Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: HiJackThis Log-File 11.07.08

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.07.2008, 13:25   #1
Titan_Ente
Gesperrt
 
HiJackThis Log-File 11.07.08 - Standard

HiJackThis Log-File 11.07.08



Guten Tag, mein name ist Dennis aus Berlin,
muss sagen ein sehr schönes Board habt da...

Nun zu meinen Problemen...

-CIB Werbung...(hab auch schon Hinweise bekommen)
-und dann wollt ich mal fragen, was für fieslinge ich noch so hab...


vielen dank...




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:44, on 11.07.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\pdf24\PDFBackend.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\CHB-TI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Acer\Acer VCM\VC.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://deutsch.eazel.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files\pdf24\PDFBackend.exe"
O4 - HKLM\..\Run: [BlahHope] "C:\ProgramData\listlessless.hssnc"
O4 - HKLM\..\Run: [axis love poll lite] "C:\ProgramData\face 4 audio.menme"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldde-de.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PremierOpinion - PremierOpinion - C:\Windows\system32\pmservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11577 bytes

Alt 11.07.2008, 13:56   #2
BataAlexander
> MalwareDB
 
HiJackThis Log-File 11.07.08 - Standard

HiJackThis Log-File 11.07.08



Imho nur die Beiden

Zitat:
O4 - HKLM\..\Run: [BlahHope] "C:\ProgramData\listlessless.hssnc"
O4 - HKLM\..\Run: [axis love poll lite] "C:\ProgramData\face 4 audio.menme"
Die sind auch für Deine Pop Ups verantwortlich. Hast Du in letzter Zeit Software installiert?

Deckards System Scanner (DSS)

Hier gibt es das Tool -> dss.exe

* Schließe alle Anwendungen
* Doppelklicke dss.exe um das Programm zu starten
* Wenn der Scan abgeschlossen ist wird sich ein Notepad mit dem Inhalt
der main.txt öffnen.
Ein weiteres Logfile, die extra.txt liegt im Verzeichnis
c:\Deckard\SystemScanner\extra.txt
* Kopiere den Inhalt der beiden Logfiles in diesen Thread, bitte als [CODE][/CODE]
__________________

__________________

Alt 11.07.2008, 16:36   #3
Titan_Ente
Gesperrt
 
HiJackThis Log-File 11.07.08 - Standard

HiJackThis Log-File 11.07.08



ahh vielen dank!
hab mir msn plus runtergeladen!

aber mal eine andere frage!
wenn ich hier meinen HijackThis Log-File
hier auswerten lassen!
HijackThis Logfileauswertung
dann find ich z.b das hier!
Code:
ATTFilter
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe  === 

Eventuell schädlich! Laut unserer Datenbank läuft dieser Prozess nomalerweise in c:\programme\.*\ahead\lib\! überprüfen Sie, ob Sie die Datei kennen und führen Sie ggf. einen Virencheck durch. Ahead Nero

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://deutsch.eazel.com/index.php?rvs=hompag
 ====

Schädlich
	Diese Seite wurde als gut identifiziert!
         
könnte jemand mal, bitte genau hinschauen, weil ich nicht genau weiss ob man dies vertrauen, kann oder überhaupt wichtig oder unwichtig ist ?
__________________

Alt 11.07.2008, 16:37   #4
Titan_Ente
Gesperrt
 
HiJackThis Log-File 11.07.08 - Standard

HiJackThis Log-File 11.07.08



main.txt

Code:
ATTFilter
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium  (build 6001) SP 1.0
Architecture: X86; Language: German

CPU 0: Intel(R) Core(TM)2 Duo CPU     T7300  @ 2.00GHz
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 2045.68 MiB / 1242.28 MiB
Pagefile Memory (total/avail): 4330.41 MiB / 2764.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1886.63 MiB

C: is Fixed (NTFS) - 69.77 GiB total, 23.59 GiB free. 
D: is Fixed (NTFS) - 66.27 GiB total, 22.12 GiB free. 
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541616J9SA00 - 149.05 GiB - 4 partitions
  \PARTITION0 - Unknown - 9.76 GiB
  \PARTITION1 (bootable) - MS-DOS V4 Huge - 69.77 GiB - C:
  \PARTITION2 - Installierbares Dateisystem - 66.27 GiB - D:
  \PARTITION3 - Unknown - 3.24 GiB

