Hallo!
mein Antivir hat vor ein paar Tagen Alarm geschlagen und den Trojaner Dr/Dldr.zlob.ate gefunden und beim aktiv Scan von Panda als ich ihn machen wollte, hat er den w95/Blumblebee.1738 gefunden. Hab mich hier im Forum mal umgekuckt und paar Sachen schon gemacht im Abgesicherten Modus. Wie das hier: http://www.trojaner-board.de/21709-a...fakeale-c.html

Weiß jetzt aber nicht wie ich weiter vorgehen soll oder was soll ich nun löschen? Die killbox hab ich mir auch runtergeladen.

Danke für eure Mithilfe.

Logfile of HijackThis v1.99.1
Scan saved at 1:42:29 PM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\Programme\SPYWAREfighter\spfprc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programme\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Programme\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra 'Tools' menuitem: Coral Eurobet Poker - {050AC5CD-E1E1-41ab-8CE0-61B56EFA7FA1} - C:\Programme\CoralEurobetPoker\coraleurobetpoker.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programme\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programme\Titan Poker\casino.exe
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programme\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programme\PartyGaming\PartyGammon\RunBackGammon.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programme\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programme\EmpirePoker\EmpirePoker.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programme\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programme\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\Partycasino\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\Partycasino\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Programme\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Programme\PartyGaming\PartyBingo\RunBingo.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{634F191B-6B93-4AE2-A870-E820FFA81C46}: NameServer = 194.25.0.70,217.237.151.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{634F191B-6B93-4AE2-A870-E820FFA81C46}: NameServer = 194.25.0.70,217.237.151.97
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programme\SPYWAREfighter\spfprc.exe

E-Scan weiß jetzt nicht was ich rein posten soll, sagt mir was ich rein posten soll:

Sat Nov 18 13:26:54 2006 => ***** Scanning complete. *****

Sat Nov 18 13:26:54 2006 => Total Objects Scanned: 18840
Sat Nov 18 13:26:54 2006 => Total Critical Objects: 11
Sat Nov 18 13:26:55 2006 => Total Disinfected Objects: 0
Sat Nov 18 13:26:55 2006 => Total Objects Renamed: 0
Sat Nov 18 13:26:55 2006 => Total Deleted Objects: 0
Sat Nov 18 13:26:55 2006 => Total Errors: 34
Sat Nov 18 13:26:55 2006 => Time Elapsed: 00:02:16
Sat Nov 18 13:26:55 2006 => Virus Database Date: 11/18/2006
Sat Nov 18 13:26:55 2006 => Virus Database Count: 242712

Sat Nov 18 13:26:55 2006 => Scan Completed.

Sat Nov 18 13:27:04 2006 => Virus Database Date: 11/18/2006
Sat Nov 18 13:27:04 2006 => Virus Database Count: 242712
Sat Nov 18 13:27:18 2006 => AV Library Unloaded (3)...
Sat Nov 18 13:40:28 2006 => **********************************************************
Sat Nov 18 13:40:28 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Sat Nov 18 13:40:28 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Sat Nov 18 13:40:28 2006 => **********************************************************
Sat Nov 18 13:40:28 2006 => Source: C:\DOKUME~1\ADMINI~1\Desktop\mwav.exe
Sat Nov 18 13:40:28 2006 => Version 8.7.4 (C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mexe.com)
Sat Nov 18 13:40:28 2006 => Log File: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\MWAV.LOG
Sat Nov 18 13:40:28 2006 => Last Scan Date and Time: 18.11.2006 13:24:36
Sat Nov 18 13:40:28 2006 => MWAV Registered: FALSE.
Sat Nov 18 13:40:28 2006 => User Account: Administrator
Sat Nov 18 13:40:28 2006 => OS Type: Windows Workstation
Sat Nov 18 13:40:28 2006 => OS: Windows XP
Sat Nov 18 13:40:28 2006 => Ver: Service Pack 2 (Build 2600)
Sat Nov 18 13:40:28 2006 => Windows Root Folder: C:\WINDOWS
Sat Nov 18 13:40:28 2006 => Windows Sys32 Folder: C:\WINDOWS\system32
Sat Nov 18 13:40:28 2006 => Local Fixed Drives: c:\,d:\
Sat Nov 18 13:40:28 2006 => MWAV Mode: Only Scan files.
Sat Nov 18 13:40:28 2006 => Latest Date of files inside MWAV: 18 Nov 2006 05:01:2.
Sat Nov 18 13:40:29 2006 => AV Library Loaded...
Sat Nov 18 13:40:29 2006 => MWAV doing self scanning...
Sat Nov 18 13:40:29 2006 => Scanning File C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Getvlist.exe
Sat Nov 18 13:40:29 2006 => Scanning File C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\main.avi
Sat Nov 18 13:40:29 2006 => Scanning File C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\virus.avi
Sat Nov 18 13:40:29 2006 => Scanning File C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ScanningProcess.exe
Sat Nov 18 13:40:29 2006 => Scanning File C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Kave.dll
Sat Nov 18 13:40:29 2006 => Scanning File C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\prloader.dll
Sat Nov 18 13:40:29 2006 => MWAV files are clean.
Sat Nov 18 13:40:30 2006 => Virus Database Date: 11/18/2006
Sat Nov 18 13:40:30 2006 => Virus Database Count: 242712

smitfiles:


smitRem © log file
version 3.2

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"

Running from
C:\Bases_X\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe (C)2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP Firewall allowed access

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Sierra\\Counter-Strike\\cstrike.exe"="C:\\Sierra\\Counter-Strike\\cstrike.exe:*:Enabled:CounterStrike Launcher"
"C:\\Programme\\EA Games\\Need for Speed Underground 2\\speed2.exe"="C:\\Programme\\EA Games\\Need for Speed Underground 2\\speed2.exe:*:Enabled:speed2"
"C:\\Programme\\EA Games\\Command and Conquer Generals\\game.dat"="C:\\Programme\\EA Games\\Command and Conquer Generals\\game.dat:*:Enabled:game"
"C:\\Programme\\PartyPoker\\PartyPoker.exe"="C:\\Programme\\PartyPoker\\PartyPoker.exe:*:Enabled:PartyPoker"
"C:\\Programme\\Yahoo!\\Messenger\\YPager.exe"="C:\\Programme\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"="C:\\Programme\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Dokumente und Einstellungen\\*:Enabled:hl2"
"C:\\Programme\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Programme\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programme\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\javaw.exe:*isabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 748 'explorer.exe'
Killing PID 748 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN!

Zitat:

Sat Nov 18 13:26:54 2006 => Total Critical Objects: 11

11 kritische Objekte wurden gefunden. Welche waren denn das?

hm vielleicht die hier.., ?

v 18 13:25:15 2006 => ***** Scanning Registry and File system for Adware/Spyware *****
Sat Nov 18 13:25:16 2006 => Loading Spyware Signatures from new External Database (Size: 182570).
Sat Nov 18 13:25:18 2006 => Indexed Spyware Databases Successfully Created...

Sat Nov 18 13:25:19 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\st6unst #1 !!!
Sat Nov 18 13:25:29 2006 => Object "spyware.screenview Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 18 13:25:29 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\st6unst #1 !!!
Sat Nov 18 13:25:29 2006 => Object "spyware.screenview Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 18 13:25:29 2006 => Offending Key found: HKLM\Software\ptech !!!
Sat Nov 18 13:25:29 2006 => Object "prutect Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 18 13:25:29 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\powerstrip !!!
Sat Nov 18 13:25:29 2006 => Object "powerstrip Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 18 13:25:31 2006 => Offending Folder found: C:\Programme\powerstrip
Sat Nov 18 13:25:31 2006 => Object "powerstrip Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 18 13:25:35 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Administrator\Startmenü\programme\powerstrip
Sat Nov 18 13:25:35 2006 => Object "powerstrip Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 18 13:25:35 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\powerstrip
Sat Nov 18 13:25:35 2006 => Object "powerstrip Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 18 13:25:42 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Dokumente\eigene bilder\support.url
Sat Nov 18 13:25:42 2006 => System found infected with winfixer/errorsafe Adware (support.url)! Action taken: No Action Taken.

