16:18 . 2009-02-17 16:18 <DIR> d-------- c:\users\All Users\Logitech
2009-02-17 16:18 . 2009-02-17 16:18 <DIR> d-------- c:\programdata\Logitech
2009-02-17 16:18 . 2009-02-17 16:18 <DIR> d-------- c:\program files\Common Files\Logishrd
2009-02-17 16:18 . 2008-11-07 16:37 301,656 --a------ c:\windows\System32\BtCoreIf.dll
2009-02-17 16:18 . 2008-11-07 16:38 170,512 --a------ c:\windows\System32\kemutb.dll
2009-02-17 16:18 . 2008-11-07 16:38 145,936 --a------ c:\windows\System32\KemUtil.dll
2009-02-17 16:18 . 2008-11-07 16:38 117,264 --a------ c:\windows\System32\KemWnd.dll
2009-02-17 16:18 . 2008-11-07 16:38 84,496 --a------ c:\windows\System32\KemXML.dll
2009-02-17 15:47 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\System32\clinetsuitex6.ocx
2009-02-17 15:47 . 2009-02-17 15:47 680,960 --a------ c:\windows\is-I255M.exe
2009-02-17 15:47 . 2004-06-14 14:56 427,864 --a------ c:\windows\System32\XceedZip.dll
2009-02-17 15:47 . 2009-02-17 15:47 12,782 --a------ c:\windows\is-I255M.msg
2009-02-17 15:47 . 2009-02-17 15:47 454 --a------ c:\windows\is-I255M.lst
2009-02-17 13:35 . 2009-03-12 19:03 <DIR> d-------- c:\users\Jürgen\AppData\Roaming\IDM
2009-02-17 10:55 . 2009-02-17 10:55 <DIR> d-------- c:\users\Jürgen\AppData\Roaming\InstallShield
2009-02-17 09:45 . 2007-08-10 12:56 303,104 --a------ c:\windows\System32\ciplListBar.ocx
2009-02-17 09:45 . 2009-01-10 14:03 208,896 --a------ c:\windows\System32\ConTest.dll
2009-02-17 09:45 . 2007-08-10 12:56 155,648 --a------ c:\windows\System32\ciplImageList.ocx
2009-02-17 09:45 . 2007-07-03 11:48 36,864 --a------ c:\windows\System32\ascbalon.dll
2009-02-14 10:32 . 2009-02-14 10:32 21,644 --a------ c:\windows\System32\TUProgSt_20090214-093251.dmp
.
Teil 2
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 07:52 2,097,152 --sha-w c:\users\Jürgen\NTUSER.DAT
2009-03-14 07:52 2,097,152 --sha-w c:\users\Jürgen\NTUSER.DAT
2009-03-14 07:50 --------- d-----w c:\programdata\Kaspersky Lab
2009-03-14 07:49 745,504 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-14 07:49 6,772 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-14 07:49 6,229,024 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-14 07:49 54,984 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-14 07:42 --------- d-----w c:\users\Jürgen\AppData\Roaming\DMCache
2009-03-12 18:03 --------- d-----w c:\users\Jürgen\AppData\Roaming\IDM
2009-03-12 15:25 --------- d-----w c:\users\Jürgen\AppData\Roaming\ProtectDisc
2009-03-12 15:19 --------- d-----w c:\users\Jürgen\AppData\Roaming\Malwarebytes
2009-03-11 17:56 --------- d-----w c:\users\Jürgen\AppData\Roaming\Skype
2009-03-11 17:46 --------- d-----w c:\users\Jürgen\AppData\Roaming\skypePM
2009-03-11 16:27 --------- d-----w c:\users\Jürgen\AppData\Roaming\VMware
2009-03-10 10:02 1,868,944 ----a-w c:\windows\System32\RSA32_16.DLL
2009-03-10 09:57 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-09 11:47 --------- d-----w c:\program files\Google
2009-03-06 12:48 --------- d-----w c:\users\Jürgen\AppData\Roaming\Apple Computer
2009-03-05 15:10 --------- d-----w c:\program files\Common Files\Lexware
2009-03-05 14:38 --------- d-----w c:\users\Jürgen\AppData\Roaming\InterTrust
2009-03-05 14:38 --------- d-----w c:\program files\Common Files\Adobe
2009-03-05 14:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-21 09:11 --------- d-----w c:\users\Jürgen\AppData\Roaming\U3
2009-02-19 21:01 --------- d-s---w c:\users\Jürgen\AppData\Roaming\Microsoft
2009-02-19 14:19 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-19 14:18 111,928 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-18 11:46 --------- d-----w c:\users\Jürgen\AppData\Roaming\Webcammax
2009-02-17 15:40 --------- d-----w c:\program files\Intel
2009-02-17 15:32 --------- d-----w c:\programdata\NVIDIA
2009-02-17 15:27 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-17 15:26 --------- d-----w c:\program files\AGEIA Technologies
2009-02-17 15:19 --------- d-----w c:\users\Jürgen\AppData\Roaming\Logitech
2009-02-17 15:09 --------- d--h--w c:\program files\Temp
2009-02-17 15:08 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-02-17 09:55 --------- d-----w c:\users\Jürgen\AppData\Roaming\InstallShield
2009-02-16 15:57 --------- d-----w c:\program files\AVS4YOU
2009-02-14 12:14 --------- d-----w c:\users\Jürgen\AppData\Roaming\ZoomBrowser EX
2009-02-11 14:58 --------- d-----w c:\programdata\Microsoft Help
