Computerhilfen.de Logo
Forum
Tipps
News

Ich hasse dieses Vista

Bitte Rechtsklick-->ausführen-->als Administrator

Dann müsste es Problemlos laufen ;)
Bitte das bei allen Tools machen 

Hallo,
jetzt hat es funktioniert.

SmitFraudFix v2.403

Scan done at  8:50:11,79, 13.03.2009
Run from C:\Users\Jrgen\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
F:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Jürgen\AppData\Local\cwwmk.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
F:\Program Files\CDBurnerXP\NMSAccessU.exe
F:\Program Files\OO Software\CleverCache\ooccag.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
F:\Program Files\TeamViewer3\TeamViewer_Service.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
F:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
F:\program files\Mozilla Firefox\firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Jrgen


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\JRGEN~1\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Jrgen\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\Users\JRGEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Cheap ***please notify moderator / bitte melden*** Online.url FOUND !
C:\Users\JRGEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Cheap Software.url FOUND !
C:\Users\JRGEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Search Online.url FOUND !
C:\Users\JRGEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\VIP Casino.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\JRGEN~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd3.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\adialhk.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\kloehk.dll acaptuser32.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) 82562V-2 10/100 Network Connection
DNS Server Search Order: 192.168.178.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBB80554-C5CC-472F-A829-EFB85698F2BA}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBB80554-C5CC-472F-A829-EFB85698F2BA}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DBB80554-C5CC-472F-A829-EFB85698F2BA}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DBB80554-C5CC-472F-A829-EFB85698F2BA}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Wusst ich es doch

muss ja gehen ;)

Die Auswertung von www.virustotal.com fehlt mir noch

C:\Users\Jürgen\AppData\Local\cwwmk.exeBitte nachreichen

Bitte starte deinen Rechner nun in den Abgesicherten Modus und lass das Tool erneut laufen
Gib bitte in das DOS-Fenster 2 ein

speichere den Bericht auf deinem Desktop

Nun wieder in den Normalen Modus wechseln und ein neues HJT-Log erstellen und mir posten
« Letzte Änderung: 13.03.09, 18:37:58 von Larusso »

Hallo,
hier das neue HJT-Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:57, on 13.03.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Jürgen\AppData\Local\cwwmk.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Windows\System32\mobsync.exe
F:\program files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - f:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ooccctrl.exe] F:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [cwwmk] "c:\users\jürgen\appdata\local\cwwmk.exe" cwwmk
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download aller Links mit IDM - F:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV Video Inhalt mit IDM - F:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download mit IDM - F:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: f:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: f:\program files\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll acaptuser32.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c986fde72b16bf) (gupdate1c986fde72b16bf) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMSAccessU - Unknown owner - F:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - F:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - F:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - F:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 7303 bytes

und den raport txt:
SmitFraudFix v2.403

Scan done at 18:45:10,41, 13.03.2009
Run from N:\Sicherungsplatte\Systemschutz\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost
::1             localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Users\JRGEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Cheap ***please notify moderator / bitte melden*** Online.url Deleted
C:\Users\JRGEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Cheap Software.url Deleted
C:\Users\JRGEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Search Online.url Deleted
C:\Users\JRGEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\VIP Casino.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBB80554-C5CC-472F-A829-EFB85698F2BA}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBB80554-C5CC-472F-A829-EFB85698F2BA}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry
Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Gibt es Probleme beim Hochladen?

