Prosze o pomoc nadal mam przekierowania w ie na rozne dziwne strony ktore uprczywie zmieniaja strone z ktorej chce kozystac-sa to strony typu przeskanuje ci koma,lub jakies reklamy wiekrzosc ma tytul auto blank tudno je zamknac dopuki sie nie doladuja .serdeczne dzieki za jakakolwiek pomoc.Dolaczam loga z hisjck i silent runners, i nie potrafie podlaczyc tez zadnego firewala wszyskie system mi wywala
Logfile of HijackThis v1.99.1
Scan saved at 10:35:32, on 28.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programme\TGTSoft\StyleXP\StyleXPService.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\Explorer.EXE
D:\Programme\FRITZ!DSL\IGDCTRL.EXE
D:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
D:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\Programme\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
D:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
D:\Programme\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
D:\Programme\F-Secure Internet Security\Common\FSMA32.EXE
D:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Programme\F-Secure Internet Security\Common\FSMB32.EXE
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\System32\svchost.exe
D:\Programme\F-Secure Internet Security\Common\FCH32.EXE
D:\Programme\F-Secure Internet Security\Common\FAMEH32.EXE
D:\Programme\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\Programme\F-Secure Internet Security\Anti-Virus\fsrw.exe
D:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\Programme\Java\jre1.5.0_09\bin\jusched.exe
D:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Programme\F-Secure Internet Security\Anti-Virus\fsav32.exe
D:\Programme\F-Secure Internet Security\Common\FSM32.EXE
D:\Programme\Logitech\Video\LogiTray.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
D:\Programme\CyberLink\PowerDVD\PDVDServ.exe
D:\Programme\F-Secure Internet Security\FSGUI\fsguidll.exe
D:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
D:\Programme\YDP\YdpDict\Watch.exe
D:\Programme\Kalendarz XP\Kalendarz.exe
D:\Programme\Logitech\Video\FxSvr2.exe
D:\Programme\FRITZ!DSL\FwebProt.exe
D:\Programme\FRITZ!DSL\StCenter.EXE
C:\hijack this\hijackthis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.de/Herzlich_Willkommen/b1/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - D:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NVMixerTray] "D:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Programme\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Programme\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "D:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [RemoteControl] D:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [STYLEXP] D:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] D:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Malware Sweeper] D:\Programme\MalwareSweeper.com\Malware Sweeper\MalSwep.exe /STARTUP
O4 - Startup: FRITZ!DSL Protect.lnk = D:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Aktywacja Testera.lnk = D:\Programme\YDP\YdpDict\Watch.exe
O4 - Global Startup: F-Secure 2006 OEM.lnk = D:\Programme\F-Secure Internet Security\backweb\1245240\Program\fspex.exe
O4 - Global Startup: Kalendarz XP.lnk = D:\Programme\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Zablokuj to okienko - D:\Programme\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Œci¹gnij przy pomocy FlashGet'a - D:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Œci¹gnij wszystko przy pomocy FlashGet'a - D:\Programme\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Oslona programu IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Oslona programu IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: d:\programme\fritz!dsl\sarah.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140045166078
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - file://F:\ols\connect\fscax.cab
O16 - DPF: {A6916797-7ABD-4F07-93AE-098B6F543129} (CO2Player Class) - http://lemontv.pl/lmctrlp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{696F73A8-6F8A-4D3F-9EC4-268215082070}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{696F73A8-6F8A-4D3F-9EC4-268215082070}: NameServer = 192.168.122.252,192.168.122.253
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVM IGD CTRL Service - AVM Berlin - D:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - F-Secure Internet Security 2005 - D:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE
O23 - Service: Boonty Games - BOONTY - D:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - D:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - D:\Programme\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Programme\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: StyleXPService - Unknown owner - D:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe
i za poleceniem sr
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"STYLEXP" = "D:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide" [empty string]
"LogitechSoftwareUpdate" = "D:\Programme\Logitech\Video\ManifestEngine.exe boot" ["Logitech Inc."]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""D:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
"Malware Sweeper" = "D:\Programme\MalwareSweeper.com\Malware Sweeper\MalSwep.exe /STARTUP" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = ""D:\Programme\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"NVMixerTray" = ""D:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"" ["NVIDIA Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"LVCOMSX" = "D:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
"NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"F-Secure Manager" = ""D:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]
"F-Secure TNB" = ""D:\Programme\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]
"F-Secure Startup Wizard" = ""D:\Programme\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot" ["F-Secure Corporation"]
"LogitechVideoRepair" = "D:\Programme\Logitech\Video\ISStart.exe " ["Logitech Inc."]
"LogitechVideoTray" = "D:\Programme\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"QuickFinder Scheduler" = ""D:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE"" ["Novell, Inc., c/o Corel Corporation Limited"]
"RemoteControl" = "D:\Programme\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."]