Sat Nov 18 13:25:42 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder\support.url
Sat Nov 18 13:25:42 2006 => System found infected with winfixer/errorsafe Adware (support.url)! Action taken: No Action Taken.

Sat Nov 18 13:25:43 2006 => Offending file found: C:\WINDOWS\setup1.exe
Sat Nov 18 13:25:43 2006 => System found infected with spyware.screenview Spyware/Adware (C:\WINDOWS\setup1.exe)! Action taken: No Action Taken.

Sat Nov 18 13:25:43 2006 => Offending file found: C:\WINDOWS\st6unst.exe
Sat Nov 18 13:25:43 2006 => System found infected with spyware.screenview Spyware/Adware (C:\WINDOWS\st6unst.exe)! Action taken: No Action Taken.

Sat Nov 18 13:25:47 2006 => Checking CLSID Reference Entries...
Sat Nov 18 13:25:47 2006 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Sat Nov 18 13:25:47 2006 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Sat Nov 18 13:25:48 2006 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.

Sat Nov 18 13:25:48 2006 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Sat Nov 18 13:25:48 2006 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Sat Nov 18 13:25:49 2006 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Sat Nov 18 13:25:49 2006 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Sat Nov 18 13:25:49 2006 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Sat Nov 18 13:25:49 2006 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Sat Nov 18 13:25:49 2006 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Sat Nov 18 13:25:49 2006 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Sat Nov 18 13:25:49 2006 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

Sat Nov 18 13:25:49 2006 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

Sat Nov 18 13:25:49 2006 => Checking Module Usage Entries...
Sat Nov 18 13:25:49 2006 => Checking User Trusted External App Entries...
Sat Nov 18 13:25:49 2006 => Checking Shared DLL Entries...
Sat Nov 18 13:25:50 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\MSXML3A.DLL". Action Taken: No Action Taken.

Sat Nov 18 13:25:50 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe\Photoshop Album\Kataloge\My Catalog.psa". Action Taken: No Action Taken.

Sat Nov 18 13:25:50 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\PartyGaming\PartyCasino\Images\saveversiontofile.sh". Action Taken: No Action Taken.

Sat Nov 18 13:25:50 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\myTV\update.ini". Action Taken: No Action Taken.

Sat Nov 18 13:25:50 2006 => Checking Installer Entries...
Sat Nov 18 13:25:51 2006 => Checking Shared Tools Entries...
Sat Nov 18 13:25:51 2006 => Checking File Extension Entries...
Sat Nov 18 13:25:51 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1". Action Taken: No Action Taken.

Sat Nov 18 13:25:51 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".2malerei". Action Taken: No Action Taken.

Sat Nov 18 13:25:51 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".blob". Action Taken: No Action Taken.

Sat Nov 18 13:25:51 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cfg". Action Taken: No Action Taken.

Sat Nov 18 13:25:51 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".doc/II1-364aEKL". Action Taken: No Action Taken.

Sat Nov 18 13:25:51 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mst". Action Taken: No Action Taken.

Sat Nov 18 13:25:51 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pah". Action Taken: No Action Taken.

Sat Nov 18 13:25:51 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ram". Action Taken: No Action Taken.

Sat Nov 18 13:25:51 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rm". Action Taken: No Action Taken.

Sat Nov 18 13:25:51 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".smi". Action Taken: No Action Taken.

Sat Nov 18 13:25:51 2006 => Checking Application Cache Entries...
Sat Nov 18 13:25:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AntiVir/XP". Action Taken: No Action Taken.

Sat Nov 18 13:25:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "CoralEurobetPoker". Action Taken: No Action Taken.

Sat Nov 18 13:25:51 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B6F867E8-F092-4C5E-7D72-AC7057DBEF45}". Action Taken: No Action Taken.

Hi

Also wenn du nicht wirklich im Internet Poker spielst schmeiss die Files alle weg:

C:\Programme\Titan Poker\casino.exe
C:\Programme\PartyGaming\PartyGammon\RunBackGammon .exe
C:\Programme\EmpirePoker\EmpirePoker.exe
C:\Programme\UltimateBet\UltimateBet.exe
C:\Programme\Partycasino\PartyCasino\RunCasino.exe
C:\Programme\PartyGaming\PartyPoker\RunApp.exe
C:\Programme\PartyGaming\PartyBingo\RunBingo.exe

Ein Scan mit einem akt. Scanner schadet sicher nicht, die Registry keys die als "böse" erkannt werden kannst du löschen.

Just my two cents

siehe unten

Hi Danke für die Rückantwort. Die Pokerseiten kann ich leider nicht löschen, ich leb davon. Die stören ja nicht oder? Ich will ja nix falsches machen oder löschen welche sind jetzt Böse von der Registry. Welche soll ich löschen? Kann mir die einer Auflisten Bitte. Hab nämlich einmal so einiges vernichtet und das war nicht lustig wenn man den Rechner auch fürs Arbeiten benutzt.

Daniel

Lies Dir mal ganz genau die eScan Anleitung (ganz unten) durch, v.a. den Tipp mit der FIND.BAT:

Zitat:

[5] Rechtsklick auf die Find.zip -> Ziel speichern unter… z.B. 'C:\Find.zip' -> 'Find.zip' entpacken z.B. 'C:\Find.bat' -> 'Find.bat' doppelklicken und den Scan abwarten -> den Inhalt [6] der automatisch erstellten 'C:\eScan_neu.txt' posten.

Hi

Schick diese Files nochmal bei Virustotal.com hoch

C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe


Löschen kannst du
HKLM\Software\ptech

(http://www.pestpatrol.com/spywarecenter/pest.aspx?id=453075049)

Schau ob du ein Programm namens Powerstrip findest bei Systemsteuerung -> Software
Wenn ja kannst das deinstallieren ..
NUR es gibt sehr wohl eine legitime Software namens Powerstrip, also wenn du da ein Icon dazu hast rechts neben der Uhr die Powerstrip anzeigt wenn du drauf klickst, ist es wahrscheinlich die Software.
(also ich wäre da vorsichtig).


Generell würde ich dir empfehlen einen Scanner zu installieren (vorher einen eventuell installieren Virus Guard deaktivieren) z.b. Kaspersky und den mal mit akt. Signaturen drüber laufen zu lassen. (beim Update eventuell Erweiterer Datenbanken auswählen).

lg

hab glaub ich die escan_neu txt ist die richtig?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Nov 18 13:25:42 2006 => System found infected with winfixer/errorsafe Adware (support.url)! Action taken: No Action Taken.
Sat Nov 18 13:25:42 2006 => System found infected with winfixer/errorsafe Adware (support.url)! Action taken: No Action Taken.
Sat Nov 18 13:25:43 2006 => System found infected with spyware.screenview Spyware/Adware (C:\WINDOWS\setup1.exe)! Action taken: No Action Taken.
Sat Nov 18 13:25:43 2006 => System found infected with spyware.screenview Spyware/Adware (C:\WINDOWS\st6unst.exe)! Action taken: No Action Taken.
Sat Nov 18 13:25:29 2006 => Object "spyware.screenview Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Nov 18 13:25:29 2006 => Object "spyware.screenview Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Nov 18 13:25:29 2006 => Object "prutect Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Nov 18 13:25:29 2006 => Object "powerstrip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Nov 18 13:25:31 2006 => Object "powerstrip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Nov 18 13:25:35 2006 => Object "powerstrip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Nov 18 13:25:35 2006 => Object "powerstrip Spyware/Adware" found in File System! Action Taken: No Action Taken.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Sat Nov 18 13:25:42 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Dokumente\eigene bilder\support.url
Sat Nov 18 13:25:42 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder\support.url
Sat Nov 18 13:25:43 2006 => Offending file found: C:\WINDOWS\setup1.exe
Sat Nov 18 13:25:43 2006 => Offending file found: C:\WINDOWS\st6unst.exe
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
Sat Nov 18 13:25:31 2006 => Offending Folder found: C:\Programme\powerstrip
Sat Nov 18 13:25:35 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Administrator\Startmenü\programme\powerstrip
Sat Nov 18 13:25:35 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\powerstrip
~~~~~~~~~~~
Registry
~~~~~~~~~~~
Sat Nov 18 13:25:19 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\st6unst #1 !!!
Sat Nov 18 13:25:29 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\st6unst #1 !!!
Sat Nov 18 13:25:29 2006 => Offending Key found: HKLM\Software\ptech !!!
Sat Nov 18 13:25:29 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\powerstrip !!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Nov 18 13:26:55 2006 => Total Errors: 34
Sat Nov 18 13:26:55 2006 => Time Elapsed: 00:02:16
Sat Nov 18 13:26:54 2006 => Total Objects Scanned: 18840
Sat Nov 18 13:23:17 2006 => Virus Database Date: 11/18/2006
Sat Nov 18 13:26:55 2006 => Virus Database Date: 11/18/2006
Sat Nov 18 13:27:04 2006 => Virus Database Date: 11/18/2006
Sat Nov 18 13:40:30 2006 => Virus Database Date: 11/18/2006
Sun Nov 19 01:13:50 2006 => Virus Database Date: 11/18/2006
Sun Nov 19 18:15:51 2006 => Virus Database Date: 11/18/2006
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--------------------------------------------------
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\MWAV.LOG
--------------------------------------------------

wie gehts jetzt weiter? danke im vorraus.

Zitat:

Zitat von Njall

Schick diese Files nochmal bei Virustotal.com hoch
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe

spnpinst.exe
Sysocmgr.exe

C:\WINDOWS\setup1.exe
C:\WINDOWS\st6unst.exe

Werte doch mal diese Dateien bei Jotti oder Virustotal aus und poste das komplette Ergebnis.

Ok



Die uninstall hatte ich mal vom Namen her ausgeschlossen obwohl man die Sicher checken kann.

Ich denke ich werde mal öfter Google bemühen, ich versuche momentan die HJT Logs aus dem Gedächtnis zu bewerten, als Training.
(Weil was mache ich wenn ich was fixen muss und kein Google habe

Obwohl .. dann würde ich mir die Files auch in real anschauen und dann wüsste ich sowieso was Sache ist

*g*

Hallo! Danke für die schnellen Antw.

Virustotal hat kein Virus gefunden bei den vier von euch geposteten Dateien die ich Checken sollte:

File "setup1.exe" received on 11.19.2006 at 19:47:53 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.
Antivirus Version Update Result
AntiVir 7.2.0.39 11.19.2006 no virus found
Authentium 4.93.8 11.17.2006 no virus found
Avast 4.7.892.0 11.18.2006 no virus found
AVG 386 11.18.2006 no virus found
BitDefender 7.2 11.19.2006 no virus found
CAT-QuickHeal 8.00 11.18.2006 no virus found
ClamAV devel-20060426 11.19.2006 no virus found
DrWeb 4.33 11.19.2006 no virus found
eSafe 7.0.14.0 11.19.2006 no virus found
eTrust-InoculateIT 23.73.59 11.18.2006 no virus found
eTrust-Vet 30.3.3197 11.17.2006 no virus found
Ewido 4.0 11.19.2006 no virus found
Fortinet 2.82.0.0 11.19.2006 no virus found
F-Prot 3.16f 11.17.2006 no virus found
F-Prot4 4.2.1.29 11.17.2006 no virus found
Ikarus 0.2.65.0 11.19.2006 no virus found
Kaspersky 4.0.2.24 11.19.2006 no virus found
McAfee 4899 11.18.2006 no virus found
Microsoft 1.1609 11.19.2006 no virus found
Aditional Information
File size: 249856 bytes
MD5: b9917fc4c836776765e311fff84dd534
SHA1: 63cf6b3992f2058f6a5995293e1017627569f8b5

Complete scanning result of "st6unst.exe", received in VirusTotal at 11.19.2006, 19:52:34 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.39 11.19.2006 no virus found
Authentium 4.93.8 11.17.2006 no virus found
Avast 4.7.892.0 11.18.2006 no virus found
AVG 386 11.18.2006 no virus found
BitDefender 7.2 11.19.2006 no virus found
CAT-QuickHeal 8.00 11.18.2006 no virus found
ClamAV devel-20060426 11.19.2006 no virus found
DrWeb 4.33 11.19.2006 no virus found
eSafe 7.0.14.0 11.19.2006 no virus found
eTrust-InoculateIT 23.73.59 11.18.2006 no virus found
eTrust-Vet 30.3.3197 11.17.2006 no virus found
Ewido 4.0 11.19.2006 no virus found
Fortinet 2.82.0.0 11.19.2006 no virus found
F-Prot 3.16f 11.17.2006 no virus found
F-Prot4 4.2.1.29 11.17.2006 no virus found
Ikarus 0.2.65.0 11.19.2006 no virus found
Kaspersky 4.0.2.24 11.19.2006 no virus found
McAfee 4899 11.18.2006 no virus found
Microsoft 1.1609 11.19.2006 no virus found
NOD32v2 1871 11.19.2006 no virus found
Norman 5.80.02 11.17.2006 no virus found
Panda 9.0.0.4 11.19.2006 no virus found
Prevx1 V2 11.19.2006 no virus found
Sophos 4.11.0 11.16.2006 no virus found
TheHacker 6.0.3.122 11.18.2006 no virus found
UNA 1.83 11.17.2006 no virus found
VBA32 3.11.1 11.19.2006 no virus found
VirusBuster 4.3.15:9 11.19.2006 no virus found

Aditional Information
File size: 73216 bytes
MD5: d422839c99927db561f5c019643eacec
SHA1: e6c1322baebf818092af991de744ea1081cfd062

ist denn jetzt mein Rechner sonst sauber? Was muss noch gefit werden..?

Hmm...scheinen also clean zu sein. Navigier mal nach C:\WINDOWS\ und lass Dir die Eigenschaften dieser beiden Dateien anzeigen; poste doch mal das was dort im Register "Version" steht.
Hattest Du schon mit Blacklight gescannt? Wenn nicht, hol das nach und poste das Ergebnis. Klapper das hier bitte auch mal ab.

Hi cosinus. Danke für die Antw.

Also die Eigenschaften unter Register Version sind folgende:

setup1.exe
Dateiversion: 6.0.0.8804
Beschr.: Visual Basic 6.0 Setup Tool Kit

ST6unst.exe
Dateiversion: 6.0.84.50
Beschr. Uninstaller

Hilft das?

Blacklight hab ich auch laufen lassen er hat nix gefunden!

Dann hab ich noch das mit der datfind.bat gemacht was du noch empfohlen hast. Weiß nicht soll ich die alle jetzt Posten? Ich versuchs mal..

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1850-35D7

Verzeichnis von C:\WINDOWS\system32

11/20/2006 12:19 PM 49,980 nvapps.xml
11/20/2006 11:46 AM 251 spupdwxp.log
11/20/2006 11:46 AM 6,324 ikhcore.log
11/20/2006 03:46 AM 2,550 Uninstall.ico
11/20/2006 03:46 AM 1,406 Help.ico
11/20/2006 03:46 AM 30,590 pavas.ico
11/19/2006 02:17 PM 2,206 wpa.dbl
11/17/2006 05:03 PM 552 d3d8caps.dat
11/15/2006 09:20 PM 10,474,920 MRT.exe
11/04/2006 02:14 PM 1,245,696 msxml4.dll
10/29/2006 04:06 PM 311,604 perfh009.dat
10/29/2006 04:06 PM 39,992 perfc009.dat
10/29/2006 04:06 PM 316,594 perfh007.dat
10/29/2006 04:06 PM 48,156 perfc007.dat
10/29/2006 04:06 PM 723,744 PerfStringBackup.INI
10/16/2006 11:40 AM 123,392 xpsp3res.dll
10/13/2006 01:35 PM 146,432 nwprovau.dll
09/14/2006 09:39 AM 474,624 shlwapi.dll
09/14/2006 09:39 AM 615,936 urlmon.dll
09/14/2006 09:39 AM 664,576 wininet.dll
09/14/2006 09:39 AM 532,480 mstime.dll
09/14/2006 09:39 AM 39,424 pngfilt.dll
09/14/2006 09:39 AM 448,512 mshtmled.dll
09/14/2006 09:39 AM 3,075,584 mshtml.dll
09/14/2006 09:39 AM 146,432 msrating.dll
09/14/2006 09:39 AM 96,768 inseng.dll
09/14/2006 09:39 AM 357,888 dxtmsft.dll
09/14/2006 09:39 AM 16,384 jsproxy.dll
09/14/2006 09:39 AM 251,392 iepeers.dll
09/14/2006 09:39 AM 55,808 extmgr.dll
09/14/2006 09:39 AM 205,312 dxtrans.dll
09/14/2006 09:39 AM 152,064 cdfview.dll
09/14/2006 09:39 AM 1,056,256 danim.dll
09/14/2006 09:39 AM 1,022,976 browseui.dll
09/13/2006 06:02 AM 1,084,416 msxml3.dll
09/04/2006 07:12 AM 1,494,016 shdocvw.dll
08/25/2006 04:46 PM 617,472 comctl32.dll
08/21/2006 01:26 PM 16,896 fltlib.dll
08/21/2006 10:14 AM 23,040 fltmc.exe
08/17/2006 01:28 PM 332,288 netapi32.dll
08/17/2006 01:28 PM 729,600 lsasrv.dll
08/17/2006 01:28 PM 132,096 wkssvc.dll
08/16/2006 12:58 PM 100,352 6to4svc.dll

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1850-35D7

Verzeichnis von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp

11/20/2006 12:30 PM 512 ~DFDEDF.tmp
11/20/2006 12:29 PM 206 jusched.log
11/20/2006 12:22 PM 289 datFind.zip
11/13/2006 09:39 PM 107 DFC5A2B2.TMP
4 Datei(en) 1,114 Bytes
0 Verzeichnis(se), 46,401,224,704 Bytes frei

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1850-35D7

Verzeichnis von C:\WINDOWS

11/20/2006 12:23 PM 3,018 winzip32.ini
11/20/2006 11:47 AM 2,882,790 FaxSetup.log
11/20/2006 11:47 AM 1,081,868 iis6.log
11/20/2006 11:47 AM 1,563,731 tsoc.log
11/20/2006 11:47 AM 840,177 setupapi.log
11/20/2006 11:47 AM 132,753 ocgen.log
11/20/2006 11:46 AM 555,871 medctroc.Log
11/20/2006 11:46 AM 0 0.log
11/20/2006 11:46 AM 1,347,550 WindowsUpdate.log
11/20/2006 11:46 AM 2,048 bootstat.dat
11/20/2006 03:52 AM 32,622 SchedLgU.Txt
11/19/2006 06:15 PM 50 Lic.xxx
11/19/2006 02:21 PM 21,141 KB923980.log
11/19/2006 02:21 PM 21,085 KB924270.log
11/19/2006 02:21 PM 20,468 KB920213.log
11/19/2006 02:21 PM 23,699 KB922760.log
11/19/2006 02:20 PM 26,374 updspapi.log
11/18/2006 01:21 PM 283,988 ntbtlog.txt
11/18/2006 01:07 PM 205,501 setupact.log
11/18/2006 12:06 PM 774 win.ini
11/17/2006 06:51 PM 210 ChssBase.ini
11/16/2006 11:08 AM 41,730 wmsetup.log
11/03/2006 03:01 AM 363,549 Titan Poker setup.exe
10/30/2006 09:25 PM 69 NeroDigital.ini
10/20/2006 04:16 PM 0 nsreg.dat
10/20/2006 04:16 PM 2,266 mozver.dat
10/12/2006 02:01 AM 13,889 KB924191.log
10/12/2006 02:01 AM 13,698 KB922819.log
10/12/2006 02:00 AM 12,870 KB923414.log
10/12/2006 02:00 AM 12,866 KB924496.log
10/12/2006 02:00 AM 10,272 KB923191.log
09/27/2006 12:31 AM 10,554 KB925486.log
09/13/2006 12:05 AM 11,337 KB920685.log
09/13/2006 12:05 AM 13,113 KB920872.log
09/13/2006 12:04 AM 11,485 KB919007.log
09/13/2006 12:04 AM 7,658 KB922582.log
08/12/2006 07:14 PM 17,641 KB920214.log
08/12/2006 07:14 PM 17,947 KB922616.log
08/12/2006 07:13 PM 17,585 KB921398.log
08/12/2006 07:13 PM 20,585 KB918899.log
08/12/2006 07:13 PM 11,914 KB920670.log
08/12/2006 07:13 PM 12,071 KB917422.log
08/12/2006 07:13 PM 12,331 KB920683.log
08/09/2006 06:36 PM 11,098 KB921883.log

