Beim hochfahren und runterfahren fehler meldungen

sandman61 · 28.03.2006, 01:26

Hallo!
hab jetzt seid kurzem immer wenn ich mein rechner hoch oder runterfahre eine fehlermeldung wie delus.exe wäre nicht installiert und wäre nicht mehr vorhanden, 16d2c-1.setup.exe auch nicht mehr und is-69b1g.exe auch nicht!!

bei tuneup startup manager hab ich auch einpaar komische einträge!
AvLiteBr
SinReiniciar
InstallShieldSetup
is-69b1g
delus
CRKAVPP
WinSideBySideSetupCleaneup 1370801
Steaming Device Class Installer

hoffe ihr könnt damit was anfangen!

Logfile of HijackThis v1.99.1
Scan saved at 02:00:08, on 28.03.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SLEE503.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Programme\Anti-Blaxx\Anti-Blaxx.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Dokumente und Einstellungen\keine\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Programme\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOKUME~1\keine\LOKALE~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{16D2C~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{16D2C~1\reboot.ini -l0x7
O4 - HKLM\..\RunOnce: [WinSideBySideSetupCleanup 1370801] rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\1370801
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-69B1G.exe" /REG
O4 - HKLM\..\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
O4 - HKLM\..\RunOnce: [WDM_SPLITTER0] rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{9EA331FA-B91B-45F8-9285-BD2BC77AFCDE},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKLM\..\RunOnce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
O4 - HKLM\..\RunOnce: [WDM_DMUSIC2] rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
O4 - HKLM\..\RunOnce: [STREAMIP0] rundll32.exe streamci,StreamingDeviceSetup {D84D449B-62FB-4ebb-B969-5183ED3DFB51},GLOBAL,{71985F4A-1CA1-11d3-9CC8-00C04F7971E0},C:\WINDOWS\INF\streamip.inf,BDAcodec
O4 - HKLM\..\RunOnce: [delus] C:\DOKUME~1\keine\LOKALE~1\Temp\delus.exe
O4 - HKLM\..\RunOnce: [Quartz.dll] regsvr32.exe /s C:\WINDOWS\system32\Quartz.dll
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Verknüpfung mit Ruhezeit-Aktivität vorziehen.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programme\MDT6\InstFred.ocx
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136152690328
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://198.87.3.10/talk.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday-Steuerung) - file://C:\Programme\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programme\MDT6\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview-Steuerung) - file://C:\Programme\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programme\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE503.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

hoffe ihr könnt mir helfen!
danke

stupormundi · 28.03.2006, 09:47

Servus, sandman61!
Ziemliches Durcheinander, Dein Logfile!
Zuerst deinstalliere über die Systemsteuerung mal MessengerPlus 3 wenn es nicht die spywarefreie Version (was ich glaube) ist- da hast Du dir jede Menge Mist mitinstalliert.
Nutze andere Software (hier im board oft genug andere empfohlen, die den ganzen Mist nicht braucht)
Dann lass mal escan nach Cidres Anleitung http://www.trojaner-board.de/showthread.php?t=24192 im abgesicherten Modus http://www.systemwiederherstellung-d...indows-xp.html laufen und poste anschließend das Ergebnis von Hauis45´s 'find.bat' (ist in der Anleitung ebenfalls beschrieben). Halte Dich genau an diese Anleitung (Speicherort von escan-entpacken nach C:\bases_x, Spracheinstellung "English", alle Häkchen wie beschrieben setzen) sonst funktioniert die find.bat nicht. Lies´ die Anleitung zuerst ganz durch, sonst übersiehst Du vielleicht etwas!

stupormundi

sandman61 · 29.03.2006, 10:43

hi stupormundi!
hey warum ducheinander

! was ist denn los

??

hab jetzt alles befolgt was in den links stand hoffe ich habe alles richtig gemacht!

