Usluga directx.exe? jak usunac?

otwieraja mi sie jakies strony.

Logfile of HijackThis v1.99.1

Scan saved at 11:14:52, on 26.11.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Programme\Roxio\Media Experience\DMXLauncher.exe

C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe

C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Programme\G DATA InternetSecurity SE\AVKTray\AVKTray.exe

C:\Programme\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\G DATA InternetSecurity SE\Firewall\GDFirewallTray.exe

C:\Programme\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe

C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe

C:\Programme\TechSmith\SnagIt 8\TSCHelp.exe

C:\Programme\Internet Explorer\iexplore.exe

C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

C:\WINDOWS\system32\hpoipm07.exe

C:\Programme\G DATA InternetSecurity SE\AVK\AVKService.exe

C:\Programme\G DATA InternetSecurity SE\AVK\AVKWCtl.exe

C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Programme\ewido anti-spyware 4.0\guard.exe

c:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Programme\G DATA InternetSecurity SE\Firewall\GDFwSvc.exe

c:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\WINDOWS\System32\svchost.exe

c:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\WINDOWS\security\explorer.exe

C:\Programme\Outlook Express\msimn.exe

C:\Programme\Messenger\msmsgs.exe

C:\Programme\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Dokumente und Einstellungen\Monia\Eigene Dateien\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/fsc/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA InternetSecurity SE\Webfilter\AVKWebIE.dll

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA InternetSecurity SE\Webfilter\AVKWebIE.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [RoxWatchTray] "c:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [DMXLauncher] "c:\Programme\Roxio\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxioDragToDisc] "c:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA InternetSecurity SE\AVKTray\AVKTray.exe"

O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Programme\WordPerfect Office X3\Programs\QFSCHD130.EXE"

O4 - HKLM\..\Run: [Byte rdr bolt ref] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OnlineLoudByteRdr\Bat nurb.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AOLMIcon] C:\ISP\AOL\AOLMIcon.exe

O4 - HKCU\..\Run: [T-Online Hinweis] c:\t-online_hinweis\t-online_fs2.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [BuildSave] C:\DOKUME~1\Monia\ANWEND~1\ROAMPA~1\Vc About.exe

O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: G DATA Firewall Tray.lnk = C:\Programme\G DATA InternetSecurity SE\Firewall\GDFirewallTray.exe

O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Programme\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe

O4 - Global Startup: SnagIt 8.lnk = C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe

O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe

O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA InternetSecurity SE\AVK\AVKService.exe

O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\G DATA InternetSecurity SE\AVK\AVKWCtl.exe

O23 - Service: DirectX Service (DirectXiwr) - Unknown owner - C:\WINDOWS\system32\directx.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe

O23 - Service: G DATA Personal Firewall (GDFwSvc) - Unknown owner - C:\Programme\G DATA InternetSecurity SE\Firewall\GDFwSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - c:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - c:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - c:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - c:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"AOLMIcon" = "C:\ISP\AOL\AOLMIcon.exe" [file not found]

"T-Online Hinweis" = "c:\t-online_hinweis\t-online_fs2.exe" [file not found]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"" [file not found]

"MsnMsgr" = ""C:\Programme\MSN Messenger\MsnMsgr.Exe" /background" [MS]

"BuildSave" = "C:\DOKUME~1\Monia\ANWEND~1\ROAMPA~1\Vc About.exe" [file not found]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]

"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]

"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]

"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"Muscbrigade" = "c:\Musicbrigade\Musicbrigade.exe check" [null data]

"PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg" [empty string]

"(Default)" = "(empty string)" [file not found]

"RoxWatchTray" = ""c:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"" ["Sonic Solutions"]

"DMXLauncher" = ""c:\Programme\Roxio\Media Experience\DMXLauncher.exe"" [null data]

"ISUSPM Startup" = ""C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup" ["Macrovision Corporation"]

"ISUSScheduler" = ""c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start" ["Macrovision Corporation"]

"RoxioDragToDisc" = ""c:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe"" ["Roxio"]

"AVKTray" = ""C:\Programme\G DATA InternetSecurity SE\AVKTray\AVKTray.exe"" ["G DATA Software AG"]

"!ewido" = ""C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]

"QuickFinder Scheduler" = ""C:\Programme\WordPerfect Office X3\Programs\QFSCHD130.EXE"" ["Corel Corporation"]

