Mam problem z ie dolaczam logi hj i sr


(Mariusz Kasia) #1

Prosze o pomoc nadal mam przekierowania w ie na rozne dziwne strony ktore uprczywie zmieniaja strone z ktorej chce kozystac-sa to strony typu przeskanuje ci koma,lub jakies reklamy wiekrzosc ma tytul auto blank tudno je zamknac dopuki sie nie doladuja .serdeczne dzieki za jakakolwiek pomoc.Dolaczam loga z hisjck i silent runners, i nie potrafie podlaczyc tez zadnego firewala wszyskie system mi wywala

Logfile of HijackThis v1.99.1

Scan saved at 10:35:32, on 28.10.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Programme\TGTSoft\StyleXP\StyleXPService.exe

D:\WINDOWS\system32\LEXBCES.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\LEXPPS.EXE

D:\WINDOWS\Explorer.EXE

D:\Programme\FRITZ!DSL\IGDCTRL.EXE

D:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE

D:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

D:\Programme\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe

D:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

D:\Programme\F-Secure Internet Security\backweb\1245240\Program\fspex.exe

D:\Programme\F-Secure Internet Security\Common\FSMA32.EXE

D:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\Programme\F-Secure Internet Security\Common\FSMB32.EXE

D:\WINDOWS\system32\oodag.exe

D:\WINDOWS\System32\svchost.exe

D:\Programme\F-Secure Internet Security\Common\FCH32.EXE

D:\Programme\F-Secure Internet Security\Common\FAMEH32.EXE

D:\Programme\F-Secure Internet Security\Anti-Virus\fsqh.exe

D:\Programme\F-Secure Internet Security\Anti-Virus\fsrw.exe

D:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe

D:\Programme\Java\jre1.5.0_09\bin\jusched.exe

D:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe

D:\WINDOWS\system32\LVCOMSX.EXE

D:\Programme\F-Secure Internet Security\Anti-Virus\fsav32.exe

D:\Programme\F-Secure Internet Security\Common\FSM32.EXE

D:\Programme\Logitech\Video\LogiTray.exe

D:\WINDOWS\SOUNDMAN.EXE

D:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe

D:\Programme\CyberLink\PowerDVD\PDVDServ.exe

D:\Programme\F-Secure Internet Security\FSGUI\fsguidll.exe

D:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe

D:\Programme\YDP\YdpDict\Watch.exe

D:\Programme\Kalendarz XP\Kalendarz.exe

D:\Programme\Logitech\Video\FxSvr2.exe

D:\Programme\FRITZ!DSL\FwebProt.exe

D:\Programme\FRITZ!DSL\StCenter.EXE

C:\hijack this\hijackthis.com


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.de/Herzlich_Willkommen/b1/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - D:\Programme\TGTSoft\StyleXP\TGT_BHO.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [NVMixerTray] "D:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [F-Secure Manager] "D:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "D:\Programme\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Programme\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Programme\Logitech\Video\ISStart.exe 

O4 - HKLM\..\Run: [LogitechVideoTray] D:\Programme\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickFinder Scheduler] "D:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE"

O4 - HKLM\..\Run: [RemoteControl] D:\Programme\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKCU\..\Run: [STYLEXP] D:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] D:\Programme\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Malware Sweeper] D:\Programme\MalwareSweeper.com\Malware Sweeper\MalSwep.exe /STARTUP

O4 - Startup: FRITZ!DSL Protect.lnk = D:\Programme\FRITZ!DSL\FwebProt.exe

O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Aktywacja Testera.lnk = D:\Programme\YDP\YdpDict\Watch.exe

O4 - Global Startup: F-Secure 2006 OEM.lnk = D:\Programme\F-Secure Internet Security\backweb\1245240\Program\fspex.exe

O4 - Global Startup: Kalendarz XP.lnk = D:\Programme\Kalendarz XP\Kalendarz.exe

O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm

O8 - Extra context menu item: &Zablokuj to okienko - D:\Programme\F-Secure Internet Security\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Œci¹gnij przy pomocy FlashGet'a - D:\Programme\FlashGet\jc_link.htm

O8 - Extra context menu item: Œci¹gnij wszystko przy pomocy FlashGet'a - D:\Programme\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Oslona programu IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: Oslona programu IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll

O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll

O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll

O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll

O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140045166078

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - file://F:\ols\connect\fscax.cab

O16 - DPF: {A6916797-7ABD-4F07-93AE-098B6F543129} (CO2Player Class) - http://lemontv.pl/lmctrlp.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{696F73A8-6F8A-4D3F-9EC4-268215082070}: NameServer = 192.168.122.252,192.168.122.253

O17 - HKLM\System\CS1\Services\Tcpip\..\{696F73A8-6F8A-4D3F-9EC4-268215082070}: NameServer = 192.168.122.252,192.168.122.253

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVM IGD CTRL Service - AVM Berlin - D:\Programme\FRITZ!DSL\IGDCTRL.EXE

O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - F-Secure Internet Security 2005 - D:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE

O23 - Service: Boonty Games - BOONTY - D:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe

O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - D:\Programme\Gemeinsame Dateien\AVM\de_serv.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - D:\Programme\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - D:\Programme\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe

O23 - Service: StyleXPService - Unknown owner - D:\Programme\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe

i za poleceniem sr

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"STYLEXP" = "D:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide" [empty string]

"LogitechSoftwareUpdate" = "D:\Programme\Logitech\Video\ManifestEngine.exe boot" ["Logitech Inc."]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""D:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]

"Malware Sweeper" = "D:\Programme\MalwareSweeper.com\Malware Sweeper\MalSwep.exe /STARTUP" [file not found]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SunJavaUpdateSched" = ""D:\Programme\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"NVMixerTray" = ""D:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"" ["NVIDIA Corporation"]

"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"LVCOMSX" = "D:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]

"NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"F-Secure Manager" = ""D:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]

"F-Secure TNB" = ""D:\Programme\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]

"F-Secure Startup Wizard" = ""D:\Programme\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot" ["F-Secure Corporation"]

"LogitechVideoRepair" = "D:\Programme\Logitech\Video\ISStart.exe " ["Logitech Inc."]

"LogitechVideoTray" = "D:\Programme\Logitech\Video\LogiTray.exe" ["Logitech Inc."]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"QuickFinder Scheduler" = ""D:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE"" ["Novell, Inc., c/o Corel Corporation Limited"]

"RemoteControl" = "D:\Programme\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."]

"(Default)" = (unknown data type)


HKLM\Software\Microsoft\Active Setup\Installed Components\

{8b15971b-5355-4c82-8c07-7e181ea07608}\(Default) = "Fax"

                                       \StubPath = "rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser" [MS]

{94de52c8-2d59-4f1b-883e-79663d2d9a8c}\(Default) = "Fax Provider"

                                       \StubPath = "rundll32.exe D:\WINDOWS\System32\Setup\FxsOcm.dll,XP_UninstallProvider" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

                   \InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "D:\Programme\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

{C333CF63-767F-4831-94AC-E683D962C63C}\(Default) = "TGTSoft Explorer Toolbar Changer"

  -> {HKLM...CLSID} = "CoTGT_BHO Class"

                   \InProcServer32\(Default) = "D:\Programme\TGTSoft\StyleXP\TGT_BHO.dll" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"

  -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]

"{A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A}" = "XnView Shell Extension"

  -> {HKLM...CLSID} = "XnViewShell Class"

                   \InProcServer32\(Default) = "D:\Programme\XnView\XnViewShellExt.dll" [empty string]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension"

  -> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension"

                   \InProcServer32\(Default) = "D:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop-Explorer"

  -> {HKLM...CLSID} = "Desktop-Explorer"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "Eigene Logitech-Bilder"

  -> {HKLM...CLSID} = "Eigene Logitech-Bilder"

                   \InProcServer32\(Default) = "D:\Programme\Logitech\Video\Namespc2.dll" ["Logitech Inc."]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

                   \InProcServer32\(Default) = "D:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

                   \InProcServer32\(Default) = "D:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"

  -> {HKCU...CLSID} = "TuneUp Shredder Shell Context Menu Extension"

                   \InProcServer32\(Default) = ""D:\Programme\TuneUpUtilities2006\sdshelex.dll"" ["TuneUp Software GmbH"]

"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension"

  -> {HKLM...CLSID} = "a-squared Free Context Menu"

                   \InProcServer32\(Default) = "D:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]

"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a-squared Context Menu Shell Extension"

  -> {HKLM...CLSID} = "a-squared context menu"

                   \InProcServer32\(Default) = "D:\PROGRA~1\A-SQUA~2\A2CONT~1.DLL" [file not found]


HKLM\System\CurrentControlSet\Control\Session Manager\

<> "BootExecute" = "autocheck autochk *"|"OODBS" ["O&O Software GmbH"]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{00020000-0000-1011-8004-0000C06B5161}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension"

                   \InProcServer32\(Default) = "D:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

                   \InProcServer32\(Default) = "D:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

IXnView\(Default) = "{A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A}"

  -> {HKLM...CLSID} = "XnViewShell Class"

                   \InProcServer32\(Default) = "D:\Programme\XnView\XnViewShellExt.dll" [empty string]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

QuickFinderMenu\(Default) = "{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1}"

  -> {HKLM...CLSID} = "QuickFinder Shell Extension"

                   \InProcServer32\(Default) = "D:\Programme\WordPerfect Office 11\Programs\PFSE110.DLL" ["Novell, Inc., c/o Corel Corporation Limited"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"

  -> {HKLM...CLSID} = "a-squared context menu"

                   \InProcServer32\(Default) = "D:\PROGRA~1\A-SQUA~2\A2CONT~1.DLL" [file not found]

a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"

  -> {HKLM...CLSID} = "a-squared Free Context Menu"

                   \InProcServer32\(Default) = "D:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"

  -> {HKLM...CLSID} = "a-squared context menu"