"(Default)" = (unknown data type)
HKLM\Software\Microsoft\Active Setup\Installed Components\
{8b15971b-5355-4c82-8c07-7e181ea07608}\(Default) = "Fax"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser" [MS]
{94de52c8-2d59-4f1b-883e-79663d2d9a8c}\(Default) = "Fax Provider"
\StubPath = "rundll32.exe D:\WINDOWS\System32\Setup\FxsOcm.dll,XP_UninstallProvider" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "D:\Programme\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
{C333CF63-767F-4831-94AC-E683D962C63C}\(Default) = "TGTSoft Explorer Toolbar Changer"
-> {HKLM...CLSID} = "CoTGT_BHO Class"
\InProcServer32\(Default) = "D:\Programme\TGTSoft\StyleXP\TGT_BHO.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]
"{A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A}" = "XnView Shell Extension"
-> {HKLM...CLSID} = "XnViewShell Class"
\InProcServer32\(Default) = "D:\Programme\XnView\XnViewShellExt.dll" [empty string]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension"
-> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension"
\InProcServer32\(Default) = "D:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop-Explorer"
-> {HKLM...CLSID} = "Desktop-Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "Eigene Logitech-Bilder"
-> {HKLM...CLSID} = "Eigene Logitech-Bilder"
\InProcServer32\(Default) = "D:\Programme\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "D:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "D:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKCU...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""D:\Programme\TuneUpUtilities2006\sdshelex.dll"" ["TuneUp Software GmbH"]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "D:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a-squared Context Menu Shell Extension"
-> {HKLM...CLSID} = "a-squared context menu"
\InProcServer32\(Default) = "D:\PROGRA~1\A-SQUA~2\A2CONT~1.DLL" [file not found]
HKLM\System\CurrentControlSet\Control\Session Manager\
<> "BootExecute" = "autocheck autochk *"|"OODBS" ["O&O Software GmbH"]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{00020000-0000-1011-8004-0000C06B5161}\(Default) = (no title provided)
-> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension"
\InProcServer32\(Default) = "D:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "D:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
IXnView\(Default) = "{A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A}"
-> {HKLM...CLSID} = "XnViewShell Class"
\InProcServer32\(Default) = "D:\Programme\XnView\XnViewShellExt.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
QuickFinderMenu\(Default) = "{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1}"
-> {HKLM...CLSID} = "QuickFinder Shell Extension"
\InProcServer32\(Default) = "D:\Programme\WordPerfect Office 11\Programs\PFSE110.DLL" ["Novell, Inc., c/o Corel Corporation Limited"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {HKLM...CLSID} = "a-squared context menu"
\InProcServer32\(Default) = "D:\PROGRA~1\A-SQUA~2\A2CONT~1.DLL" [file not found]
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "D:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {HKLM...CLSID} = "a-squared context menu"
\InProcServer32\(Default) = "D:\PROGRA~1\A-SQUA~2\A2CONT~1.DLL" [file not found]
a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
\InProcServer32\(Default) = "D:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Dokumente und Einstellungen\mario\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\System32\logon.scr" [MS]
Startup items in "mario" & "All Users" startup folders:
-------------------------------------------------------
D:\Dokumente und Einstellungen\mario\Startmenü\Programme\Autostart
"FRITZ!DSL Protect" -> shortcut to: "D:\Programme\FRITZ!DSL\FwebProt.exe" ["AVM Berlin"]
D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Reader - Schnellstart" -> shortcut to: "D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Aktywacja Testera" -> shortcut to: "D:\Programme\YDP\YdpDict\Watch.exe" ["Young Digital Poland"]
"F-Secure 2006 OEM" -> shortcut to: "D:\Programme\F-Secure Internet Security\backweb\1245240\Program\fspex.exe -startup" ["F-Secure Internet Security 2005"]
"Kalendarz XP" -> shortcut to: "D:\Programme\Kalendarz XP\Kalendarz.exe" [null data]
Enabled Scheduled Tasks:
------------------------
"1-Klick-Wartung" -> launches: "D:\Programme\TuneUpUtilities2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]
"Scheduled scanning task" -> launches: "D:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav.exe /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=D:\PROGRA~1\F-SECU~1\ANTI-V~1\report.txt " ["F-Secure Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "D:\Programme\FRITZ!DSL\sarah.dll" ["AVM Berlin"]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
D:\Programme\FRITZ!DSL\sarah.dll ["AVM Berlin"], 01 - 03, 09
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 26
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{E49CE899-CD83-4841-8CC9-6E284D7978D0}"
-> {HKLM...CLSID} = "BearShare Media Bar"
\InProcServer32\(Default) = "D:\Programme\BearShare Applications\MediaBar\1.bin\BEARSMBR.DLL" ["BearShare"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "D:\Programme\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "D:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]
{300DB664-75B5-47C0-8B45-A44ACCF73C00}\
"ButtonText" = "Oslona programu IE"
"MenuText" = "Oslona programu IE..."
"CLSIDExtension" = "{0928F506-07E8-470c-979D-147C296D4879}"
-> {HKLM...CLSID} = "F-Secure IE Shield COM button"
\InProcServer32\(Default) = "D:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll" ["F-Secure Corporation"]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "D:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Programme\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
D:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/
Missing lines (compared with English-language version):
[Strings]: 1 line
HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
<> "TuneUp" = "file://D|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AVM IGD CTRL Service, AVM IGD CTRL Service, "D:\Programme\FRITZ!DSL\IGDCTRL.EXE" ["AVM Berlin"]
F-Secure 2006 OEM, BackWeb Plug-in - 1245240, "D:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE" ["F-Secure Internet Security 2005"]
F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""D:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"]
fsbwsys, fsbwsys, ""D:\Programme\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe"" ["F-Secure Corp."]
FSGKHS, F-Secure Gatekeeper Handler Starter, ""D:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe"" ["F-Secure Corporation"]
FSMA, FSMA, ""D:\Programme\F-Secure Internet Security\Common\FSMA32.EXE"" ["F-Secure Corporation"]
LexBce Server, LexBceS, "D:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
NVIDIA Driver Helper Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
O&O Defrag, O&O Defrag, "D:\WINDOWS\system32\oodag.exe" ["O&O Software GmbH"]
StyleXPService, StyleXPService, ""D:\Programme\TGTSoft\StyleXP\StyleXPService.exe"" [empty string]
Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
avm:\Driver = "avmprmon.dll" ["AVM Berlin GmbH"]
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
----------
<>: Suspicious data at a malware launch point.
<>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 156 seconds.
---------- (total run time: 239 seconds)