Nur keine Scheu zu fragen ;)

ich habe es doch hochgeladen.
wenn ich sie noch einmal schicke wird geschrieben,
die Datei wurde schon geprüft

« Letzte Änderung: 13.03.09, 20:13:56 von maximilian13 »

Ich bräuchte aber das Ergebniss :)

Leider kann ich noch nicht Hellsehen :D

Sorry,
Datei cwwmk.exe empfangen 2009.03.13 19:29:58 (CET)
Antivirus   Version   letzte aktualisierung   Ergebnis
a-squared   4.0.0.101   2009.03.13   -
AhnLab-V3   5.0.0.2   2009.03.13   -
AntiVir   7.9.0.114   2009.03.13   -
Authentium   5.1.0.4   2009.03.13   W32/Skintrim.1!Generic
Avast   4.8.1335.0   2009.03.12   -
AVG   8.0.0.237   2009.03.13   -
BitDefender   7.2   2009.03.13   -
CAT-QuickHeal   10.00   2009.03.13   -
ClamAV   0.94.1   2009.03.13   -
Comodo   1053   2009.03.13   -
DrWeb   4.44.0.09170   2009.03.13   -
eSafe   7.0.17.0   2009.03.12   -
eTrust-Vet   31.6.6388   2009.03.09   -
F-Prot   4.4.4.56   2009.03.13   W32/Skintrim.1!Generic
F-Secure   8.0.14470.0   2009.03.13   -
Fortinet   3.117.0.0   2009.03.13   -
GData   19   2009.03.13   -
Ikarus   T3.1.1.45.0   2009.03.13   -
K7AntiVirus   7.10.668   2009.03.12   -
Kaspersky   7.0.0.125   2009.03.13   -
McAfee   5552   2009.03.13   -
McAfee+Artemis   5552   2009.03.13   -
McAfee-GW-Edition   6.7.6   2009.03.13   Trojan.LooksLike.Dropper
Microsoft   1.4405   2009.03.13   Trojan:Win32/Skintrim.gen!D
NOD32   3935   2009.03.13   -
Norman   6.00.06   2009.03.13   -
nProtect   2009.1.8.0   2009.03.13   -
Panda   10.0.0.10   2009.03.13   Suspicious file
PCTools   4.4.2.0   2009.03.13   -
Prevx1   V2   2009.03.13   -
Rising   21.20.42.00   2009.03.13   -
Sophos   4.39.0   2009.03.13   -
Sunbelt   3.2.1858.2   2009.03.13   -
Symantec   1.4.4.12   2009.03.13   -
TheHacker   6.3.3.0.281   2009.03.13   -
TrendMicro   8.700.0.1004   2009.03.13   -
VBA32   3.12.10.1   2009.03.12   -
ViRobot   2009.3.13.1648   2009.03.13   -
VirusBuster   4.6.5.0   2009.03.13   -
weitere Informationen
File size: 208896 bytes
MD5...: cfec25c1a0762085cfbb2415ba6bf295
SHA1..: 613c1acc2763fef2b80bc3620a18aa1c8109a93f
SHA256: 577d1296c92156a863c9bcd9da03d3b4a7f502f88ae8bc74fb99513154a242b5
SHA512: 369f7b3ff36754702cbb8507dcbb43f3a9b4177c8773bab57ed32c066e4ec4aa<br>b7e7910cdf9b0034c651317c944effb5af5dacbc554c14ced6548afcfac421a2
ssdeep: 6144:GVPjIMLOTw3cSWY3u0+q2ibplj5MTd/4U:GVb7LOk3cS0q2i3OTd<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)

Hat dir diese Antwort geholfen?

Danke ButtonHilfreiche Antwort Button

Die Datei bitte an folgende E-mail adresse schicken:

kingbushido11@freenet.de

damit ich sie an die anderen AV Hersteller schicken kann.

ich habe die Datei verschickt.
Was meinst Du mit AV Hersteller?