\\.\PHYSICALDRIVE1 - IMD-0 - 512.86 MiB - 1 partition
  \PARTITION0 - Unknown - 512.6 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Avira AntiVir PersonalEdition v 7.0.3.161
 (Avira GmbH)
AS: Avira AntiVir PersonalEdition v 7.0.3.161
 (Avira GmbH)
AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe:*:Enabled:encryption"
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe:*:Enabled:decryption"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\ChB-Titan-ChB\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TITANIUM
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\ChB-Titan-ChB
LOCALAPPDATA=C:\Users\ChB-Titan-ChB\AppData\Local
LOGONSERVER=\\TITANIUM
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime Alternative\QTSystem\;C:\Program Files\CIB software GmbH\CIB pdf brewer;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0a
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\CHB-TI~1\AppData\Local\Temp
TMP=C:\Users\CHB-TI~1\AppData\Local\Temp
USERDOMAIN=TITANIUM
USERNAME=ChB-Titan-ChB
USERPROFILE=C:\Users\ChB-Titan-ChB
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

ChB-Titan-ChB (admin)
Gast (guest)


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
 --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
 --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
 --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
 --> C:\Windows\UNNeroShowTime.exe /UNINSTALL
 --> C:\Windows\UNNeroVision.exe /UNINSTALL
 --> C:\Windows\UNRecode.exe /UNINSTALL
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.exe"  -uninst 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe"  -uninstall
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe"  -uninstall
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe"  -uninstall
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe"  -uninstall
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe"  -uninstall
3D-Fahrschule --> "D:\Programme\3D-Fahrschule\uninstall.exe"
Acer Arcade Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe"  -uninstall
Acer Crystal Eye webcam --> C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0007 -removeonly -u
Acer Crystal Eye webcam --> C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eAudio Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.EXE"  -uninstall
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x7  -removeonly
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x7  -removeonly
Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x7  -removeonly
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x7  -removeonly
Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x7  -removeonly
Acer eSettings Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x7  -removeonly
Acer GridVista --> C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x7  -removeonly
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9  -removeonly
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x7  -removeonly
Acer VCM --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x7  -removeonly
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
AFPL Ghostscript 8.54 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.54\uninstal.txt"
AFPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45} 
ALShow --> "C:\Program Files\ESTsoft\ALShow\unins000.exe"
America's Army --> MsiExec.exe /I{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
AquaSoft Barbecue 3 --> "C:\Users\ChB-Titan-ChB\AppData\Local\{A9D22186-DAC9-45C6-8C5E-38095C8817BB}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AV WebCam Morpher 2.0 --> C:\PROGRA~1\AVWEBC~1\UNWISE.EXE C:\PROGRA~1\AVWEBC~1\INSTALL.LOG
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Big Kahuna Reef 2 --> "C:\Program Files\Acer GameZone\Big Kahuna Reef 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef 2\install.log"
Bounty Bay Online --> "D:\Program Files\Yusho Frogster Games\Bounty Bay Online\unins000.exe"
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407
Camtasia Studio 5 --> MsiExec.exe /I{93D135EB-7D19-41EA-BEEF-72ECD4FE617C}
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CIB pdf brewer 2.3.12 --> C:\Program Files\InstallShield Installation Information\{F0312AC6-988B-11DA-9C49-000476F770CC}\setup.exe -runfromtemp -l0x0007 anything -removeonly
Codec Pack - All In 1 6.0.2.6 --> C:\Windows\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer(TM) Generäle --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32} 
Command and Conquer(TM) Generäle Die Stunde Null --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1} 
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dynasty --> "C:\Program Files\Acer GameZone\Dynasty\Uninstall.exe" "C:\Program Files\Acer GameZone\Dynasty\install.log"
EAX Unified --> C:\Windows\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe"
FreePDF XP (Remove only) --> C:\Program Files\FreePDF_XP\fpsetup.exe /r
Galapago --> "C:\Program Files\Acer GameZone\Galapago\Uninstall.exe" "C:\Program Files\Acer GameZone\Galapago\install.log"
Gemeinsam genutzte Internet-Komponenten von Westwood --> C:\Westwood\Internet\UnstllAP.EXE
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -IAcrZUn32z.inf
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® Turbo Memory und Intel Matrix Storage Manager --> C:\Windows\system32\imsmudlg.exe -uninstall
