| |
| |||||||
Log-Analyse und Auswertung: Ungewollte pop-ups/ungewollte links aus Google -PLEASE HELP -log insideWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
24.01.2010, 16:56
| #1 |
 |  Ungewollte pop-ups/ungewollte links aus Google -PLEASE HELP -log inside Hallo Leute, Ich hoffe ich kann mein problem richtig erklaeren. Immer wenn ich im Internet surfe komme ungewollte pop-ups zu verschiedenen seiten obwohl die pop-ups geblockt sind. Weiters verlinkt google auf falsche Seiten... Ich habe schon folgende programme versucht: Super AntiSpyware, Spybot... Die programme habe zwar war cookies und andere adware geloescht, aber trotzdem bleibt das Problem. Hier mein HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:39:49 AM, on 1/24/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe C:\Program Files\DDNI\DIBS\DDNIService.exe C:\QSTART.SYS\config\DVMExportService.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\BisonC07\BisonM07.exe C:\Program Files\Lenovo\VeriFaceIII\PManage.exe C:\Program Files\Lenovo\Energy Management\utility.exe C:\Program Files\Lenovo\Energy Management\Energy Management.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe E:\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [BisonMnt] C:\WINDOWS\BisonC07\BisonM07.exe O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - h**p://www.lenovo.com (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/html - {9128e9ad-84b2-4339-be76-6be50dade6ff} - (no file) O20 - AppInit_DLLs: nehozipa.dll c:\windows\system32\ronilipi.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: PicNotify - C:\WINDOWS\SYSTEM32\PicNotify.dll O21 - SSODL: gosimarag - {e1479e4d-c5d8-43e9-bbd3-b272d328f3d0} - (no file) O22 - SharedTaskScheduler: jugezatag - {e1479e4d-c5d8-43e9-bbd3-b272d328f3d0} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: DDNIMSGService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe O23 - Service: DDNIService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\DIBS\DDNIService.exe O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\QSTART.SYS\config\DVMExportService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing) O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- End of file - 10285 bytes Ich hoffe das mir jemand helfen kann...Vielen Dank im voraus!! Geändert von Amerikaner (24.01.2010 um 17:28 Uhr) |
|
24.01.2010, 22:03
| #2 |
  | Ungewollte pop-ups/ungewollte links aus Google -PLEASE HELP -log inside Hi,
__________________Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter c:\windows\system32\nehozipa.dll
c:\windows\system32\ronilipi.dll
C:\WINDOWS\SYSTEM32\PicNotify.dll
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Fullscan und alles bereinigen lassen! Log posten. RSIT Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile. * Lade Random's System Information Tool (RSIT) herunter (http://filepony.de/download-rsit/) * speichere es auf Deinem Desktop. * Starte mit Doppelklick die RSIT.exe. * Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren. * Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren. * In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept". * Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen. * Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage. * Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet. * Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread. Gmer: http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (http://www.gmer.net/#files), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. chris
__________________ |
|
24.01.2010, 23:28
| #3 |
| | Ungewollte pop-ups/ungewollte links aus Google -PLEASE HELP -log inside @Virustotal:
__________________Hier der Log fuer die C:\WINDOWS\SYSTEM32\PicNotify.dll datei, die beiden anderen dll Dateien konnte ich nicht finden.... Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.50 2010.01.24 - AhnLab-V3 5.0.0.2 2010.01.23 - AntiVir 7.9.1.150 2010.01.24 - Antiy-AVL 2.0.3.7 2010.01.22 - Authentium 5.2.0.5 2010.01.24 - Avast 4.8.1351.0 2010.01.24 - AVG 9.0.0.730 2010.01.24 - BitDefender 7.2 2010.01.24 - CAT-QuickHeal 10.00 2010.01.22 - ClamAV 0.94.1 2010.01.24 - Comodo 3696 2010.01.24 - DrWeb 5.0.1.12222 2010.01.24 - eSafe 7.0.17.0 2010.01.24 - eTrust-Vet 35.2.7255 2010.01.22 - F-Prot 4.5.1.85 2010.01.24 - F-Secure 9.0.15370.0 2010.01.24 - Fortinet 4.0.14.0 2010.01.24 - GData 19 2010.01.24 - Ikarus T3.1.1.80.0 2010.01.24 - Jiangmin 13.0.900 2010.01.24 - K7AntiVirus 7.10.952 2010.01.22 - Kaspersky 7.0.0.125 2010.01.24 - McAfee 5871 2010.01.24 - McAfee+Artemis 5871 2010.01.24 - McAfee-GW-Edition 6.8.5 2010.01.24 - Microsoft 1.5405 2010.01.24 - NOD32 4802 2010.01.24 - Norman 6.04.03 2010.01.24 - nProtect 2009.1.8.0 2010.01.24 - Panda 10.0.2.2 2010.01.24 - PCTools 7.0.3.5 2010.01.24 - Rising 22.31.06.04 2010.01.24 - Sophos 4.50.0 2010.01.24 - Sunbelt 3.2.1858.2 2010.01.24 - Symantec 20091.2.0.41 2010.01.24 - TheHacker 6.5.0.9.161 2010.01.24 - TrendMicro 9.120.0.1004 2010.01.24 - VBA32 3.12.12.1 2010.01.23 - ViRobot 2010.1.23.2152 2010.01.23 - VirusBuster 5.0.21.0 2010.01.24 - weitere Informationen File size: 1167360 bytes MD5...: 53637192d09a794ddacee3c14e43f403 SHA1..: c735ba2bad85068c25696f39572037d63fde23b9 SHA256: 38d72faa93e95f593827aaf22644b486d78004b28670e4045c2b9fc2a43e4e02 ssdeep: 12288:kQADkB52j7ZfFcA5otXDiv9EKosVv6OWlL:Io52j7sootXDiqKDN PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x36d4d timedatestamp.....: 0x4987ddd7 (Tue Feb 03 06:01:59 2009) machinetype.......: 0x14c (I386) ( 7 sections ) name viradd virsiz rawdsiz ntrpy md5 .textbss 0x1000 0x341e1 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .text 0x36000 0x6f10c 0x70000 5.55 52f2d80ff1444f3d3e4434898b5fdd21 .rdata 0xa6000 0x15a10 0x16000 3.73 66a57eaf34513d52826e59b17e06a82b .data 0xbc000 0xe9b0 0x2000 1.98 3ef8bd57e746f6830e9614d253a4bd63 .idata 0xcb000 0x1964 0x2000 3.84 10f16135471d6443adac5fafcc196c3a .rsrc 0xcd000 0x8bcbc 0x8c000 3.30 95c57f420fd9bbb4302e25d594c676df .reloc 0x159000 0x565f 0x6000 5.57 ab7460e6591af891a930cf57ddfdf97a ( 11 imports ) > OLEACC.dll: GetStateTextW, WindowFromAccessibleObject, AccessibleObjectFromEvent, GetRoleTextW > PSAPI.DLL: EnumProcessModules, EnumProcesses, GetModuleBaseNameW > FaceVerify.dll: ReleaseFaceVerify, CreateFaceVerify > Apblend.dll: HookProc, UnhookProc > KERNEL32.dll: SetStdHandle, WriteConsoleA, lstrlenW, IsBadWritePtr, lstrcmpiA, VirtualProtect, VirtualQuery, GetVersionExW, GetModuleHandleW, GetPrivateProfileStringW, WritePrivateProfileStringW, OutputDebugStringW, GetCurrentThreadId, TerminateProcess, CloseHandle, OpenProcess, FindNextChangeNotification, WaitForSingleObject, FindFirstChangeNotificationW, DeleteCriticalSection, GetModuleFileNameW, GetProcAddress, LoadLibraryW, DeleteFileW, CreateDirectoryW, GetSystemDirectoryW, InitializeCriticalSection, DisableThreadLibraryCalls, LeaveCriticalSection, WriteFile, GetLocalTime, GetConsoleOutputCP, GetFileSize, CreateFileW, EnterCriticalSection, CreateThread, GetLastError, FreeLibrary, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, GetLocaleInfoA, GetDateFormatA, GetTimeFormatA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetConsoleMode, GetConsoleCP, FlushFileBuffers, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, SetHandleCount, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, HeapReAlloc, GetModuleFileNameA, SetConsoleCtrlHandler, ExitProcess, GetTimeZoneInformation, GetLocaleInfoW, CreateFileA, CompareStringA, CompareStringW, SetFilePointer, SetEnvironmentVariableA, GetFileType, WriteConsoleW, OutputDebugStringA, GetStdHandle, GetCurrentThread, SetLastError, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleHandleA, InterlockedIncrement, InterlockedDecrement, Sleep, InterlockedExchange, RtlUnwind, RaiseException, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapValidate, IsBadReadPtr, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, FatalAppExitA, DebugBreak, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, LoadLibraryA, GetACP, GetOEMCP, GetCPInfo, IsValidCodePage > USER32.dll: SetWindowPos, GetWindow, EnumChildWindows, GetDlgItem, SetWindowTextW, SetFocus, SendMessageW, GetWindowRect, ClientToScreen, CallNextHookEx, SetWindowsHookExW, DefWindowProcW, BeginPaint, GetClientRect, DrawTextW, EndPaint, PostQuitMessage, LoadCursorW, RegisterClassExW, UnhookWinEvent, SetWinEventHook, PostMessageW, GetClassNameW, UnhookWindowsHookEx, FindWindowW, LockWorkStation, GetSystemMetrics, DestroyWindow, GetWindowLongW, CreateWindowExW > ADVAPI32.dll: RegOpenKeyW, RegCreateKeyW, RegSetValueExW, RegQueryValueExW, RegCloseKey, RegDeleteValueW > SHELL32.dll: SHGetSpecialFolderPathW > ole32.dll: CoInitialize > OLEAUT32.dll: -, -, - > NETAPI32.dll: NetUserEnum, NetApiBufferFree ( 9 exports ) HeadCreateShell, HeadLock, HeadLogoff, HeadLogon, HeadShutdown, HeadStartScreenSaver, HeadStartup, HeadStopScreenSaver, HeadUnlock RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (75.0%) Win32 Executable Generic (16.9%) Generic Win/DOS Executable (3.9%) DOS Executable Generic (3.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned |
|
24.01.2010, 23:30
| #4 |
| | Ungewollte pop-ups/ungewollte links aus Google -PLEASE HELP -log inside Malwarebytes Antimalware (MAM) Malwarebytes' Anti-Malware 1.44 Database version: 3628 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 1/24/2010 5:23:32 PM mbam-log-2010-01-24 (17-23-32).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 160758 Time elapsed: 52 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
24.01.2010, 23:35
| #5 |
| | Ungewollte pop-ups/ungewollte links aus Google -PLEASE HELP -log inside RSIT log.txt Logfile of random's system information tool 1.06 (written by random/random) Run by Gabi at 2010-01-24 17:31:26 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 95 GB (89%) free of 106 GB Total RAM: 1014 MB (43% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:31:55 PM, on 1/24/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DDNI\DIBS\DDNIService.exe C:\QSTART.SYS\config\DVMExportService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\BisonC07\BisonM07.exe C:\Program Files\Lenovo\VeriFaceIII\PManage.exe C:\Program Files\Lenovo\Energy Management\utility.exe C:\Program Files\Lenovo\Energy Management\Energy Management.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Gabi\Desktop\RSIT.exe E:\Gabi.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [BisonMnt] C:\WINDOWS\BisonC07\BisonM07.exe O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/html - {9128e9ad-84b2-4339-be76-6be50dade6ff} - (no file) O20 - AppInit_DLLs: nehozipa.dll c:\windows\system32\ronilipi.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: PicNotify - C:\WINDOWS\SYSTEM32\PicNotify.dll O21 - SSODL: gosimarag - {e1479e4d-c5d8-43e9-bbd3-b272d328f3d0} - (no file) O22 - SharedTaskScheduler: jugezatag - {e1479e4d-c5d8-43e9-bbd3-b272d328f3d0} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: DDNIMSGService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe O23 - Service: DDNIService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\DIBS\DDNIService.exe O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\QSTART.SYS\config\DVMExportService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing) O23 - Service: System Repair Windows Update Monitor (System_Repair_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- End of file - 10214 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job C:\WINDOWS\tasks\McDefragTask.job C:\WINDOWS\tasks\McQcTask.job C:\WINDOWS\tasks\User_Feed_Synchronization-{E0937533-BB98-490D-955D-A0280C0E943C}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-13 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-11-04 62784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-13 225280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-13 225280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-24 17567744] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-04-09 1512744] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-12-02 35184] "IdeaNotesUser"=C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.ex [2009-01-17 234160] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752] "BisonMnt"=C:\WINDOWS\BisonC07\BisonM07.exe [2008-10-13 32768] "VeriFaceManager"=C:\Program Files\Lenovo\VeriFaceIII\PManage.exe [2009-07-02 323584] "EnergyUtility"=C:\Program Files\Lenovo\Energy Management\utility.exe [2009-01-03 4462464] "Energy Management"=C:\Program Files\Lenovo\Energy Management\Energy Management.exe [2008-12-25 1277952] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-28 1218008] "Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-13 483328] ""= [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-01-05 2002160] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="nehozipa.dll c:\windows\system32\ronilipi.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-02-14 208896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PicNotify] C:\WINDOWS\system32\PicNotify.dll [2009-07-02 1167360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] gosimarag - {e1479e4d-c5d8-43e9-bbd3-b272d328f3d0} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] jugezatag - {e1479e4d-c5d8-43e9-bbd3-b272d328f3d0} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui" "C:\Program Files\McAfee\VirusScan\mcsysmon.exe"="C:\Program Files\McAfee\VirusScan\mcsysmon.exe:*:Enabled:mcsysmon" "C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon" "C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe"="C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe:*:Enabled:UpdateMonitor" "C:\Program Files\McAfee\MPF\MpfSrv.exe"="C:\Program Files\McAfee\MPF\MpfSrv.exe:*:Enabled:MPFSrv" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2010-01-24 17:31:26 ----D---- C:\rsit 2010-01-24 11:58:42 ----A---- C:\WINDOWS\ntbtlog.txt 2010-01-23 22:18:18 ----D---- C:\VundoFix Backups 2010-01-23 22:18:18 ----A---- C:\VundoFix.txt 2010-01-23 21:33:32 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2010-01-23 21:33:12 ----D---- C:\Program Files\SUPERAntiSpyware 2010-01-23 21:33:12 ----D---- C:\Documents and Settings\Gabi\Application Data\SUPERAntiSpyware.com 2010-01-23 21:32:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2010-01-23 20:32:51 ----D---- C:\Program Files\Spybot - Search & Destroy 2010-01-23 20:32:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-01-23 18:16:17 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2010-01-23 17:55:44 ----D---- C:\Documents and Settings\Gabi\Application Data\Malwarebytes 2010-01-23 17:55:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-01-23 17:55:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-01-18 21:35:12 ----D---- C:\Program Files\Shared 2010-01-10 13:52:27 ----D---- C:\Documents and Settings\Gabi\Application Data\skypePM 2010-01-10 13:47:41 ----D---- C:\Documents and Settings\Gabi\Application Data\Skype 2010-01-10 13:46:57 ----D---- C:\Program Files\Common Files\Skype 2010-01-10 13:46:52 ----RD---- C:\Program Files\Skype 2010-01-10 13:46:46 ----D---- C:\Documents and Settings\All Users\Application Data\Skype ======List of files/folders modified in the last 1 months====== 2010-01-24 17:31:34 ----D---- C:\WINDOWS\TEMP 2010-01-24 17:31:27 ----D---- C:\WINDOWS\Prefetch 2010-01-24 13:03:14 ----D---- C:\WINDOWS\system32 2010-01-24 13:03:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-01-24 12:59:37 ----D---- C:\WINDOWS 2010-01-24 12:59:02 ----A---- C:\sysiclog.txt 2010-01-24 12:31:55 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-24 11:58:58 ----D---- C:\Documents and Settings 2010-01-24 11:57:46 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-01-23 21:33:23 ----SHD---- C:\WINDOWS\Installer 2010-01-23 21:33:12 ----RD---- C:\Program Files 2010-01-23 21:32:44 ----D---- C:\Program Files\Common Files 2010-01-23 21:08:25 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-01-23 21:08:25 ----D---- C:\WINDOWS\system32\drivers 2010-01-23 21:05:42 ----SD---- C:\WINDOWS\Tasks 2010-01-23 20:06:56 ----D---- C:\WINDOWS\Provisioning 2010-01-23 19:06:36 ----HD---- C:\WINDOWS\inf 2010-01-23 18:16:12 ----D---- C:\WINDOWS\WinSxS 2010-01-15 22:31:32 ----A---- C:\WINDOWS\Brownie.ini 2010-01-05 20:06:34 ----SD---- C:\Documents and Settings\Gabi\Application Data\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-11-04 214664] R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-15 120136] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R2 tvtumon;tvtumon; C:\WINDOWS\system32\DRIVERS\tvtumon.sys [2008-08-28 48192] R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys [2008-01-11 9472] R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-09-10 1386624] R3 Cam5607;Lenovo EasyCamera ; C:\WINDOWS\System32\Drivers\BisonC07.sys [2009-04-17 1226792] R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-24 5056000] R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-11-04 79816] R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-11-04 35272] R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-11-04 40552] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-03-27 130816] R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-04-09 208816] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S1 SRTSP;SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS [] S1 SRTSPX;SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [] S1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736] S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-11-04 34248] S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [] S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUStor.sys [] S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992] S3 RtsUIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys [] S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys [] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2007-05-23 128104] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WSVD;WSVD; \??\C:\WINDOWS\system32\drivers\WSVD.sys [] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312] R2 DDNIMSGService;DDNIMSGService; C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2009-08-24 172720] R2 DDNIService;DDNIService; C:\Program Files\DDNI\DIBS\DDNIService.exe [2009-09-11 160432] R2 DvmMDES;DeviceVM Meta Data Export Service; C:\QSTART.SYS\config\DVMExportService.exe [2009-03-25 315392] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-10-28 865832] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-07 359952] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-11-04 144704] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-26 895696] R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor; C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-09-26 430080] R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-11-04 606736] S2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 [] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-12-10 69632] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-22 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-22 66240] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-29 741376] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-10-27 365072] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-13 28933976] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-13 87840] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-13 45272] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-29 122880] S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-13 240416] -----------------EOF----------------- info.txt info.txt logfile of random's system information tool 1.06 2010-01-24 17:32:01 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Acrobat.com-->MsiExec.exe /X{77DCDCE3-2DED-62F3-8154-05E745472D07} Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002} Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop 7.0-->C:\WINDOWS\ISUN0407.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 9.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90100000001} Broadcom WLAN-->C:\Program Files\InstallShield Installation Information\{8991E763-21F5-4DEA-A938-5D9D77DCB488}\setup.exe -runfromtemp -l0x0009 -removeonly Brother HL-2040-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B71AD25-4C12-4813-90EA-43CDBAFBBABD}\setup.exe" -l0x9 -removeonly /uninst Business Contact Manager for Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923} Business Contact Manager for Outlook 2007 SP1-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923} DIBS-->MsiExec.exe /X{C7FB1A71-D808-4CD2-997D-837B39EA7EB0} Energy Management-->"C:\Program Files\InstallShield Installation Information\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}\setup.exe" -runfromtemp -l0x0009 -removeonly HijackThis 2.0.2-->"E:\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 2.0 (KB922981)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {A1D5A6B2-B620-41F9-B435-10A4FF3C18A2} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} Hotfix for Microsoft .NET Framework 2.0 (KB923319)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {3C87D1CF-1592-4BFA-9B3E-380580EFAF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall Lenovo EasyCamera-->C:\Program Files\InstallShield Installation Information\{4BB1DCED-84D3-47F9-B718-5947E904593E}\setup.exe -runfromtemp -l0x0009 -removeonly Lenovo First Boot-->MsiExec.exe /X{F2602F16-02D1-4F1C-99A5-E246C522A59D} Lenovo Idea Central-->C:\WINDOWS\ddniuninst.exe Lenovo Idea Notes-->MsiExec.exe /X{BE79E274-824C-4F9C-9534-587132E29AA1} Lenovo OneKey Recovery-->"C:\Program Files\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall Lenovo Quick Start-->MsiExec.exe /X{357B11ED-5417-4CF3-8EB2-386299BC30E0} Lenovo System Repair - Windows Update Monitor-->C:\Program Files\InstallShield Installation Information\{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}\setup.exe -runfromtemp -l0x0009 -removeonly Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9} Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D} Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F} Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove Microsoft SQL Server Native Client-->MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E} Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE} Microsoft SQL Server VSS Writer-->MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall USB2.0 Card Reader Software-->"C:\Program Files\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x0009 -removeonly VeriFace III-->C:\Program Files\Lenovo\VeriFaceIII\Uninstall.exe Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4} Windows Live Toolbar-->MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======Security center information====== AV: McAfee VirusScan FW: McAfee Personal Firewall ======System event log====== Computer Name: LENOVO-4903350B Event Code: 7000 Message: The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified. Record Number: 89 Source Name: Service Control Manager Time Written: 20091210194517.000000-300 Event Type: error User: Computer Name: LENOVO-4903350B Event Code: 20 Message: Printer Driver Adobe PDF Converter for Windows NT x86 Version-3 was added or updated. Files:- PSCRIPT5.DLL, Ps5ui.dll, ADPDF7.PPD, Pscript.hlp, AD2KREGP.DLL, AD2KUIGP.DLL, AD2KGELP.INI, PSCRIPT.NTF. Record Number: 77 Source Name: Print Time Written: 20091210092442.000000-300 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: LENOVO-4903350B Event Code: 20 Message: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll. Record Number: 57 Source Name: Print Time Written: 20091210090752.000000-300 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: LENOVO-4903350B Event Code: 7026 Message: The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX Record Number: 6 Source Name: Service Control Manager Time Written: 20091209193824.000000-300 Event Type: error User: Computer Name: LENOVO-4903350B Event Code: 7000 Message: The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified. Record Number: 5 Source Name: Service Control Manager Time Written: 20091209193823.000000-300 Event Type: error User: =====Application event log===== Computer Name: LENOVO-4903350B Event Code: 2002 Message: The MOF file created for the Outlook service could not be loaded. The error code returned by the MOF Compiler is contained in the Record Data. Before the performance counters of this service can be collected by WMI the MOF file will need to be loaded manually. Contact the vendor of this service for additional information. Record Number: 75 Source Name: LoadPerf Time Written: 20091213223539.000000-300 Event Type: warning User: Computer Name: LENOVO-4903350B Event Code: 1517 Message: Windows saved user LENOVO-4903350B\Gabi registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 52 Source Name: Userenv Time Written: 20091210092943.000000-300 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: LENOVO-4903350B Event Code: 5603 Message: A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. Record Number: 49 Source Name: WinMgmt Time Written: 20091210090640.000000-300 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: LENOVO-4903350B Event Code: 5603 Message: A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. Record Number: 48 Source Name: WinMgmt Time Written: 20091210090640.000000-300 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: LENOVO-4903350B Event Code: 1015 Message: Failed to connect to server. Error: 0x800401F0 Record Number: 23 Source Name: MsiInstaller Time Written: 20091209193316.000000-300 Event Type: warning User: LENOVO-4903350B\Gabi ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel "PROCESSOR_REVISION"=1c02 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- |
|
24.01.2010, 23:57
| #6 |
| | Ungewollte pop-ups/ungewollte links aus Google -PLEASE HELP -log inside GMER: Hat beim start nichts gefunden und beim Scan kam der blaue Bildschirm...auch weitere versuche sind gescheitert... |
|
| Themen zu Ungewollte pop-ups/ungewollte links aus Google -PLEASE HELP -log inside |
| adobe, adware, antispyware, bho, excel, explorer, falsche seite, firewall, google, hijack, hijackthis, hijackthis log, internet, internet explorer, internet security, lenovo, log, microsoft, pdf, pop-ups, problem, programme, security, seiten, software, super, superantispyware, system, system repair, toolbars, windows, windows xp |
Hybrid-Darstellung