Nach der Anweisung von Ersguterjunge
Lade dir ComboFix herunter
Lese dir die Aneitung dazu bitte genau durch oder drucke sie gegebens aus
Bitte ComboFix noch nichtstarten

Schliesse alle Programme
Trenne Dich von Netz
Starte HiJackThis--->do a scan only-->Häckchen bei den Einträgen aus der Code-Box setzten

O4 - HKCU\..\Run: [cwwmk] "c:\users\jürgen\appdata\local\cwwmk.exe" cwwmkNun auf Fix checked klicken-->mit OK bestätigen
Rechner neu starten

Nun starte HJT noch einmal
do a scan only--->rechts unten auf Config klicken--->nun auf Misk Tools--->Hier auf delete a file on reboot
Navigiere nun im zu diesem Ordner
"c:\users\jürgen\appdata\local\cwwmk.exe" cwwmkBeantworte die Fragen mit Ja und starte den Rechner neu

Nun klicke auf ComboFix und führe es laut Anleitung aus
Lese dir alle Warnungen was auftreten durch und beantworte sie mit JA

Poste bitte die Logfile von ComboFix

EDIT

Wir versenden solche Datein weiter damit auch die Hersteller vn AntiVir Programmen diese zu den nächsten Updates hinzufügen können ;)
« Letzte Änderung: 13.03.09, 20:55:59 von Larusso »

danke für die Antwort,ich werde es aber erst morgen machen.
Für heute by by.

Nimm dir die Zeit die du brauchst

Bitte jeden Punkt nacheinander Abarbeiten

sollte es Probleme geben bitte stoppen und melden 

Hallo ud guten Morgen,
ich muß die Log-Datei in mehreren Teilen schicken, da sie zu grß ist.
ComboFix 09-03-13.02 - Jürgen 2009-03-14  8:52:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1031.18.3325.2487 [GMT 1:00]
ausgeführt von:: c:\users\Jürgen\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jürgen\AppData\Local\cwwmk.dat
c:\users\Jürgen\AppData\Local\cwwmk.exe
c:\users\Jürgen\AppData\Local\cwwmk_nav.dat
c:\users\Jürgen\AppData\Local\cwwmk_navps.dat
c:\windows\system32\FTPx.dll
c:\windows\system32\MabryObj.dll
c:\windows\system32\tmp.reg
D:\Autorun.inf

.
(((((((((((((((((((((((   Dateien erstellt von 2009-02-14 bis 2009-03-14  ))))))))))))))))))))))))))))))
.