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Jewel Quest Solitaire --> "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
JLC's Internet TV --> "C:\Program Files\JLC's Software\Internet TV\Uninstall.exe"
Joint Operations: Escalation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CBBDFD4-E235-4008-842E-7DC2D8A4911B}\setup.exe" -l0x9 
Joint Operations: International Conflict Mod --> D:\Program Files\NovaLogic\Joint Operations Typhoon Rising\expansion\ic\uninstaller.exe
Joint Operations: Typhoon Rising --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\setup.exe" -l0x9 
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
LastChaos --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99A37AC7-E724-4621-B167-500B5A52B69C}\Setup.exe" -l0x9 
Launch Manager --> C:\Windows\UnInst32.exe QtZgAcer.UNI
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0007 -removeonly
Luxor 2 --> "C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Macromedia Dreamweaver 8 --> MsiExec.exe /I{44025BD7-AD10-4769-99AE-6378FD0303D6}
Macromedia Extension Manager --> MsiExec.exe /I{0F022A2E-7022-497D-90A5-0F46746D8275}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7}
Microsoft Office Excel MUI (German) 2007 --> MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007 --> MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007 --> MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007 --> MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007 --> MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007 --> MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}
Mozilla Firefox (2.0.0.15) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Mystery Case Files - Prime Suspects --> "C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\install.log"
Mystery Case Files Ravenhearst --> "C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\install.log"
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51031}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netlog Music Tool --> C:\Windows\system32\netlogun.exe
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
Nile --> MsiExec.exe /I{D7DF9A90-2550-42E5-8DF6-F6754278F654}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
pdf24 --> "C:\Program Files\pdf24\unins000.exe"
PowerProducer 3.72 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe"  -uninstall
PunkBuster for Joint Operations: Typhoon Rising --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}\setup.exe" -l0x9 
PunkBuster Services --> C:\Windows\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
QuickTime Alternative 1.67 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
RedMon - Redirection Port Monitor --> C:\Windows\system32\unredmon.exe
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -l0x7 anything
Söldner --> C:\Windows\unvise32.exe D:\Program Files\SoldnerSecretWars\uninstal.log
Shareaza Version 2.3.0.0 --> "C:\Program Files\Shareaza\Uninstall\unins000.exe"
Soldner Full Patch 33724 --> C:\Windows\unvise32.exe D:\Program Files\SoldnerSecretWars\FullPatch33724_uninstal.log
SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamViewer 3 --> C:\Program Files\TeamViewer3\uninstall.exe
Treasures of the Deep --> "C:\Program Files\Acer GameZone\Treasures of the Deep\Uninstall.exe" "C:\Program Files\Acer GameZone\Treasures of the Deep\install.log"
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
UEFA EURO 2008™ --> MsiExec.exe /X{DE3FCA5F-7B8A-482B-89A9-CC9BD5F656A1}
Ulead PhotoImpact 12 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\setup.exe" -l0x7 
Universal Document Converter --> "C:\Program Files\Universal Document Converter\unins000.exe"
Update for Office 2007 (KB934528) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Winbond CIR Drivers --> MsiExec.exe /X{427967BF-09F8-46D5-9275-37001CCBBA5D}
Windows Live Messenger --> MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C}
Windows Live OneCare safety scanner --> "C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Encoder 9-Reihe --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Xilisoft AVI MPEG Joiner --> C:\Program Files\Xilisoft\AVI MPEG Joiner\Uninstall.exe
Zuma Deluxe --> "C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type36861 / Error
Event Submitted/Written: 07/11/2008 08:14:28 AM
Event ID/Source: 20227 / RasClient
Event Description:
CoID={A55E0960-9344-4A42-9D7D-6AAC75FA4524}: Der Benutzer "TITANIUM\ChB-Titan-ChB" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Event Record #/Type36844 / Success
Event Submitted/Written: 07/10/2008 11:17:53 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type36834 / Success
Event Submitted/Written: 07/10/2008 10:59:20 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type36830 / Success
Event Submitted/Written: 07/10/2008 10:59:17 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type36821 / Success
Event Submitted/Written: 07/10/2008 10:58:54 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Der Softwarelizenzierungsdienst wurde gestartet.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type169127 / Warning
Event Submitted/Written: 07/11/2008 00:40:34 AM
Event ID/Source: 8200 / LsaSrv
Event Description:
Das Sicherheitssystem hat eine Authentifizierungsanforderung empfangen, die nicht decodiert werden konnte. Die Anforderung ist fehlgeschlagen.