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1850-35D7

Verzeichnis von C:\WINDOWS\temp

11/20/2006 11:47 AM 16,384 Perflib_Perfdata_c18.dat
1 Datei(en) 16,384 Bytes
0 Verzeichnis(se), 46,401,236,992 Bytes frei

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1850-35D7

Verzeichnis von C:\WINDOWS\Downloaded Program Files

08/24/2006 08:28 AM 141,424 asinst.dll
08/22/2006 09:06 AM 537 asinst.inf
08/27/2005 01:30 PM 5,065 swflash.inf
03/07/2005 04:25 PM 65 desktop.ini
02/09/2005 03:54 PM 1,271 erma.inf
02/02/2005 09:36 AM 976,464 EPUWALcontrol.dll
01/31/2005 02:43 PM 539 EPUWALcontrol.inf
12/07/2004 12:21 AM 752 jinstall-1_5_0_01.inf
10/09/2003 09:32 AM 144 QTPlugin.inf
9 Datei(en) 1,126,261 Bytes
0 Verzeichnis(se), 46,401,236,992 Bytes frei

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1850-35D7

Verzeichnis von C:\

11/20/2006 12:35 PM 0 sys.txt
11/20/2006 12:34 PM 733 down.txt
11/20/2006 12:34 PM 292 tmp.txt
11/20/2006 12:33 PM 9,627 system.txt
11/20/2006 12:33 PM 455 systemtemp.txt
11/20/2006 12:29 PM 100,358 system32.txt
11/20/2006 12:15 PM 339,257 CleanUp452.exe
11/20/2006 12:13 PM 854 fsbl-20061120110626.log
11/20/2006 12:06 PM 826,936 blbeta.exe
11/20/2006 11:46 AM 536,399,872 hiberfil.sys
11/20/2006 11:46 AM 805,306,368 pagefile.sys
11/19/2006 06:36 PM 3,872 eScan_neu.txt
11/18/2006 01:42 PM 8,648 hijackthis.log
11/18/2006 01:06 PM 6,038 smitfiles.txt
11/18/2006 12:12 PM 383,836 smitRem.exe
11/17/2006 03:52 PM 320,912 spywarefighter.exe
11/14/2006 04:34 PM 8,604,464 sdsetup.exe
11/13/2006 01:38 AM 23,552 partypokaccounterstl.doc
11/09/2006 02:26 AM 5,700,136 Firefox Setup 2.0.exe
10/30/2006 10:32 PM 20,480 Geiasas.doc
10/26/2006 12:06 AM 17,408 PyramidPromo.xls
10/24/2006 02:13 AM 8,709,197 MyTVSetup.exe
10/20/2006 04:15 PM 5,138,304 Firefox Setup 1.5.0.7.exe
10/17/2006 08:03 PM 196,145 NetInstallPoker.gr.exe
10/12/2006 03:14 PM 4,610,742 asteriapokersetup.exe
10/10/2006 02:16 AM 8,366,552 FullTiltSetup.exe
10/05/2006 01:25 PM 3,430,261 patch21400g.exe
10/04/2006 03:08 AM 4 dllimp_regmsft985
08/27/2006 08:14 PM 10,332,640 SkypeSetup.exe
08/27/2006 07:19 PM 60,928 šbersetzungsGlossar.xls
08/15/2006 09:13 PM 9,157,064 PartyBingoSetup.exe
08/08/2006 08:23 PM 3,353,182 patch21301a.exe
08/06/2006 06:12 PM 84,480 Lebenslauf1.1.doc
08/05/2006 05:09 PM 4,195,546 PAHud-Install-v1.14.exe