                   \InProcServer32\(Default) = "D:\PROGRA~1\A-SQUA~2\A2CONT~1.DLL" [file not found]

a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"

  -> {HKLM...CLSID} = "a-squared Free Context Menu"

                   \InProcServer32\(Default) = "D:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]



Group Policies {policy setting}:

--------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "D:\Dokumente und Einstellungen\mario\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "D:\WINDOWS\System32\logon.scr" [MS]



Startup items in "mario" & "All Users" startup folders:

-------------------------------------------------------


D:\Dokumente und Einstellungen\mario\Startmenü\Programme\Autostart

"FRITZ!DSL Protect" -> shortcut to: "D:\Programme\FRITZ!DSL\FwebProt.exe" ["AVM Berlin"]


D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart

"Adobe Reader - Schnellstart" -> shortcut to: "D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

"Aktywacja Testera" -> shortcut to: "D:\Programme\YDP\YdpDict\Watch.exe" ["Young Digital Poland"]

"F-Secure 2006 OEM" -> shortcut to: "D:\Programme\F-Secure Internet Security\backweb\1245240\Program\fspex.exe -startup" ["F-Secure Internet Security 2005"]

"Kalendarz XP" -> shortcut to: "D:\Programme\Kalendarz XP\Kalendarz.exe" [null data]



Enabled Scheduled Tasks:

------------------------


"1-Klick-Wartung" -> launches: "D:\Programme\TuneUpUtilities2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]

"Scheduled scanning task" -> launches: "D:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav.exe /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=D:\PROGRA~1\F-SECU~1\ANTI-V~1\report.txt " ["F-Secure Corporation"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "D:\Programme\FRITZ!DSL\sarah.dll" ["AVM Berlin"]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

D:\Programme\FRITZ!DSL\sarah.dll ["AVM Berlin"], 01 - 03, 09

%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 26

%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{E49CE899-CD83-4841-8CC9-6E284D7978D0}"

  -> {HKLM...CLSID} = "BearShare Media Bar"

                   \InProcServer32\(Default) = "D:\Programme\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL" ["BearShare"]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Konsole"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "D:\Programme\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "D:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]


{300DB664-75B5-47C0-8B45-A44ACCF73C00}\

"ButtonText" = "Oslona programu IE"

"MenuText" = "Oslona programu IE..."

"CLSIDExtension" = "{0928F506-07E8-470c-979D-147C296D4879}"

  -> {HKLM...CLSID} = "F-Secure IE Shield COM button"

                   \InProcServer32\(Default) = "D:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll" ["F-Secure Corporation"]


{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

"ButtonText" = "FlashGet"

"MenuText" = "&FlashGet"

"Exec" = "D:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "D:\Programme\Messenger\msmsgs.exe" [MS]



Miscellaneous IE Hijack Points

------------------------------


D:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")


Added lines (compared with English-language version):

[Strings]: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/


Missing lines (compared with English-language version):

[Strings]: 1 line


HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

<> "TuneUp" = "file://D|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


AVM IGD CTRL Service, AVM IGD CTRL Service, "D:\Programme\FRITZ!DSL\IGDCTRL.EXE" ["AVM Berlin"]

F-Secure 2006 OEM, BackWeb Plug-in - 1245240, "D:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE" ["F-Secure Internet Security 2005"]

F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""D:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"]

fsbwsys, fsbwsys, ""D:\Programme\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe"" ["F-Secure Corp."]

FSGKHS, F-Secure Gatekeeper Handler Starter, ""D:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe"" ["F-Secure Corporation"]

FSMA, FSMA, ""D:\Programme\F-Secure Internet Security\Common\FSMA32.EXE"" ["F-Secure Corporation"]

LexBce Server, LexBceS, "D:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]

NVIDIA Driver Helper Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

O&O Defrag, O&O Defrag, "D:\WINDOWS\system32\oodag.exe" ["O&O Software GmbH"]

StyleXPService, StyleXPService, ""D:\Programme\TGTSoft\StyleXP\StyleXPService.exe"" [empty string]

Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

avm:\Driver = "avmprmon.dll" ["AVM Berlin GmbH"]

Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]



----------

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 156 seconds.

---------- (total run time: 239 seconds)

(Dkoruski) #2

możesz usunąć to:


(adam9870) #3

Informacje podane przez ORMO są błędne - pliczek jest ok.


(JNJN) #4

ORMO

Jak nie wiesz,nie piszesz - prosta zasada.JNJN


(krzysiek.l) #5

moze sprobuj przeskanowac programem spybot,search&destroy bo prawdobodobnie masz zainfekowany komp programami typu spywer


(Bbieniol) #6

Logi są czyste :slight_smile:

Przeczyść rejestr (polecam do tego jv16 PowerTools 2006 1.5.2.344), zrób defragmentację, oraz przejrzyj: Optymalizacja XP

Wejdź: Start --> uruchom --> msconfig i w zakładce uruchamianie odznacz (według Ciebie) niepotrzbne przy autostarcie programy :slight_smile: