Trojaner-Board - probblem bei eigenschaften von anzeigen

Trojaner-Board (https://www.trojaner-board.de/)

- Alles rund um Windows (https://www.trojaner-board.de/alles-rund-um-windows/)

- - probblem bei eigenschaften von anzeigen (https://www.trojaner-board.de/57575-probblem-eigenschaften-anzeigen.html)

probblem bei eigenschaften von anzeigen

Hallo leute hab ein probblem bei eigenschaften von anzeigen ich hab den butten desktop und bildschirmschoner nicht mehr also kann nun den hintergrund nicht mehr daruber andern und kan den bildschirmschoner nicht andern im moment hab ich einen bildchirmschoner der das bootlogo anzeigt und danach ein bluescreen anzeigt

so sieht im moment meine eigenschaften von anzeigen so aus ( ImageShack - Hosting :: testrs7.png)

(mein betriebssystem ist auf portuguisich)

das ist mein HJT logfile

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:50, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Java\j2re1.5.0\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programas\SlySoft\CloneCD\CloneCDTray.exe
C:\Programas\LogMeIn\x86\LogMeInSystray.exe
C:\Programas\TomTom HOME\TomTomHOME.exe
C:\Programas\Winamp\winampa.exe
C:\Programas\Lexmark X5100 Series\lxbabmgr.exe
C:\Programas\Skype\Phone\Skype.exe
C:\Programas\Lexmark X5100 Series\lxbabmon.exe
C:\Programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Programas\ICQ6\ICQ.exe
C:\Programas\LogMeIn\x86\LMIGuardian.exe
C:\Programas\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Picasa2\PicasaMediaDetector.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Avira\Avira Premium Security Suite\avguard.exe
C:\Programas\Avira\Avira Premium Security Suite\avesvc.exe
C:\Programas\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Programas\LogMeIn\x86\RaMaint.exe
C:\Programas\LogMeIn\x86\LogMeIn.exe
C:\Programas\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Avira\Avira Premium Security Suite\avmailc.exe
C:\Programas\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Programas\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Programas\Skype\Plugin Manager\skypePM.exe
C:\Programas\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\TuneUp Utilities 2008\Integrator.exe
C:\Programas\TuneUp Utilities 2008\DriveDefrag.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dark\Os meus documentos\[G]Script50\mircG5.0.exe
C:\Documents and Settings\Dark\Ambiente de trabalho\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.sapo.pt
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\j2re1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programas\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programas\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programas\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Programas\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Programas\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programas\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programas\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Steam] "C:\Programas\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programas\TomTom HOME 2\HOMERunner.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bandeja do sistema do ATI CATALYST.lnk = C:\Programas\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programas\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programas\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.sapo.pt
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Programas\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Programas\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Planer (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Programas\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avira Premium Security Suite MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Programas\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Programas\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Programas\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8773 bytes

danke schonmal fur eure hilfe

MFG
Darkmaster

kann mir bitte einer helfen :confused:

Hallo Darkmaster :)

Zum Logfile:
IE, Adobe und Java veraltet, SP3 gibt es auch schon ne Weile
Bitte alles updaten!

C:\Programas\DNA\btdna.exe deinstallieren

anschließend bitte ein neues Logfile posten

Hast Du zufällig mit TuneUp optimiert?

Das hier bitte probieren->hintergrundbild_kann_nicht_geaendert_werden.html

Gruß cad

man hat mir gesagt das das SP3 nicht gut ist :confused:

Zitat:

Zitat von Darkmaster (Beitrag 361579)

man hat mir gesagt das das SP3 nicht gut ist :confused:

Wer hat das gesagt?!

Ein Freund/Kollege/Onkel?
Microsoft selbst? :rolleyes:

also kann ich das ruich instalieren??

Zitat:

Zitat von Darkmaster (Beitrag 361673)

also kann ich das ruich instalieren??

Wenn irgendwas schief gehen sollte, wovon ich nicht unbedingt ausgehe, kannst du immer noch im abgesicherten Modus das SP3 deinstallieren bzw. die Systemwiederherstellung nutzen.

Das Service Pack 3 und alle darauf folgenden Updates sind Pflicht!
Nur wenn diese großen Sicherheitslücken geschlossen sind, könnte das Internet auch etwas sicherer werden! ;)

Sunny

Zitat:

Zitat von cad (Beitrag 361493)

hir ist das neue logfile :

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:55:07, on 11/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Programas\Avira\Avira Premium Security Suite\sched.exe

C:\Programas\Avira\Avira Premium Security Suite\avguard.exe

C:\Programas\Avira\Avira Premium Security Suite\avesvc.exe

C:\Programas\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Programas\LogMeIn\x86\RaMaint.exe

C:\Programas\LogMeIn\x86\LogMeIn.exe

C:\Programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Avira\Avira Premium Security Suite\avmailc.exe

C:\Programas\Avira\Avira Premium Security Suite\AVWEBGRD.EXE

C:\Programas\Firebird\Firebird_2_1\bin\fbserver.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programas\ATI Technologies\ATI.ACE\cli.exe

C:\Programas\SlySoft\CloneCD\CloneCDTray.exe

C:\Programas\LogMeIn\x86\LogMeInSystray.exe

C:\Programas\TomTom HOME\TomTomHOME.exe

C:\Programas\Winamp\winampa.exe

C:\Programas\Lexmark X5100 Series\lxbabmgr.exe

C:\Programas\Lexmark X5100 Series\lxbabmon.exe

C:\Programas\LogMeIn\x86\LMIGuardian.exe

C:\Programas\Skype\Phone\Skype.exe

C:\Programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Programas\ICQ6\ICQ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Messenger\msmsgs.exe

C:\Programas\ATI Technologies\ATI.ACE\CLI.exe

C:\Programas\Skype\Plugin Manager\skypePM.exe

C:\Programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Dark\Os meus documentos\[G]Script50\mircG5.0.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Dark\Ambiente de trabalho\HiJackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\Avira Premium Security Suite\avgnt.exe" /min

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [ATICCC] "C:\Programas\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [CloneCDTray] "C:\Programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programas\TomTom HOME\TomTomHOME.exe" -s

O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Programas\Lexmark X5100 Series\lxbabmgr.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ICQ] "C:\Programas\ICQ6\ICQ.exe" silent

O4 - HKCU\..\Run: [updateMgr] C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programas\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [Steam] "C:\Programas\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programas\TomTom HOME 2\HOMERunner.exe"

O4 - Global Startup: Bandeja do sistema do ATI CATALYST.lnk = C:\Programas\ATI Technologies\ATI.ACE\CLI.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programas\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programas\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=www.sapo.pt

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Programas\Avira\Avira Premium Security Suite\avfwsvc.exe

O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Programas\Avira\Avira Premium Security Suite\avmailc.exe

O23 - Service: Avira Premium Security Suite Planer (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\Avira Premium Security Suite\sched.exe

O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\Avira Premium Security Suite\avguard.exe

O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Programas\Avira\Avira Premium Security Suite\AVWEBGRD.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Avira Premium Security Suite MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Programas\Avira\Avira Premium Security Suite\avesvc.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Programas\Firebird\Firebird_2_1\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Programas\Firebird\Firebird_2_1\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
 

--

End of file - 9695 bytes

und nochwas

Zitat:

Hast Du zufällig mit TuneUp optimiert?

Das hier bitte probieren->hintergrundbild_kann_nicht_geaendert_werden.html

Gruß cad

das mit dem TuneUp optimiert verstehe ich nicht ganz so und das eine hier geht bei mir net (hintergrundbild_kann_nicht_geaendert_werden.html)

mfg
Darkmaster

Zitat:

Zitat von Darkmaster (Beitrag 361723)

und nochwas
das mit dem TuneUp optimiert verstehe ich nicht ganz so und das eine hier geht bei mir net (hintergrundbild_kann_nicht_geaendert_werden.html)

Was genau geht nicht? Hast Du keinen Zugriff?

Hast Du mit TuneUp irgendwelche Systemeinstellungen geändert/optimiert?

also ich komme bis HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ weiter net

und das mit den TuneUp ne hab ich net.

Was meinst Du damit? Fehlt Dir der Schlüssel?

Mach bitte Folgendes:

1.) Registry sichern->registry-sichern-und-laden

2.) Schlüssel anlegen->Klick

geht leider immer noch net -.-

Bitte dieses Log posten

http://www.trojaner-board.de/51187-a...i-malware.html

HKEY_CURRENT_USER\Control Panel\Desktop

Welche Einträge hast Du dort?

Zitat:

Zitat von cad (Beitrag 362306)

HKEY_CURRENT_USER\Control Panel\Desktop

Welche Einträge hast Du dort?

das habe ich dort

hier habe ich das malwarebytes log:

Zitat:

Malwarebytes' Anti-Malware 1.24
Versão do banco de dados: 1051
Windows 5.1.2600 Service Pack 3

11:51:34 PM 13/8/2008
mbam-log-8-13-2008 (23-51-34).txt

Tipo de Verificação: Completa (C:\|)
Objetos verificados: 184854
Tempo decorrido: 47 minute(s), 56 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registo infectadas: 1
Valores do Registo infectados: 1
Ítens do Registo infectados: 2
Pastas infectadas: 0
Ficheiros infectados: 2

Processos da Memória infectados:
(Nenhum item malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum item malicioso foi detectado)

Chaves do Registo infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valores do Registo infectados:
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Ítens do Registo infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas infectadas:
(Nenhum item malicioso foi detectado)

Ficheiros infectados:
C:\WINDOWS\system32\blphc5r8j0e9eg.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc5r8j0e9eg.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

jo es geht :Boogie:

danke fur hilfe :aplaus:

mfg
Darkmaster
:Boogie:

Moment noch

Für mich ist jeder Befall ein Grund neu aufzusetzen :)

Edit: Na schön, weg ist der TO :)

Wir sollten noch überprüfen, ob wirklich alles weg ist

was muss ich den noch machen??

Deckards System Scanner (DSS)

Hier gibt es das Tool -> DSS.exe

* Schließe alle Anwendungen
* Doppelklicke dss.exe um das Programm zu starten
* Wenn der Scan abgeschlossen ist wird sich ein Notepad mit dem Inhalt
der main.txt öffnen.
Ein weiteres Logfile, die extra.txt liegt im Verzeichnis
c:\Deckard\SystemScanner\extra.txt
* Kopiere den Inhalt der beiden Logfiles in diesen Thread, bitte als ['CODE]['/CODE]

Was Deckards System Scanner macht:

* Es Erstellt einen System Wiederherstellungspunkt
* es säubert die temporären Dateien, Downloaded Program Files, Internet
Cache Dateien und es leert den Mülleimer auf allen Lauferken.

Code:

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------
 

-- System Information ----------------------------------------------------------
 

Microsoft Windows XP Professional (build 2600) SP 3.0

Architecture: X86; Language: Portuguese
 

CPU 0: Genuine Intel(R) CPU            2140  @ 1.60GHz

Percentage of Memory in Use: 61%

Physical Memory (total/avail): 1023.23 MiB / 392.5 MiB

Pagefile Memory (total/avail): 2463.26 MiB / 1875.79 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1931.29 MiB
 

A: is Removable (No Media)

C: is Fixed (NTFS) - 465.75 GiB total, 398.47 GiB free. 

D: is CDROM (No Media)

E: is CDROM (No Media)

F: is CDROM (No Media)
 

\\.\PHYSICALDRIVE0 - Hitachi HDT725050VLAT80 - 465.76 GiB - 1 partition

  \PARTITION0 (bootable) - Sistema de ficheiros instalável - 465.75 GiB - C:
 
 
 

-- Security Center -------------------------------------------------------------
 

AUOptions is set to notify before install.
 
 

-- Environment Variables -------------------------------------------------------
 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Dark\Application Data

CommonProgramFiles=C:\Programas\Ficheiros comuns

COMPUTERNAME=ADMIN

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Dark

LOGONSERVER=\\ADMIN

NewEnvironment1=C:\Programas\ATI Technologies\ATI.ACE\

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\Programas\ImageConverter Plus;C:\Programas\ImageConverter Plus\Microsoft.VC80.CRT;C:\Programas\ImageConverter Plus\Microsoft.VC80.MFC;

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0f02

ProgramFiles=C:\Programas

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Dark\DEFINI~1\Temp

TMP=C:\DOCUME~1\Dark\DEFINI~1\Temp

USERDOMAIN=ADMIN

USERNAME=Dark

USERPROFILE=C:\Documents and Settings\Dark

windir=C:\WINDOWS
 
 

-- User Profiles ---------------------------------------------------------------
 

Dark (admin)

LogMeInRemoteUser (admin)

Administrador (admin)
 
 

-- Add/Remove Programs ---------------------------------------------------------
 

 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0816-0000-0000000FF1CE} /uninstall {C450104C-4F9F-4924-8B97-92FB09DE9A92}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0816-0000-0000000FF1CE} /uninstall {6C04B8BC-6DC4-422F-B871-0236D11C50AB}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0816-0000-0000000FF1CE} /uninstall {A0926DF5-19BB-448D-B8AA-7B1E321F48CF}

ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}

Actualização de segurança para Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Actualização de Segurança para Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Actualização de segurança para Windows XP (KB950759) --> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"

Actualização de segurança para Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Actualização de segurança para Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Actualização de segurança para Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Actualização de segurança para Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Actualização de segurança para Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Actualização para Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Actualização para Windows XP (KB951978) --> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Programas\Ficheiros comuns\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Programas\Ficheiros comuns\Adobe\Acrobat 4.0\NT\Uninst.dll"

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.2 - Português --> MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81200000003}

aerosoft's - Brighton-Portsmouth --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{D4DAA1DD-22C8-4B73-B942-88537BA4BBF3}\setup.exe"  -uninst 

ATI - Utilitário de desinstalação de software --> C:\Programas\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center --> MsiExec.exe /I{86EC42B5-346E-4BAB-948D-58E021EA4BD1}

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe" 

Avira Premium Security Suite --> C:\Programas\Avira\Avira Premium Security Suite\SETUP.EXE /REMOVE

Banner Maker Pro Version 6 --> "C:\Programas\Banner Maker Pro 6\unins000.exe"

Berlin Subway --> "C:\Programas\Microsoft Games\TML-Studios\uninstall.exe"

Call of Duty --> C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log

CloneCD --> "C:\Programas\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Programas\SlySoft\CloneCD"

CloneDVD 4.0 --> "C:\Programas\CloneDVD\unins000.exe"

Counter-Strike --> "C:\Programas\Steam\steam.exe" steam://uninstall/10

Euro Truck Simulator 1.00 --> C:\Programas\Euro Truck Simulator\uninst.exe

FaxTools --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x7 ControlPanel

Firebird 2.1.0.16780 (Win32) --> "C:\Programas\Firebird\Firebird_2_1\unins000.exe"

GIMP 2.4.6 --> "C:\Programas\GIMP-2.0\setup\unins000.exe"

Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

GTA San Andreas --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x7  -removeonly

High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2 --> "C:\Documents and Settings\Dark\Ambiente de trabalho\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

HTMLPad 2007 Pro v8.0 --> "C:\Programas\HTMLPad 2007\unins000.exe"

ICQ6 --> "C:\Programas\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly

IZArc 3.4.1.6 --> C:\Programas\IZArc\unins000.exe

Java 2 Runtime Environment, SE v1.5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}

Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

K-Lite Mega Codec Pack 1.33 --> "C:\Programas\K-Lite Codec Pack\unins000.exe"

Lexmark X5100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBAUN5C.EXE -dLexmark X5100 Series

LogMeIn --> MsiExec.exe /I{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}

Malwarebytes' Anti-Malware --> "C:\Programas\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Access MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-0015-0816-0000-0000000FF1CE}

Microsoft Office Enterprise 2007 --> "C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-0016-0816-0000-0000000FF1CE}

Microsoft Office Groove MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-00BA-0816-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-0044-0816-0000-0000000FF1CE}

Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-00A1-0816-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-001A-0816-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-0018-0816-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-001F-0816-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-002C-0816-0000-0000000FF1CE}

Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-0019-0816-0000-0000000FF1CE}

Microsoft Office Shared MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-006E-0816-0000-0000000FF1CE}

Microsoft Office Word MUI (Portuguese (Portugal)) 2007 --> MsiExec.exe /X{90120000-001B-0816-0000-0000000FF1CE}

Microsoft Train Simulator --> "C:\Programas\Microsoft Games\Train Simulator\UNINSTAL.EXE" /runtemp /addremove

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mozilla Firefox (3.0.1) --> C:\Programas\Mozilla Firefox\uninstall\helper.exe

Need for Speed™ Most Wanted --> C:\Programas\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe

Nero 7 Premium --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}

Phase 5 HTML-Editor --> MsiExec.exe /I{2E2B36B5-3A97-4991-B755-F4AF26843D00}

Picasa 2 --> "C:\Programas\Picasa2\Uninstall.exe"

PowerCONVERTER4 --> C:\PROGRA~1\POWERC~1\UNWISE.EXE C:\PROGRA~1\POWERC~1\INSTALL.LOG

ProTrain Semmering 1.0 --> "C:\Programas\Microsoft Games\Train Simulator\SETUP\setup.exe" /u

Rapid PHP 2007 v8.0 --> "C:\Programas\Rapid PHP 2007\unins000.exe"

Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x816  -removeonly

SAM Broadcaster (remove only) --> "C:\Programas\SpacialAudio\SAMBC\uninstall.exe"

Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}

Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}

Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

SlideShow Desktop --> RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{18D4E4B9-7BE5-48CE-BB11-BEFDC5AED350}\Setup.exe" 

SmartFTP Client --> MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}

SmartFTP Client 3.0 Setup Files (remove only) --> C:\Programas\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe

Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

Thoosje Sidebar V2.3 --> C:\Programas\Thoosje Sidebar V2.3\Uninstall.exe

TomTom HOME --> C:\Programas\TomTom HOME 2\Uninstall TomTom HOME.exe

TomTom HOME --> C:\Programas\TomTom HOME 2\Uninstall TomTom HOME.exe -RESTOREKEY=tomtomhome

TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}

Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}

VC_MergeModuleToMSI --> MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}

VeryDOC PowerPoint to Flash Converter v2.0 --> "C:\Programas\VeryDOC PowerPoint to Flash Converter v2.0\unins000.exe"

VIA Platform Device Manager --> C:\PROGRA~1\FICHEI~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} 

VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

Winamp --> "C:\Programas\Winamp\UninstWA.exe"

Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}

Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
 
 

-- Application Event Log -------------------------------------------------------
 

Event Record #/Type2010 / Success

Event Submitted/Written: 08/14/2008 03:00:26 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.
 

Event Record #/Type2005 / Error

Event Submitted/Written: 08/14/2008 02:26:11 PM

Event ID/Source: 1802 / SecurityCenter

Event Description:

O 'Serviço do centro de segurança do Windows' não conseguiu estabelecer consultas de eventos com WMI para monitorizar Antivírus e Firewall de terceiros.
 

Event Record #/Type2002 / Error

Event Submitted/Written: 08/14/2008 02:25:20 PM

Event ID/Source: 2004 / PerfNet

Event Description:

Não foi possível abrir o serviço de servidor. Os dados de desempenho de servidor 

não serão devolvidos. O código de erro devolvido encontra-se nos dados DWORD 0.
 

Event Record #/Type2001 / Error

Event Submitted/Written: 08/14/2008 02:25:20 PM

Event ID/Source: 2004 / PerfNet

Event Description:

Não foi possível abrir o serviço de servidor. Os dados de desempenho de servidor 

não serão devolvidos. O código de erro devolvido encontra-se nos dados DWORD 0.
 

Event Record #/Type1966 / Success

Event Submitted/Written: 08/13/2008 11:56:06 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.
 
 
 

-- Security Event Log ----------------------------------------------------------
 

No Errors/Warnings found.
 
 

-- System Event Log ------------------------------------------------------------
 

Event Record #/Type3180 / Error

Event Submitted/Written: 08/14/2008 09:36:18 PM

Event ID/Source: 1002 / Dhcp

Event Description:

A concessão 81.193.245.46 do endereço IP para a placa de rede com o endereço de rede 00196622C943 foi 

negado pelo servidor DHCP 192.168.1.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
 

Event Record #/Type3177 / Error

Event Submitted/Written: 08/14/2008 09:32:42 PM

Event ID/Source: 7034 / Service Control Manager

Event Description:

O serviço Windows Image Acquisition (WIA) terminou inesperadamente. Isto aconteceu 1 vez(es).
 

Event Record #/Type3175 / Error

Event Submitted/Written: 08/14/2008 09:31:15 PM

Event ID/Source: 1002 / Dhcp

Event Description:

A concessão 85.240.83.180 do endereço IP para a placa de rede com o endereço de rede 00196622C943 foi 

negado pelo servidor DHCP 192.168.1.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
 

Event Record #/Type3174 / Warning

Event Submitted/Written: 08/14/2008 09:29:35 PM

Event ID/Source: 1003 / Dhcp

Event Description:

O computador não conseguiu renovar o respectivo endereço de rede (do servidor

DHCP) para a placa de rede com o endereço de rede 00196622C943. Ocorreu o seguinte

erro: 

%%121.

O computador continuará a tentar obter um endereço por si só

a partir do servidor de endereços de rede (DHCP).
 

Event Record #/Type3160 / Warning

Event Submitted/Written: 08/14/2008 05:18:26 PM

Event ID/Source: 1007 / Dhcp

Event Description:

O computador configurou automaticamente o endereço IP para a placa de

rede com o endereço de rede 00196622C943. O endereço IP que está a ser utilizado é 169.254.184.91.
 
 
 

-- End of Deckard's System Scanner: finished at 2008-08-14 21:48:31 ------------

O.K. :) Du bist entlassen bis zum nächsten Mal....

Absicherung

Les das hier ab dem dritter Schritt(Systemabsicherung) durch :)

Gruß cad

hmm nun sag mal wie mache ich den nun ne backup cd?

Stichworte hierzu:
NT-Backup (Sicherung auf andere Festplatte)
Freewareprogrammen
kostenpflichtige Backupprogramme wie z.B. Acronis
Nero
Falls Du eine Seagate oder Maxtorfestplatte hast->discwizard
das ist eine kostenlose abgespeckte Acronis 10 Version :)

Benutze die Boardsuche :) oder Google

Gruß cad