Tue Mar 28 21:13:30 2006 => Virus Database Date: 3/28/2006
Tue Mar 28 21:13:30 2006 => Virus Database Count: 180423
Tue Mar 28 21:13:36 2006 => AV Library Unloaded (3)...
Tue Mar 28 23:31:11 2006 => **********************************************************
Tue Mar 28 23:31:11 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Tue Mar 28 23:31:11 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Tue Mar 28 23:31:11 2006 => **********************************************************
Tue Mar 28 23:31:11 2006 => Version 8.2.1 (C:\Bases_X'\mwavscan.com)
Tue Mar 28 23:31:11 2006 => Log File: C:\Bases_X'\MWAV.LOG
Tue Mar 28 23:31:11 2006 => Last Scan Date and Time: 28.03.2006 12:12:42
Tue Mar 28 23:31:11 2006 => MWAV Registered: FALSE.
Tue Mar 28 23:31:11 2006 => OS Type: Windows Workstation
Tue Mar 28 23:31:11 2006 => Local Fixed Drives: c:\,d:\
Tue Mar 28 23:31:11 2006 => MWAV Mode: Only Scan files.
Tue Mar 28 23:31:13 2006 => Latest Date of files inside MWAV: 28 Mar 2006 09:17:09.
Tue Mar 28 23:31:16 2006 => AV Library Loaded...
Tue Mar 28 23:31:16 2006 => MWAV doing self scanning...
Tue Mar 28 23:31:16 2006 => Scanning File C:\Bases_X'\kavss.exe
Tue Mar 28 23:31:16 2006 => Scanning File C:\Bases_X'\Getvlist.exe
Tue Mar 28 23:31:16 2006 => Scanning File C:\Bases_X'\kavss.dll
Tue Mar 28 23:31:16 2006 => Scanning File C:\Bases_X'\kavssdi.dll
Tue Mar 28 23:31:16 2006 => Scanning File C:\Bases_X'\kavssi.dll
Tue Mar 28 23:31:16 2006 => Scanning File C:\Bases_X'\kavvlg.dll
Tue Mar 28 23:31:16 2006 => Scanning File C:\Bases_X'\msvlclnt.dll
Tue Mar 28 23:31:16 2006 => Scanning File C:\Bases_X'\ipc.dll
Tue Mar 28 23:31:16 2006 => Scanning File C:\Bases_X'\main.avi
Tue Mar 28 23:31:16 2006 => Scanning File C:\Bases_X'\virus.avi
Tue Mar 28 23:31:16 2006 => MWAV files are clean.
Tue Mar 28 23:31:17 2006 => Virus Database Date: 3/28/2006
Tue Mar 28 23:31:17 2006 => Virus Database Count: 180423

Tue Mar 28 23:32:15 2006 => **********************************************************
Tue Mar 28 23:32:15 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Tue Mar 28 23:32:15 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Tue Mar 28 23:32:15 2006 =>
Tue Mar 28 23:32:15 2006 => Support: support@mwti.net
Tue Mar 28 23:32:15 2006 => Web: http://www.mwti.net
Tue Mar 28 23:32:15 2006 => **********************************************************
Tue Mar 28 23:32:15 2006 => Version 8.2.1 (C:\Bases_X'\mwavscan.com)
Tue Mar 28 23:32:15 2006 => Log File: C:\Bases_X'\MWAV.LOG
Tue Mar 28 23:32:15 2006 => User Account: keine
Tue Mar 28 23:32:15 2006 => Windows Root Folder: C:\WINDOWS
Tue Mar 28 23:32:15 2006 => Windows Sys32 Folder: C:\WINDOWS\system32
Tue Mar 28 23:32:15 2006 => OS: Windows XP
Tue Mar 28 23:32:15 2006 => Latest Date of files inside MWAV: 28 Mar 2006 09:17:09.

Tue Mar 28 23:32:15 2006 => Options Selected by User:
Tue Mar 28 23:32:15 2006 => Memory Check: Enabled
Tue Mar 28 23:32:15 2006 => Registry Check: Enabled
Tue Mar 28 23:32:15 2006 => StartUp Folder Check: Disabled
Tue Mar 28 23:32:15 2006 => System Folder Check: Disabled
Tue Mar 28 23:32:15 2006 => System Area Check: Disabled
Tue Mar 28 23:32:15 2006 => Services Check: Enabled
Tue Mar 28 23:32:15 2006 => Drive Check: Disabled
Tue Mar 28 23:32:15 2006 => All Drive Check :Enabled
Tue Mar 28 23:32:15 2006 => Folder Check: Disabled

Tue Mar 28 23:32:57 2006 => Offending Key found: HKCU\Software\funwebproducts !!!
Tue Mar 28 23:33:03 2006 => Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Mar 28 23:33:23 2006 => Offending file found: C:\Dokumente und Einstellungen\keine\Eigene Dateien\konami\pro evolution soccer 5\settings.dat
Tue Mar 28 23:33:23 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.

Tue Mar 28 23:35:06 2006 => Offending file found: C:\Dokumente und Einstellungen\keine\Eigene Dateien\konami\pro evolution soccer 5\settings.dat
Tue Mar 28 23:35:06 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.

Tue Mar 28 23:35:51 2006 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic\INFECTED\*.*

Wed Mar 29 03:27:29 2006 => Total Objects Scanned: 162156
Wed Mar 29 03:27:29 2006 => Total Critical Objects: 3
Wed Mar 29 03:27:29 2006 => Total Disinfected Objects: 0
Wed Mar 29 03:27:29 2006 => Total Objects Renamed: 0
Wed Mar 29 03:27:29 2006 => Total Deleted Objects: 0
Wed Mar 29 03:27:29 2006 => Total Errors: 57
Wed Mar 29 03:27:29 2006 => Time Elapsed: 03:52:28
Wed Mar 29 03:27:29 2006 => Virus Database Date: 3/28/2006
Wed Mar 29 03:27:29 2006 => Virus Database Count: 180423

soll ich es auch mal mit dem find.zip versuchen??

danke

sandman61 · 29.03.2006, 11:01

das ist jetzt mit find.bat

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tue Mar 28 23:33:23 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Tue Mar 28 23:35:06 2006 => System found infected with cydoor.topicks.a Spyware/Adware (settings.dat)! Action taken: No Action Taken.
Tue Mar 28 23:33:03 2006 => Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Tue Mar 28 23:33:23 2006 => Offending file found: C:\Dokumente und Einstellungen\keine\Eigene Dateien\konami\pro evolution soccer 5\settings.dat
Tue Mar 28 23:35:06 2006 => Offending file found: C:\Dokumente und Einstellungen\keine\Eigene Dateien\konami\pro evolution soccer 5\settings.dat
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
~~~~~~~~~~~
Registry
~~~~~~~~~~~
Tue Mar 28 23:32:57 2006 => Offending Key found: HKCU\Software\funwebproducts !!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Mar 29 03:27:29 2006 => Total Errors: 57
Wed Mar 29 03:27:29 2006 => Time Elapsed: 03:52:28
Wed Mar 29 03:27:29 2006 => Total Objects Scanned: 162156
Tue Mar 28 11:46:45 2006 => Virus Database Date: 3/14/2006
Tue Mar 28 11:47:12 2006 => Virus Database Date: 3/14/2006
Tue Mar 28 11:48:12 2006 => Virus Database Date: 3/28/2006
Tue Mar 28 12:00:31 2006 => Virus Database Date: 3/28/2006
Tue Mar 28 12:12:13 2006 => Virus Database Date: 3/28/2006
Tue Mar 28 21:13:30 2006 => Virus Database Date: 3/28/2006
Tue Mar 28 23:31:17 2006 => Virus Database Date: 3/28/2006
Wed Mar 29 03:27:29 2006 => Virus Database Date: 3/28/2006
Wed Mar 29 03:28:37 2006 => Virus Database Date: 3/28/2006
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--------------------------------------------------
C:\Bases_X'\MWAV.LOG
--------------------------------------------------

stupormundi · 30.03.2006, 06:37

Servus wieder!
Mhm - escan sagt ja nicht viel dazu.
Fixe mit HJT (<-- siehe dazu Anleitung: 'fix checked' vor den Einträgen anhaken und anschließend bestätigen) im abgesicherten Modus mal diese Einträge:

Zitat:

O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{16D2C~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{16D2C~1\reboot.ini -l0x7
...
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-69B1G.exe" /REG
...
O4 - HKLM\..\RunOnce: [delus] C:\DOKUME~1\keine\LOKALE~1\Temp\delus.exe

Lösche anschließend mal in abgesicherten Modus alle Temporärdaten.
Welche Programme hast Du in der letzten Zeit deinstalliert?
Noch eine Sache: Poste mal das Logfile dieses Tools hier!
Meine Meinung zum MessengerPlus 3 habe ich Dir ja auch schon geschrieben!

stupormundi

sandman61 · 30.03.2006, 18:42

hi!!

msn plus hab ich schon gelöscht!
in letzter zeit hab ich nichts installiert oder gelöscht!

da war halt vor kurzem so ein vorfall mit msn, da hat jemand von meinen freunden deren msn gecrackt und mir blöde fragen gestellt!
hab ihm aber nicht zurück geschrieben das wars eigentlich!

könnte ja vielleicht daran liegen!

hab noch das ihr von adwatch

vielleicht hilft das dir weiter!
30.03.2006 19:22:44 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:AvLiteBr
Data:
New Data:

===============================================
30.03.2006 19:22:46 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:SinReiniciar
Data:
New Data:

===============================================
30.03.2006 19:22:46 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:wextract_cleanup0
Data:rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOKUME~1\keine\LOKALE~1\Temp\IXP000.TMP\"
New Data:

===============================================
30.03.2006 19:22:46 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:InstallShieldSetup
Data:C:\PROGRA~1\INSTAL~1\{16D2C~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{16D2C~1\reboot.ini -l0x7
New Data:

===============================================
30.03.2006 19:22:46 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:WinSideBySideSetupCleanup 1370801
Data:rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\1370801
New Data:

===============================================
30.03.2006 19:22:47 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:InnoSetupRegFile.0000000001
Data:"C:\WINDOWS\is-69B1G.exe" /REG
New Data:

===============================================
30.03.2006 19:22:47 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:MSPCLOCK
Data:rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
New Data:

===============================================
30.03.2006 19:22:47 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:WDM_SPLITTER0
Data:rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{9EA331FA-B91B-45F8-9285-BD2BC77AFCDE},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
New Data:

===============================================
30.03.2006 19:22:47 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:GrpConv
Data:grpconv -o
New Data:

===============================================
30.03.2006 19:22:47 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:MSPQM
Data:rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
New Data:

===============================================
30.03.2006 19:22:47 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:WDM_DMUSIC2
Data:rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
New Data:

===============================================
30.03.2006 19:22:48 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:STREAMIP0
Data:rundll32.exe streamci,StreamingDeviceSetup {D84D449B-62FB-4ebb-B969-5183ED3DFB51},GLOBAL,{71985F4A-1CA1-11d3-9CC8-00C04F7971E0},C:\WINDOWS\INF\streamip.inf,BDAcodec
New Data:

===============================================
30.03.2006 19:22:48 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:delus
Data:C:\DOKUME~1\keine\LOKALE~1\Temp\delus.exe
New Data:

===============================================
30.03.2006 19:22:48 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:Quartz.dll
Data:regsvr32.exe /s C:\WINDOWS\system32\Quartz.dll
New Data:

===============================================
30.03.2006 19:22:48 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:CRKAVPP
Data:
New Data:

===============================================
30.03.2006 19:24:01 - Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\RunOnce
Value:AvLiteBr
Data:
New Data:

===============================================

Beim hochfahren und runterfahren fehler meldungen

Log-Analyse und Auswertung: Beim hochfahren und runterfahren fehler meldungen