2009-03-14 08:39 . 2009-03-14 08:39   <DIR>   d--------   c:\program files\CCleaner
2009-03-13 18:51 . 2009-03-13 18:51   <DIR>   d--------   c:\program files\Trend Micro
2009-03-12 16:19 . 2009-03-12 16:19   <DIR>   d--------   c:\users\Jürgen\AppData\Roaming\Malwarebytes
2009-03-12 16:19 . 2009-03-12 16:19   <DIR>   d--------   c:\users\All Users\Malwarebytes
2009-03-12 16:19 . 2009-03-12 16:19   <DIR>   d--------   c:\programdata\Malwarebytes
2009-03-10 15:46 . 2009-03-10 15:46   <DIR>   d--------   c:\users\All Users\Apple Computer
2009-03-10 15:46 . 2009-03-10 15:46   <DIR>   d--------   c:\programdata\Apple Computer
2009-03-08 14:10 . 2009-03-08 14:11   518   --a------   c:\windows\ST6UNST.004
2009-03-08 14:08 . 2009-03-08 14:10   582   --a------   c:\windows\ST6UNST.003
2009-03-08 12:39 . 2009-03-08 12:39   <DIR>   d--------   c:\program files\Dkill95
2009-03-08 12:39 . 1996-11-06 13:05   302,592   --a------   c:\windows\unin0407.exe
2009-03-08 09:56 . 2009-03-08 09:57   827   --a------   c:\windows\ST6UNST.002
2009-03-06 13:48 . 2009-03-06 13:48   <DIR>   d--------   c:\users\Jürgen\AppData\Roaming\Apple Computer
2009-03-06 13:47 . 2009-03-06 13:47   <DIR>   d--------   c:\users\All Users\Apple
2009-03-06 13:47 . 2009-03-06 13:47   <DIR>   d--------   c:\programdata\Apple
2009-03-06 13:47 . 2009-03-06 13:47   <DIR>   d--------   c:\program files\Bonjour
2009-03-06 13:47 . 2009-03-06 13:47   <DIR>   d--------   c:\program files\Apple Software Update
2009-03-06 11:53 . 2009-03-06 11:53   <DIR>   d--------   c:\users\All Users\Fighters
2009-03-06 11:53 . 2009-03-06 11:53   <DIR>   d--------   c:\programdata\Fighters
2009-03-06 11:53 . 2009-03-06 13:21   <DIR>   d--------   c:\program files\Fighters
2009-03-05 15:38 . 2009-03-05 15:38   <DIR>   d--------   c:\windows\System32\Adobe
2009-03-05 15:38 . 2009-03-05 15:38   <DIR>   d--------   c:\windows\Profiles
2009-03-05 15:38 . 2009-03-05 15:38   <DIR>   d--------   c:\users\Jürgen\AppData\Roaming\InterTrust
2009-03-05 15:36 . 2009-03-13 09:18   <DIR>   d--------   c:\program files\StarMoney 6.0 S-Edition
2009-03-05 15:36 . 1998-11-06 14:33   244,417   --a------   c:\windows\System32\odbcjet.hlp
2009-03-05 15:36 . 1999-03-05 21:15   74,000   --a------   c:\windows\System32\msrclr40.dll
2009-03-05 15:36 . 1999-03-05 21:15   28,944   --a------   c:\windows\System32\msrecr40.dll
2009-03-05 15:36 . 1998-11-06 14:38   8,198   --a------   c:\windows\System32\odbcjet.cnt
2009-03-03 15:27 . 2008-10-28 23:08   723,504   --a------   c:\windows\System32\vnetlib.dll
2009-03-03 15:27 . 2008-10-28 23:07   399,920   --a------   c:\windows\System32\vmnat.exe
2009-03-03 15:27 . 2008-10-28 23:08   326,192   --a------   c:\windows\System32\vmnetdhcp.exe
2009-03-03 15:27 . 2008-10-28 17:03   55,856   --a------   c:\windows\System32\vnetinst.dll
2009-03-03 15:27 . 2008-10-28 17:03   50,736   -ra------   c:\windows\System32\vmnetbridge.dll
2009-03-03 15:27 . 2008-10-28 17:03   31,280   -ra------   c:\windows\System32\drivers\vmnetbridge.sys
2009-03-03 15:27 . 2008-10-28 23:08   26,288   --a------   c:\windows\System32\drivers\vmnetuserif.sys
2009-03-03 15:27 . 2008-10-28 17:03   18,736   -ra------   c:\windows\System32\drivers\vmnet.sys
2009-03-03 15:27 . 2008-10-28 17:03   16,560   --a------   c:\windows\System32\drivers\vmnetadapter.sys
2009-03-03 15:26 . 2008-10-28 17:03   31,280   --a------   c:\windows\System32\drivers\vmusb.sys
2009-03-03 15:26 . 2008-10-28 23:08   23,216   --a------   c:\windows\System32\drivers\VMkbd.sys
2009-03-03 15:24 . 2009-03-14 08:50   <DIR>   d--------   c:\users\All Users\VMware
2009-03-03 15:24 . 2009-03-14 08:50   <DIR>   d--------   c:\programdata\VMware
2009-03-03 15:23 . 2009-03-03 15:23   <DIR>   d--------   c:\program files\VMware
2009-03-03 15:18 . 2009-03-03 15:18   <DIR>   d--------   c:\users\All Users\IM
2009-03-03 15:18 . 2009-03-03 15:18   <DIR>   d--------   c:\programdata\IM
2009-03-03 13:47 . 2009-03-03 13:47   <DIR>   d--------   c:\windows\uninstall\VISTA Tuning
2009-03-02 15:44 . 2009-03-03 13:47   <DIR>   d--------   c:\windows\uninstall
2009-03-02 15:44 . 2009-03-02 15:44   <DIR>   d--------   c:\program files\EMME
2009-03-02 11:04 . 2009-03-02 11:04   <DIR>   d--------   c:\program files\Date * bitte keine illegalen Tipps *er 2000
2009-03-02 11:04 . 2009-03-02 11:04   519   --a------   c:\windows\ST6UNST.001
2009-03-02 11:02 . 2009-03-08 14:10   249,856   ---------   c:\windows\Setup1.exe
2009-03-02 11:02 . 2009-03-08 14:10   73,216   --a------   c:\windows\ST6UNST.EXE
2009-03-02 11:02 . 2009-03-02 11:03   813   --a------   c:\windows\ST6UNST.000
2009-03-02 10:43 . 2009-03-12 16:25   <DIR>   d--------   c:\users\Jürgen\AppData\Roaming\ProtectDisc
2009-03-02 10:41 . 2009-03-02 10:41   <DIR>   d--------   c:\users\All Users\DATA BECKER Downloads
2009-03-02 10:41 . 2009-03-02 10:41   <DIR>   d--------   c:\programdata\DATA BECKER Downloads
2009-03-02 10:41 . 2009-03-02 10:41   <DIR>   d--------   c:\program files\ProtectDisc Driver Installer
2009-03-02 10:41 . 2009-03-02 10:41   <DIR>   d--------   c:\program files\ProtectDisc
2009-03-02 10:41 . 2009-03-02 10:41   <DIR>   d--------   c:\program files\Common Files\DATA BECKER Shared
2009-02-26 22:05 . 2008-07-12 08:18   3,851,784   --a------   c:\windows\System32\D3DX9_39.dll
2009-02-26 22:05 . 2008-07-12 08:18   1,493,528   --a------   c:\windows\System32\D3DCompiler_39.dll
2009-02-26 22:05 . 2008-07-31 10:40   509,448   --a------   c:\windows\System32\XAudio2_2.dll
2009-02-26 22:05 . 2008-07-12 08:18   467,984   --a------   c:\windows\System32\d3dx10_39.dll
2009-02-26 22:05 . 2008-07-31 10:41   238,088   --a------   c:\windows\System32\xactengine3_2.dll
2009-02-26 22:05 . 2008-07-31 10:41   68,616   --a------   c:\windows\System32\XAPOFX1_1.dll
2009-02-25 22:52 . 2009-02-27 12:39   <DIR>   d--------   c:\program files\Saints Row 2
2009-02-21 10:06 . 2009-02-21 10:11   <DIR>   d--------   c:\users\Jürgen\AppData\Roaming\U3
2009-02-20 10:31 . 2009-03-11 17:27   <DIR>   d--------   c:\users\Jürgen\AppData\Roaming\VMware
2009-02-20 10:22 . 2009-03-03 15:26   1,024   --a------   C:\.rnd
2009-02-19 16:59 . 2009-03-03 16:15   2,562   --a------   c:\windows\diagwrn.xml
2009-02-19 16:59 . 2009-03-03 16:15   1,908   --a------   c:\windows\diagerr.xml
2009-02-19 16:08 . 2008-04-14 19:51   171,136   -rahs----   C:\grldr
2009-02-18 12:46 . 2009-02-18 12:46   <DIR>   d--------   c:\users\Jürgen\AppData\Roaming\Webcammax
2009-02-18 10:51 . 2009-02-18 10:51   <DIR>   d--------   c:\windows\Full Speed