Event Record #/Type169078 / Warning
Event Submitted/Written: 07/10/2008 11:14:49 PM
Event ID/Source: 8200 / LsaSrv
Event Description:
Das Sicherheitssystem hat eine Authentifizierungsanforderung empfangen, die nicht decodiert werden konnte. Die Anforderung ist fehlgeschlagen.

Event Record #/Type169062 / Error
Event Submitted/Written: 07/10/2008 10:59:38 PM
Event ID/Source: 31004 / ipnathlp
Event Description:
0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Event Record #/Type169060 / Error
Event Submitted/Written: 07/10/2008 10:59:29 PM
Event ID/Source: 31004 / ipnathlp
Event Description:
0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Event Record #/Type169005 / Error
Event Submitted/Written: 07/10/2008 10:59:22 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
AV WebCam, WDM Video Capture%%1058



-- End of Deckard's System Scanner: finished at 2008-07-11 16:23:29 ------------
         

Alt 11.07.2008, 16:38   #5
Titan_Ente
Gesperrt
 
HiJackThis Log-File 11.07.08 - Standard

HiJackThis Log-File 11.07.08



extra.txt


Code:
ATTFilter
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium  (build 6001) SP 1.0
Architecture: X86; Language: German

CPU 0: Intel(R) Core(TM)2 Duo CPU     T7300  @ 2.00GHz
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 2045.68 MiB / 1242.28 MiB
Pagefile Memory (total/avail): 4330.41 MiB / 2764.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1886.63 MiB

C: is Fixed (NTFS) - 69.77 GiB total, 23.59 GiB free. 
D: is Fixed (NTFS) - 66.27 GiB total, 22.12 GiB free. 
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541616J9SA00 - 149.05 GiB - 4 partitions
  \PARTITION0 - Unknown - 9.76 GiB
  \PARTITION1 (bootable) - MS-DOS V4 Huge - 69.77 GiB - C:
  \PARTITION2 - Installierbares Dateisystem - 66.27 GiB - D:
  \PARTITION3 - Unknown - 3.24 GiB

\\.\PHYSICALDRIVE1 - IMD-0 - 512.86 MiB - 1 partition
  \PARTITION0 - Unknown - 512.6 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Avira AntiVir PersonalEdition v 7.0.3.161
 (Avira GmbH)
AS: Avira AntiVir PersonalEdition v 7.0.3.161
 (Avira GmbH)
AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe:*:Enabled:encryption"
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe:*:Enabled:decryption"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\ChB-Titan-ChB\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TITANIUM
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\ChB-Titan-ChB
LOCALAPPDATA=C:\Users\ChB-Titan-ChB\AppData\Local
LOGONSERVER=\\TITANIUM
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime Alternative\QTSystem\;C:\Program Files\CIB software GmbH\CIB pdf brewer;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0a
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\CHB-TI~1\AppData\Local\Temp
TMP=C:\Users\CHB-TI~1\AppData\Local\Temp
USERDOMAIN=TITANIUM
USERNAME=ChB-Titan-ChB
USERPROFILE=C:\Users\ChB-Titan-ChB
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

ChB-Titan-ChB (admin)
Gast (guest)


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
 --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
 --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
 --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
 --> C:\Windows\UNNeroShowTime.exe /UNINSTALL
 --> C:\Windows\UNNeroVision.exe /UNINSTALL
 --> C:\Windows\UNRecode.exe /UNINSTALL
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.exe"  -uninst 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe"  -uninstall
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe"  -uninstall
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe"  -uninstall
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe"  -uninstall
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe"  -uninstall
3D-Fahrschule --> "D:\Programme\3D-Fahrschule\uninstall.exe"
Acer Arcade Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe"  -uninstall
Acer Crystal Eye webcam --> C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0007 -removeonly -u
Acer Crystal Eye webcam --> C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eAudio Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.EXE"  -uninstall
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x7  -removeonly
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x7  -removeonly
Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x7  -removeonly
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x7  -removeonly
Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x7  -removeonly
Acer eSettings Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x7  -removeonly
Acer GridVista --> C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x7  -removeonly
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9  -removeonly
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x7  -removeonly
Acer VCM --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x7  -removeonly
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
AFPL Ghostscript 8.54 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.54\uninstal.txt"
AFPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45} 
ALShow --> "C:\Program Files\ESTsoft\ALShow\unins000.exe"
America's Army --> MsiExec.exe /I{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
AquaSoft Barbecue 3 --> "C:\Users\ChB-Titan-ChB\AppData\Local\{A9D22186-DAC9-45C6-8C5E-38095C8817BB}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AV WebCam Morpher 2.0 --> C:\PROGRA~1\AVWEBC~1\UNWISE.EXE C:\PROGRA~1\AVWEBC~1\INSTALL.LOG
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Big Kahuna Reef 2 --> "C:\Program Files\Acer GameZone\Big Kahuna Reef 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef 2\install.log"
Bounty Bay Online --> "D:\Program Files\Yusho Frogster Games\Bounty Bay Online\unins000.exe"
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407
Camtasia Studio 5 --> MsiExec.exe /I{93D135EB-7D19-41EA-BEEF-72ECD4FE617C}
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CIB pdf brewer 2.3.12 --> C:\Program Files\InstallShield Installation Information\{F0312AC6-988B-11DA-9C49-000476F770CC}\setup.exe -runfromtemp -l0x0007 anything -removeonly
Codec Pack - All In 1 6.0.2.6 --> C:\Windows\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer(TM) Generäle --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32} 
Command and Conquer(TM) Generäle Die Stunde Null --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1} 
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dynasty --> "C:\Program Files\Acer GameZone\Dynasty\Uninstall.exe" "C:\Program Files\Acer GameZone\Dynasty\install.log"
EAX Unified --> C:\Windows\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe"
FreePDF XP (Remove only) --> C:\Program Files\FreePDF_XP\fpsetup.exe /r
Galapago --> "C:\Program Files\Acer GameZone\Galapago\Uninstall.exe" "C:\Program Files\Acer GameZone\Galapago\install.log"
Gemeinsam genutzte Internet-Komponenten von Westwood --> C:\Westwood\Internet\UnstllAP.EXE
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -IAcrZUn32z.inf
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® Turbo Memory und Intel Matrix Storage Manager --> C:\Windows\system32\imsmudlg.exe -uninstall
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Jewel Quest Solitaire --> "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
JLC's Internet TV --> "C:\Program Files\JLC's Software\Internet TV\Uninstall.exe"
Joint Operations: Escalation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CBBDFD4-E235-4008-842E-7DC2D8A4911B}\setup.exe" -l0x9 
Joint Operations: International Conflict Mod --> D:\Program Files\NovaLogic\Joint Operations Typhoon Rising\expansion\ic\uninstaller.exe
Joint Operations: Typhoon Rising --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\setup.exe" -l0x9 
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
LastChaos --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99A37AC7-E724-4621-B167-500B5A52B69C}\Setup.exe" -l0x9 
Launch Manager --> C:\Windows\UnInst32.exe QtZgAcer.UNI
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0007 -removeonly
Luxor 2 --> "C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Macromedia Dreamweaver 8 --> MsiExec.exe /I{44025BD7-AD10-4769-99AE-6378FD0303D6}
Macromedia Extension Manager --> MsiExec.exe /I{0F022A2E-7022-497D-90A5-0F46746D8275}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7}
Microsoft Office Excel MUI (German) 2007 --> MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007 --> MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007 --> MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007 --> MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007 --> MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007 --> MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}
Mozilla Firefox (2.0.0.15) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Mystery Case Files - Prime Suspects --> "C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\install.log"
Mystery Case Files Ravenhearst --> "C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\install.log"
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51031}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netlog Music Tool --> C:\Windows\system32\netlogun.exe
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
Nile --> MsiExec.exe /I{D7DF9A90-2550-42E5-8DF6-F6754278F654}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
pdf24 --> "C:\Program Files\pdf24\unins000.exe"
PowerProducer 3.72 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe"  -uninstall
PunkBuster for Joint Operations: Typhoon Rising --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}\setup.exe" -l0x9 
PunkBuster Services --> C:\Windows\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
QuickTime Alternative 1.67 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
RedMon - Redirection Port Monitor --> C:\Windows\system32\unredmon.exe
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -l0x7 anything
Söldner --> C:\Windows\unvise32.exe D:\Program Files\SoldnerSecretWars\uninstal.log
Shareaza Version 2.3.0.0 --> "C:\Program Files\Shareaza\Uninstall\unins000.exe"
Soldner Full Patch 33724 --> C:\Windows\unvise32.exe D:\Program Files\SoldnerSecretWars\FullPatch33724_uninstal.log
SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamViewer 3 --> C:\Program Files\TeamViewer3\uninstall.exe
Treasures of the Deep --> "C:\Program Files\Acer GameZone\Treasures of the Deep\Uninstall.exe" "C:\Program Files\Acer GameZone\Treasures of the Deep\install.log"
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
UEFA EURO 2008™ --> MsiExec.exe /X{DE3FCA5F-7B8A-482B-89A9-CC9BD5F656A1}
Ulead PhotoImpact 12 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\setup.exe" -l0x7 
Universal Document Converter --> "C:\Program Files\Universal Document Converter\unins000.exe"
Update for Office 2007 (KB934528) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Winbond CIR Drivers --> MsiExec.exe /X{427967BF-09F8-46D5-9275-37001CCBBA5D}
Windows Live Messenger --> MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C}
Windows Live OneCare safety scanner --> "C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Encoder 9-Reihe --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Xilisoft AVI MPEG Joiner --> C:\Program Files\Xilisoft\AVI MPEG Joiner\Uninstall.exe
Zuma Deluxe --> "C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type36861 / Error
Event Submitted/Written: 07/11/2008 08:14:28 AM
Event ID/Source: 20227 / RasClient
Event Description:
CoID={A55E0960-9344-4A42-9D7D-6AAC75FA4524}: Der Benutzer "TITANIUM\ChB-Titan-ChB" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Event Record #/Type36844 / Success
Event Submitted/Written: 07/10/2008 11:17:53 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type36834 / Success
Event Submitted/Written: 07/10/2008 10:59:20 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type36830 / Success
Event Submitted/Written: 07/10/2008 10:59:17 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type36821 / Success
Event Submitted/Written: 07/10/2008 10:58:54 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Der Softwarelizenzierungsdienst wurde gestartet.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type169127 / Warning
Event Submitted/Written: 07/11/2008 00:40:34 AM
Event ID/Source: 8200 / LsaSrv
Event Description:
Das Sicherheitssystem hat eine Authentifizierungsanforderung empfangen, die nicht decodiert werden konnte. Die Anforderung ist fehlgeschlagen.

Event Record #/Type169078 / Warning
Event Submitted/Written: 07/10/2008 11:14:49 PM
Event ID/Source: 8200 / LsaSrv
Event Description:
Das Sicherheitssystem hat eine Authentifizierungsanforderung empfangen, die nicht decodiert werden konnte. Die Anforderung ist fehlgeschlagen.

Event Record #/Type169062 / Error
Event Submitted/Written: 07/10/2008 10:59:38 PM
Event ID/Source: 31004 / ipnathlp
Event Description:
0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Event Record #/Type169060 / Error
Event Submitted/Written: 07/10/2008 10:59:29 PM
Event ID/Source: 31004 / ipnathlp
Event Description:
0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Event Record #/Type169005 / Error
Event Submitted/Written: 07/10/2008 10:59:22 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
AV WebCam, WDM Video Capture%%1058



-- End of Deckard's System Scanner: finished at 2008-07-11 16:23:29 ------------
         


Alt 11.07.2008, 16:48   #6
BataAlexander
> MalwareDB
 
HiJackThis Log-File 11.07.08 - Standard

HiJackThis Log-File 11.07.08



Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Deinstalliere den Messenger und das Sponsorenprogramm, dann kannst Du den Messenger ohne dieses Programm wieder installieren.
Allerdings ist dieser kein Microsoft Produkt!