2009-02-06 12:03 --------- d-----w c:\users\Jürgen\AppData\Roaming\CameraWindowDC
2009-02-06 12:02 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-02-06 12:02 --------- d-----w c:\users\Jürgen\AppData\Roaming\CANON INC
2009-02-06 10:09 --------- d-----w c:\users\Jürgen\AppData\Roaming\Adobe
2009-02-06 10:00 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-06 09:10 --------- d-----w c:\users\Jürgen\AppData\Roaming\Foxit
2009-02-04 14:03 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-03 21:45 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 21:45 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-03 09:47 --------- d-----w c:\program files\Realtek
2009-01-31 16:05 268,048 ----a-w c:\windows\System32\dxtmeta2.dll
2009-01-31 09:26 22,328 ----a-w c:\users\Jürgen\AppData\Roaming\PnkBstrK.sys
2009-01-31 09:25 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-01-31 09:25 2,250,024 ----a-w c:\windows\System32\pbsvc.exe
2009-01-31 09:21 --------- d-----w c:\program files\Ubisoft
2009-01-25 09:50 --------- d-----w c:\programdata\AVSVideoBurner
2009-01-24 21:31 --------- d-----w c:\users\Jürgen\AppData\Roaming\AVS4YOU
2009-01-24 21:30 --------- d-----w c:\program files\Common Files\AVSMedia
2009-01-24 21:28 39,537,784 ----a-w c:\users\Jürgen\AppData\Roaming\AVSVideoConverter.exe
2009-01-24 16:09 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-24 16:04 --------- d-----w c:\program files\MSXML 4.0
2009-01-24 12:17 --------- d-----w c:\users\Jürgen\AppData\Roaming\ScanSoft
2009-01-24 12:14 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-24 12:06 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2009-01-24 09:55 --------- d-----w c:\users\Jürgen\AppData\Roaming\Activision
2009-01-24 09:21 --------- d-----w c:\users\Jürgen\AppData\Roaming\Canneverbe_Limited
2009-01-24 09:16 --------- d-----w c:\users\Jürgen\AppData\Roaming\TeamViewer
2009-01-24 09:15 --------- d-----w c:\program files\TeamViewer3
2009-01-24 08:48 --------- d-----w c:\program files\Canon
2009-01-24 08:45 --------- d-----w c:\program files\Common Files\Canon
2009-01-24 08:43 --------- d-----w c:\users\Jürgen\AppData\Roaming\Zeon
2009-01-24 08:42 --------- d-----w c:\programdata\ScanSoft
2009-01-24 08:42 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2009-01-24 08:41 --------- d-----w c:\programdata\Zeon
2009-01-24 08:41 --------- d-----w c:\programdata\InstallShield
2009-01-24 08:40 --------- d-----w c:\program files\ScanSoft
2009-01-24 08:31 --------- d-----w c:\program files\Microsoft.NET
2009-01-24 08:31 --------- d-----w c:\program files\Microsoft Works
2009-01-23 22:08 --------- d-----w c:\program files\Java
2009-01-23 21:39 --------- d-----w c:\users\Jürgen\AppData\Roaming\DataDesign
2009-01-23 21:31 2,963,456 ----a-w c:\program files\Common FilesDDBACSetup.msi
2009-01-23 21:30 --------- d-----w c:\users\Jürgen\AppData\Roaming\Lexware
2009-01-23 21:30 --------- d-----w c:\programdata\Lexware
2009-01-23 21:30 --------- d-----w c:\program files\Lexware
2009-01-23 21:30 --------- d-----w c:\program files\Common Files\DataDesign
2009-01-23 21:27 --------- d-----w c:\program files\Common Files\Java
2009-01-23 18:18 603,904 ----a-w c:\windows\System32\TUProgSt.exe
2009-01-23 18:18 362,240 ----a-w c:\windows\System32\TuneUpDefragService.exe
2009-01-23 18:18 --------- d-----w c:\programdata\TuneUp Software
2009-01-23 18:17 --------- d-sh--w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-23 16:51 --------- d-----w c:\program files\Common Files\Stardock
2009-01-23 16:14 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-23 16:14 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-23 16:11 --------- d-----w c:\programdata\Skype
2009-01-23 16:11 --------- d-----w c:\program files\Common Files\Skype
2009-01-23 16:11 --------- d-----r c:\program files\Skype
2009-01-23 16:10 --------- d-----w c:\program files\Linksys
2009-01-23 15:45 503,808 ----a-w c:\windows\msvcp71.dll
2009-01-23 15:45 352,256 ----a-w c:\windows\msvcr71.dll
2009-01-23 15:28 --------- d-----w c:\program files\IncrediMail
2009-01-23 15:19 --------- d-----w c:\users\Jürgen\AppData\Roaming\Macromedia
2009-01-23 15:14 --------- d-----w c:\programdata\IncrediMail
.
| « Über 70 viren und trojaner , was tun ? | virus fake alert eingefangen. seitdem kein zugriff auf windows, hilfe » | ||
Schnelle Hilfe: Hier nach ähnlichen Fragen und passenden Tipps suchen!
| Mehr Themen zu "Vista Broser öffnet statt Ordner"