2009-02-17 16:40 . 2008-11-04 00:56   327,192   --a------   c:\windows\System32\drivers\iaStor.sys
2009-02-17 16:40 . 2006-11-10 15:25   319,456   --a------   c:\windows\System32\difxapi.dll
2009-02-17 16:38 . 2008-11-13 07:41   252,544   --a------   c:\windows\System32\PROUnstl.exe
2009-02-17 16:38 . 2006-01-12 14:52   1,904   ---------   c:\windows\System32\SetupBD.din
2009-02-17 16:36 . 2008-12-04 22:55   217,728   --a------   c:\windows\System32\drivers\e1e6032.sys
2009-02-17 16:36 . 2007-12-14 12:06   121,440   --a------   c:\windows\System32\e1000msg.dll
2009-02-17 16:36 . 2008-11-18 16:23   57,464   --a------   c:\windows\System32\NicInE6.dll
2009-02-17 16:36 . 2007-08-24 07:58   28,272   --a------   c:\windows\System32\NicCo26.dll
2009-02-17 16:36 . 2008-11-13 11:59   2,789   --a------   c:\windows\System32\e1e6032.din
2009-02-17 16:19 . 2009-02-17 16:19   <DIR>   d--------   c:\users\Jürgen\AppData\Roaming\Logitech
2009-02-17 16:19 . 2009-02-17 16:19   <DIR>   d--------   c:\users\All Users\LogiShrd
2009-02-17 16:19 . 2009-02-17 16:19   <DIR>   d--------   c:\programdata\LogiShrd
2009-02-17 16:19 . 2009-02-17 16:19   0   --ah-----   c:\windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-02-17 16:19 . 2009-02-17 16:19   0   --ah-----   c:\windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-02-17 16:19 . 2009-02-17 16:19   0   --ah-----   c:\windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-02-17 16:18 . 2009-02-17 16:18   <DIR>   d--------   c:\users\All Users\Logitech
2009-02-17 16:18 . 2009-02-17 16:18   <DIR>   d--------   c:\programdata\Logitech
2009-02-17 16:18 . 2009-02-17 16:18   <DIR>   d--------   c:\program files\Common Files\Logishrd
2009-02-17 16:18 . 2008-11-07 16:37   301,656   --a------   c:\windows\System32\BtCoreIf.dll
2009-02-17 16:18 . 2008-11-07 16:38   170,512   --a------   c:\windows\System32\kemutb.dll
2009-02-17 16:18 . 2008-11-07 16:38   145,936   --a------   c:\windows\System32\KemUtil.dll
2009-02-17 16:18 . 2008-11-07 16:38   117,264   --a------   c:\windows\System32\KemWnd.dll
2009-02-17 16:18 . 2008-11-07 16:38   84,496   --a------   c:\windows\System32\KemXML.dll
2009-02-17 15:47 . 2007-09-02 20:56   1,686,016   --a------   c:\windows\System32\clinetsuitex6.ocx
2009-02-17 15:47 . 2009-02-17 15:47   680,960   --a------   c:\windows\is-I255M.exe
2009-02-17 15:47 . 2004-06-14 14:56   427,864   --a------   c:\windows\System32\XceedZip.dll
2009-02-17 15:47 . 2009-02-17 15:47   12,782   --a------   c:\windows\is-I255M.msg
2009-02-17 15:47 . 2009-02-17 15:47   454   --a------   c:\windows\is-I255M.lst
2009-02-17 13:35 . 2009-03-12 19:03   <DIR>   d--------   c:\users\Jürgen\AppData\Roaming\IDM
2009-02-17 10:55 . 2009-02-17 10:55   <DIR>   d--------   c:\users\Jürgen\AppData\Roaming\InstallShield
2009-02-17 09:45 . 2007-08-10 12:56   303,104   --a------   c:\windows\System32\ciplListBar.ocx
2009-02-17 09:45 . 2009-01-10 14:03   208,896   --a------   c:\windows\System32\ConTest.dll
2009-02-17 09:45 . 2007-08-10 12:56   155,648   --a------   c:\windows\System32\ciplImageList.ocx
2009-02-17 09:45 . 2007-07-03 11:48   36,864   --a------   c:\windows\System32\ascbalon.dll
2009-02-14 10:32 . 2009-02-14 10:32   21,644   --a------   c:\windows\System32\TUProgSt_20090214-093251.dmp