"Byte rdr bolt ref" = "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OnlineLoudByteRdr\Bat nurb.exe" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "HelperObject Class"

                   \InProcServer32\(Default) = "C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll" ["TechSmith Corporation"]

{0124123D-61B4-456f-AF86-78C53A0790C5}\(Default) = "G DATA WebFilter Class"

  -> {HKLM...CLSID} = "G DATA WebFilter"

                   \InProcServer32\(Default) = "C:\Programme\G DATA InternetSecurity SE\Webfilter\AVKWebIE.dll" ["G DATA Software AG"]

{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Yahoo! Companion BHO"

                   \InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll" ["Yahoo! Inc."]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

                   \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Windows Live Sign-in Helper"

                   \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"

  -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}" = "RXDCExtShlExt extension"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "c:\Programme\Roxio\Virtual Drive 9\DC_ShellExt.dll" ["Sonic Solutions"]

"{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension"

  -> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension"

                   \InProcServer32\(Default) = "c:\Programme\Roxio\Drag-to-Disc\Shellex.dll" ["Roxio"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

                   \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" [file not found]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

                   \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" [file not found]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

  -> {HKLM...CLSID} = "Meine freigegebenen Ordner"

                   \InProcServer32\(Default) = "C:\Programme\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]

"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "SnagIt"

  -> {HKLM...CLSID} = "SnagIt"

                   \InProcServer32\(Default) = "C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll" ["TechSmith Corporation"]

"{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension"

  -> {HKLM...CLSID} = "SnagItShellExt Class"

                   \InProcServer32\(Default) = "C:\Programme\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"

  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

                   \InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

                   \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" [file not found]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AVK9CM\(Default) = "{CAF4C320-32F5-11D3-A222-004095200FF2}"

  -> {HKLM...CLSID} = "AVK9ContextMenue"

                   \InProcServer32\(Default) = "C:\Programme\G DATA InternetSecurity SE\AVK\ShellExt.dll" [empty string]

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

IGXMADD\(Default) = "{6DB8751F-2BBF-11d2-A39B-00C04FB96AD2}"

  -> {HKLM...CLSID} = "Micrografx Share Media File Import Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\Corel\CorelDRAW ESSENTIALS 2\Photobook\Share\Media\igxMadd.dll" ["Micrografx, Inc."]

RXDCExtSvr\(Default) = "{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "c:\Programme\Roxio\Virtual Drive 9\DC_ShellExt.dll" ["Sonic Solutions"]

SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"

  -> {HKLM...CLSID} = "SnagItShellExt Class"

                   \InProcServer32\(Default) = "C:\Programme\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {HKLM...CLSID} = "CContextScan Object"

                   \InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

QuickFinderMenu\(Default) = "{C0E10002-0028-0006-C0E1-C0E1C0E1C0E1}"

  -> {HKLM...CLSID} = "QuickFinder Shell Extension"

                   \InProcServer32\(Default) = "C:\Programme\WordPerfect Office X3\Programs\PFSE130.DLL" ["Corel Corporation"]

SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"

  -> {HKLM...CLSID} = "SnagItShellExt Class"

                   \InProcServer32\(Default) = "C:\Programme\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

AVK9CM\(Default) = "{CAF4C320-32F5-11D3-A222-004095200FF2}"

  -> {HKLM...CLSID} = "AVK9ContextMenue"

                   \InProcServer32\(Default) = "C:\Programme\G DATA InternetSecurity SE\AVK\ShellExt.dll" [empty string]

RXDCExtSvr\(Default) = "{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "c:\Programme\Roxio\Virtual Drive 9\DC_ShellExt.dll" ["Sonic Solutions"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}


"InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

{unrecognized setting}


"InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme

{unrecognized setting}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\Präriewind.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Dokumente und Einstellungen\Monia\Anwendungsdaten\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\fsc-scr.scr" ["Neoaspire.com"]



Startup items in "Monia" & "All Users" startup folders:

-------------------------------------------------------


C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart

"Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

"G DATA Firewall Tray" -> shortcut to: "C:\Programme\G DATA InternetSecurity SE\Firewall\GDFirewallTray.exe" [null data]

"HPAiODevice(hp psc 700 series) - 1" -> shortcut to: "C:\Programme\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe -DeviceID 1164467468" ["Hewlett-Packard Co."]

"SnagIt 8" -> shortcut to: "C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe" ["TechSmith Corporation"]



Enabled Scheduled Tasks:

------------------------


"AB3B6A3891B4E4D0" -> launches: "c:\dokume~1\monia\anwend~1\roampa~1\math ping book.exe" [file not found]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

  -> {HKLM...CLSID} = "Yahoo! Companion"

                   \InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll" ["Yahoo! Inc."]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

  -> {HKLM...CLSID} = "Yahoo! Companion"

                   \InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll" ["Yahoo! Inc."]

"{0124123D-61B4-456F-AF86-78C53A0790C5}" = "G DATA WebFilter"

  -> {HKLM...CLSID} = "G DATA WebFilter"

                   \InProcServer32\(Default) = "C:\Programme\G DATA InternetSecurity SE\Webfilter\AVKWebIE.dll" ["G DATA Software AG"]

"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = (no title provided)

  -> {HKLM...CLSID} = "SnagIt"

                   \InProcServer32\(Default) = "C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll" ["TechSmith Corporation"]


Explorer Bars


HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


HKLM\Software\Classes\CLSID\{99996159-755D-4D62-AB84-F2B0082EBDFC}\(Default) = "PMC Taskbar"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "mscoree.dll" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


AVK Service, AVKService, "C:\Programme\G DATA InternetSecurity SE\AVK\AVKService.exe" ["G DATA Software AG"]

AVK Wächter, AVKWCtl, "C:\Programme\G DATA InternetSecurity SE\AVK\AVKWCtl.exe" [empty string]

AVKProxy, AVKProxy, ""C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe"" ["G DATA Software AG"]

ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Programme\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]

G DATA Personal Firewall, GDFwSvc, "C:\Programme\G DATA InternetSecurity SE\Firewall\GDFwSvc.exe" [null data]

HTTP-SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}

Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]

Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]

Media Center-Planerdienst, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]

Messenger Sharing USN Journal Reader-Service, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Programme\MSN Messenger\usnsvc.dll" [MS]}

Roxio Hard Drive Watcher 9, RoxWatch9, ""c:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"" ["Sonic Solutions"]

RoxMediaDB9, RoxMediaDB9, ""c:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"" ["Sonic Solutions"]

X10 Device Network Service, x10nets, "C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe" ["X10"]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 35 seconds, including 7 seconds for message boxes)

Start --> uruchom --> services.msc --> zatrzymaj i wyłącz usługe DirectX Service

Otwórz hijackthis --> open misc tools section --> delete a NT service --> wpisz DirectXiwr i ok

W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):

Po zabiegach nowe logi :slight_smile:

mam pewien problem, aby wylaczyc “DirectXiwr” Hijackem.

Otrzymuje nastepujacy komunikat:

464343warn.gif

Zatrzymalam i wylaczylam úsluge DirectX Service

Co mam teraz zrobic?? Prosze o pomoc

Majka75 proszę zmienić tytuł na konkretny.

Teraz spróbuj wykonać to

wlasnie po wykonaniu tej opcji otrzymalam powyzej wklejony komunikat

Przecież on mówi, że masz najpierw wyłączyć usługę

Dopiero potem usuwanie.

tez tak zrobilam, niemysl ze pomylilam kolejnosci.

pomimo ze wylanczam usluge DirekX Service,niemoge wykonac dalszego punktu Hijackem :frowning:

W takim razie spróbuj zatrzymać i usunąć usługę spod wiersza poleceń. Zatem wybierz start => uruchom => cmd => w konsoli, która się otwrzy wpis kolejno:

Możesz to zrobić będąc pod trybem normalnym. I potem nie musisz już korzystać z opcji open misc tools section w HijackThis.

Dzieki :slight_smile:

udalo sie tym sposobem usunac DirectXiwr

Oto moj Log:

Tylko mam jeszcze problem z firewall, wchodze do internetu tylko jesli go wylacze, Jezeli firewall jest aktywny niemoge wejsc do internetu.Moge tylko uzywac Outlok i Msn messenger przy wlaczonym firewall

P.S Niewiem co to jest:Czy to tez jest do skasowania?

Logi są już OK :slight_smile:

Skonfigurowałeś poprawnie tego Firewalla?