Damit sollten Deine Probleme behoben sein. Hab nichts weiter endeckt.
__________________
--> HiJackThis Log-File 11.07.08

Alt 11.07.2008, 16:50   #7
Titan_Ente
Gesperrt
 
HiJackThis Log-File 11.07.08 - Standard

HiJackThis Log-File 11.07.08



achso danke!
auch nicht auf dieser http://www.hijackthis.de/de#anl
seite und meine Logfile daten eingeben?
weil das steht etwas von unbekannt und gefährlich und so!
oder wie siehst du das?


Vielen vielen dank!
nur so ne frage will aber MSN Plus haben ^^ sonst kann man keine sounds abspielen und andere tolle funktion treten ausser kraft!...

kann man den nun das installieren ohne die Sponsoren shIt ?

Alt 11.07.2008, 16:54   #8
BataAlexander
> MalwareDB
 
HiJackThis Log-File 11.07.08 - Standard

HiJackThis Log-File 11.07.08



Zitat:
Zitat von Titan_Ente Beitrag anzeigen
kann man den nun das installieren ohne die Sponsoren shIt ?
Kann man, siehe Link.
Welche Programme werden als unbekannt deklariert?
__________________
If every computer is running a diverse ecosystem, crackers will have
no choice but to resort to small-scale, targetted attacks, and the
days of mass-market malware will be over
[...].
Stuart Udall

Alt 11.07.2008, 17:09   #9
Titan_Ente
Gesperrt
 
HiJackThis Log-File 11.07.08 - Standard

HiJackThis Log-File 11.07.08



z.B!
das hier:

Code:
ATTFilter
1.
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

=

Eventuell schädlich! Laut unserer Datenbank läuft dieser Prozess nomalerweise in c:\programme\gemeinsame dateien\ahead\lib\! überprüfen Sie, ob Sie die Datei kennen und führen Sie ggf. einen Virencheck durch. Nero Burning Monitor


2.
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

=

Eventuell schädlich! Laut unserer Datenbank läuft dieser Prozess nomalerweise in c:\programme\.*\ahead\lib\! überprüfen Sie, ob Sie die Datei kennen und führen Sie ggf. einen Virencheck durch. Ahead Nero


3.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://deutsch.eazel.com/index.php?rvs=hompag

=

WIRD ALS SCHÄDLICH ANGEZEIGT<<<


4

O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting

=

nicht bekannte programm! 


5.

naja und dann halt deine sachen die du gefunden hast!

O4 - HKLM\..\Run: [BlahHope] "C:\ProgramData\listlessless.hssnc"
O4 - HKLM\..\Run: [axis love poll lite] "C:\ProgramData\face 4 audio.menme"


aber sind ja auch gleich behoben wie du sagtes einfach msn löschen und neuinstallieren aber ohne sponsing!
         

Alt 11.07.2008, 17:24   #10
BataAlexander
> MalwareDB
 
HiJackThis Log-File 11.07.08 - Standard

HiJackThis Log-File 11.07.08



Zitat:
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
Liegt hier nur in einem anderen Ppfad, normal bei Vista. Hijackthis hat hier noch XP Pfade.

Zitat:
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
Siehe oben

Zitat:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://deutsch.eazel.com/index.php?rvs=hompag
Kannst Du mit HijackThis fixen, ist nur eine Suchmaschine

Zitat:
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
Gehört zu einer Installationsroutine, kann gefixt werden, keine aktive Bedrphung

Zitat:
O4 - HKLM\..\Run: [BlahHope] "C:\ProgramData\listlessless.hssnc"
O4 - HKLM\..\Run: [axis love poll lite] "C:\ProgramData\face 4 audio.menme"
Durch Deinstallation des Messengers Plus und des Sponsor Programms werden diese entfernt
__________________
If every computer is running a diverse ecosystem, crackers will have
no choice but to resort to small-scale, targetted attacks, and the
days of mass-market malware will be over
[...].
Stuart Udall

Alt 11.07.2008, 17:51   #11
Titan_Ente
Gesperrt
 
HiJackThis Log-File 11.07.08 - Standard

HiJackThis Log-File 11.07.08



BataAlexander ein riesen danke schön an dich!
du bist eine große Hilfe!

mal so ne frage woher weisst du all diese sachen ?
hast du da so deine quellen? oder aus dem Kopf?

Alt 11.07.2008, 20:04   #12
Titan_Ente
Gesperrt
 
HiJackThis Log-File 11.07.08 - Standard

listlessless.hssnc BITTE HILFT MIR !!!



Also seit letzten paar Tagen, als ich den PC Neustartete
bekomm ich immer diese Melden am Anfang...
1. das ein dicker ERROR
2. habs gefühl das es auch immer den pc am anfang verzögert
und 3. ES NERVT mich !!!


Also liebe leutz was kann das sein und wie bekomm ich das wieder inordnung!
vielen dank im vorraus


Alt 11.07.2008, 20:12   #13
BataAlexander
> MalwareDB
 
HiJackThis Log-File 11.07.08 - Standard

HiJackThis Log-File 11.07.08



Bitte bleib in Deinem ersten Thread!

Zitat:
Zitat von NUB
2. Wenn Du Dein Problem im Board schildern willst, poste es genau einmal. Erstelle dafür ein eigenes Thema um Verwirrung zu vermeiden. Fallen Dir danach wichtige Details ein, editiere und ergänze Dein Posting, anstatt ein neues zu erstellen. Mehrfach- und Crosspostings landen in der Mülltonne.
Die Datei gehört(e) zu dem Messenger Plus, nach deinstallation sollte diese Meldung verschwinden, wenn nicht den Eintrag

Zitat:
O4 - HKLM\..\Run: [BlahHope] "C:\ProgramData\listlessless.hssnc"
mit HijackThis fixen.
__________________
If every computer is running a diverse ecosystem, crackers will have
no choice but to resort to small-scale, targetted attacks, and the
days of mass-market malware will be over
[...].
Stuart Udall

Antwort

Themen zu HiJackThis Log-File 11.07.08
adobe, antivir, avg, avira, bho, defender, drivers, explorer, firefox, frage, free download, gservice, helper, hijack, hijackthis, internet, internet explorer, launch, local\temp, log-file, mozilla, mozilla firefox, pop-up-blocker, popup, programdata, rundll, senden, software, symantec, system, temp, tuneup.defrag, urlsearchhook, vista, windows, windows defender, windows sidebar, windows\system32\drivers



Ähnliche Themen: HiJackThis Log-File 11.07.08


  1. HiJackThis-Log-File
    Log-Analyse und Auswertung - 26.07.2009 (1)
  2. Firefox.exe "wird gerade verwendet" - HiJackThis Log-File und AntiVir Log-File
    Log-Analyse und Auswertung - 23.07.2009 (2)
  3. hijackthis file-yieldmanager-hijackthis.de geblockt
    Log-Analyse und Auswertung - 08.07.2009 (1)
  4. HiJackThis Log-file
    Log-Analyse und Auswertung - 06.07.2009 (6)
  5. HiJackThis Log-File
    Log-Analyse und Auswertung - 17.06.2009 (0)
  6. HiJackThis Log File
    Log-Analyse und Auswertung - 15.06.2009 (1)
  7. HiJackThis Log File und Gmer file Für Rootkit Problem
    Log-Analyse und Auswertung - 28.02.2009 (12)
  8. HiJackThis Log-File
    Mülltonne - 13.12.2008 (1)
  9. HijackThis Log-file
    Mülltonne - 20.05.2008 (2)
  10. HiJackThis Log-File
    Mülltonne - 18.03.2008 (1)
  11. HiJackthis log-file
    Mülltonne - 26.02.2008 (1)
  12. HiJackThis Log-File
    Mülltonne - 13.01.2008 (0)
  13. HiJackThis Log-File
    Log-Analyse und Auswertung - 08.01.2007 (11)
  14. HiJackThis Log-File
    Log-Analyse und Auswertung - 06.08.2006 (1)
  15. HiJackThis Log File
    Log-Analyse und Auswertung - 13.05.2006 (10)
  16. HiJackThis Log-File
    Log-Analyse und Auswertung - 05.04.2006 (10)
  17. hijackthis log-file
    Log-Analyse und Auswertung - 17.12.2005 (5)

Zum Thema HiJackThis Log-File 11.07.08 - Guten Tag, mein name ist Dennis aus Berlin, muss sagen ein sehr schönes Board habt da... Nun zu meinen Problemen... -CIB Werbung...(hab auch schon Hinweise bekommen) -und dann wollt ich - HiJackThis Log-File 11.07.08...
Archiv
Du betrachtest: HiJackThis Log-File 11.07.08 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.