.

Teil 2
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 07:52   2,097,152   --sha-w   c:\users\Jürgen\NTUSER.DAT
2009-03-14 07:52   2,097,152   --sha-w   c:\users\Jürgen\NTUSER.DAT
2009-03-14 07:50   ---------   d-----w   c:\programdata\Kaspersky Lab
2009-03-14 07:49   745,504   --sha-w   c:\windows\system32\drivers\fidbox2.dat
2009-03-14 07:49   6,772   --sha-w   c:\windows\system32\drivers\fidbox2.idx
2009-03-14 07:49   6,229,024   --sha-w   c:\windows\system32\drivers\fidbox.dat
2009-03-14 07:49   54,984   --sha-w   c:\windows\system32\drivers\fidbox.idx
2009-03-14 07:42   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\DMCache
2009-03-12 18:03   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\IDM
2009-03-12 15:25   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\ProtectDisc
2009-03-12 15:19   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\Malwarebytes
2009-03-11 17:56   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\Skype
2009-03-11 17:46   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\skypePM
2009-03-11 16:27   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\VMware
2009-03-10 10:02   1,868,944   ----a-w   c:\windows\System32\RSA32_16.DLL
2009-03-10 09:57   410,984   ----a-w   c:\windows\System32\deploytk.dll
2009-03-09 11:47   ---------   d-----w   c:\program files\Google
2009-03-06 12:48   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\Apple Computer
2009-03-05 15:10   ---------   d-----w   c:\program files\Common Files\Lexware
2009-03-05 14:38   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\InterTrust
2009-03-05 14:38   ---------   d-----w   c:\program files\Common Files\Adobe
2009-03-05 14:35   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-02-21 09:11   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\U3
2009-02-19 21:01   ---------   d-s---w   c:\users\Jürgen\AppData\Roaming\Microsoft
2009-02-19 14:19   138,464   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-02-19 14:18   111,928   ----a-w   c:\windows\System32\PnkBstrB.exe
2009-02-18 11:46   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\Webcammax
2009-02-17 15:40   ---------   d-----w   c:\program files\Intel
2009-02-17 15:32   ---------   d-----w   c:\programdata\NVIDIA
2009-02-17 15:27   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-02-17 15:26   ---------   d-----w   c:\program files\AGEIA Technologies
2009-02-17 15:19   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\Logitech
2009-02-17 15:09   ---------   d--h--w   c:\program files\Temp
2009-02-17 15:08   319,456   ----a-w   c:\windows\DIFxAPI.dll
2009-02-17 09:55   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\InstallShield
2009-02-16 15:57   ---------   d-----w   c:\program files\AVS4YOU
2009-02-14 12:14   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\ZoomBrowser EX
2009-02-11 14:58   ---------   d-----w   c:\programdata\Microsoft Help
2009-02-06 12:03   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\CameraWindowDC
2009-02-06 12:02   0   ---ha-w   c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-02-06 12:02   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\CANON INC
2009-02-06 10:09   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\Adobe
2009-02-06 10:00   ---------   d-----w   c:\program files\Common Files\Macrovision Shared
2009-02-06 09:10   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\Foxit
2009-02-04 14:03   33,808   ----a-w   c:\windows\system32\drivers\klbg.sys
2009-02-03 21:45   89,601   ----a-w   c:\windows\system32\drivers\klick.dat
2009-02-03 21:45   101,287   ----a-w   c:\windows\system32\drivers\klin.dat
2009-02-03 09:47   ---------   d-----w   c:\program files\Realtek
2009-01-31 16:05   268,048   ----a-w   c:\windows\System32\dxtmeta2.dll
2009-01-31 09:26   22,328   ----a-w   c:\users\Jürgen\AppData\Roaming\PnkBstrK.sys
2009-01-31 09:25   66,872   ----a-w   c:\windows\System32\PnkBstrA.exe
2009-01-31 09:25   2,250,024   ----a-w   c:\windows\System32\pbsvc.exe
2009-01-31 09:21   ---------   d-----w   c:\program files\Ubisoft
2009-01-25 09:50   ---------   d-----w   c:\programdata\AVSVideoBurner
2009-01-24 21:31   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\AVS4YOU
2009-01-24 21:30   ---------   d-----w   c:\program files\Common Files\AVSMedia
2009-01-24 21:28   39,537,784   ----a-w   c:\users\Jürgen\AppData\Roaming\AVSVideoConverter.exe
2009-01-24 16:09   ---------   d-----w   c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-24 16:04   ---------   d-----w   c:\program files\MSXML 4.0
2009-01-24 12:17   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\ScanSoft
2009-01-24 12:14   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-01-24 12:06   107,888   ----a-w   c:\windows\System32\CmdLineExt.dll
2009-01-24 09:55   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\Activision
2009-01-24 09:21   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\Canneverbe_Limited
2009-01-24 09:16   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\TeamViewer
2009-01-24 09:15   ---------   d-----w   c:\program files\TeamViewer3
2009-01-24 08:48   ---------   d-----w   c:\program files\Canon
2009-01-24 08:45   ---------   d-----w   c:\program files\Common Files\Canon
2009-01-24 08:43   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\Zeon
2009-01-24 08:42   ---------   d-----w   c:\programdata\ScanSoft
2009-01-24 08:42   ---------   d-----w   c:\program files\Common Files\ScanSoft Shared
2009-01-24 08:41   ---------   d-----w   c:\programdata\Zeon
2009-01-24 08:41   ---------   d-----w   c:\programdata\InstallShield
2009-01-24 08:40   ---------   d-----w   c:\program files\ScanSoft
2009-01-24 08:31   ---------   d-----w   c:\program files\Microsoft.NET
2009-01-24 08:31   ---------   d-----w   c:\program files\Microsoft Works
2009-01-23 22:08   ---------   d-----w   c:\program files\Java
2009-01-23 21:39   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\DataDesign
2009-01-23 21:31   2,963,456   ----a-w   c:\program files\Common FilesDDBACSetup.msi
2009-01-23 21:30   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\Lexware
2009-01-23 21:30   ---------   d-----w   c:\programdata\Lexware
2009-01-23 21:30   ---------   d-----w   c:\program files\Lexware
2009-01-23 21:30   ---------   d-----w   c:\program files\Common Files\DataDesign
2009-01-23 21:27   ---------   d-----w   c:\program files\Common Files\Java
2009-01-23 18:18   603,904   ----a-w   c:\windows\System32\TUProgSt.exe
2009-01-23 18:18   362,240   ----a-w   c:\windows\System32\TuneUpDefragService.exe
2009-01-23 18:18   ---------   d-----w   c:\programdata\TuneUp Software
2009-01-23 18:17   ---------   d-sh--w   c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-23 16:51   ---------   d-----w   c:\program files\Common Files\Stardock
2009-01-23 16:14   56   ---ha-w   c:\users\All Users\ezsidmv.dat
2009-01-23 16:14   56   ---ha-w   c:\programdata\ezsidmv.dat
2009-01-23 16:11   ---------   d-----w   c:\programdata\Skype
2009-01-23 16:11   ---------   d-----w   c:\program files\Common Files\Skype
2009-01-23 16:11   ---------   d-----r   c:\program files\Skype
2009-01-23 16:10   ---------   d-----w   c:\program files\Linksys
2009-01-23 15:45   503,808   ----a-w   c:\windows\msvcp71.dll
2009-01-23 15:45   352,256   ----a-w   c:\windows\msvcr71.dll
2009-01-23 15:28   ---------   d-----w   c:\program files\IncrediMail
2009-01-23 15:19   ---------   d-----w   c:\users\Jürgen\AppData\Roaming\Macromedia
2009-01-23 15:14   ---------   d-----w   c:\programdata\IncrediMail
.
 


« Über 70 viren und trojaner , was tun ?virus fake alert eingefangen. seitdem kein zugriff auf windows, hilfe »
 

Schnelle Hilfe: Hier nach ähnlichen Fragen und passenden Tipps suchen!