Elektroda.pl
Elektroda.pl
X

Wyszukiwarki naszych partnerów

Wyszukaj w ofercie 200 tys. produktów TME
Europejski lider sprzedaży techniki i elektroniki.
Proszę, dodaj wyjątek elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Internet Explorer 6.0 -problem!

vojnarov 05 Lip 2006 18:29 1291 5
  • #1 05 Lip 2006 18:29
    vojnarov
    Poziom 10  

    Witam Kolegów!
    Bardzo proszę o pomoc. Nagle, w czasie pracy na IE (Google) program samoczynnie zmienił wygląd strony. Zniknęły paski narzędzi, pasek adresu, pasek zadań. Pozostał pojedynczy pasek z zaledwie kilkoma ikonkami. Wprawdzie mogę wyciągnąć opcję widok lecz zmienia wygląd tylko częściowo i przy ponownym uruchomieniu IE nie zapamiętuje ustawień. Każdorazowo przy wyjściu z z IE monitor antywirusowy MKS-a podaje informację:

    W kluczu:
    HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR
    został dodany wpis:
    Theater = 11 00 00 00 4c 00 00 00 00 00 00 00 26 00 00 ...

    Oczywiście daję opcję usuń, lecz przy ponownym wejściu w program problem pojawia się na nowo.
    Próbowałem MKS-sem, Ewido i Bit Defenderem - bez rezultatu. Wprawdzie Bit D. informuje mnie że w katalogu MKS/Bin istnieje niebezpieczny Generic Malware. S sp. 6 37D014e lecz nie może go wyleczyć ani usunąć. Próbowałem usunąć ten plik w s. awaryjnym ale go nie widać.
    System był niedawno aktualizowany. Z góry dziękuję za zainteresowanie.
    Pozdrawiam
    Oto log:
    Logfile of HijackThis v1.99.1
    Scan saved at 18:45:32, on 2006-07-05
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\MKS\Bin\NetMonSV.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\MKS\Bin\mksmonsv.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\ntvdm.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MKS\Bin\mks_menu.exe
    C:\Program Files\MKS\Bin\ABregmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\MKS\Bin\mks_scan.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\WOJNAR~1.DAR\USTAWI~1\Temp\Rar$EX02.938\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    F3 - REG:win.ini: load=C:\YDPDict\watch.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll




    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
    O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [internat.exe] rem internat.exe
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.netsecure.pl/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/...ls/en/x86/client/wuweb_site.cab?1137756755046
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v...ls/en/x86/client/muweb_site.cab?1137757003859
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
    O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe
    O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: hpdj - HP - C:\DOCUME~1\WOJNAR~1.DAR\USTAWI~1\Temp\hpdj.exe
    O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe
    O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe
    O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

  • #2 05 Lip 2006 19:07
    jankolo
    VIP Zasłużony dla elektroda

    1. Czy Google Toolbar kolega zainstalował świadomie?
    2. Czy kolega potrzebuje tak dużej ilości programów uruchamianych przy starcie systemu (wszystkie wpisy oznaczone 04)?

  • #4 05 Lip 2006 20:31
    vojnarov
    Poziom 10  

    Wybijam niski pokłon obu Kolegom - tym większy, iż Panowie byliście uprzejmi pomóc mi w lutym (notabene bardzo skutecznie)!
    Odpowiadam na pytania:
    - "Toolbar" zainstalowałem nieświadomie;
    - z pewnością chciałbym się pozbyć takiej ilości uruchomień przy starcie, wdzięczny byłbym jednak za podpowiedź jak to uczynić najbardziej bezpiecznie.
    Do p. Kolobos:
    Proszę o info czym jest aplikacja do której odnosi się ten link - pytam, bowiem po jej uruchomieniu proces przebiegł błyskawicznie, teraz wydaje się być wszystko OK - chciałbym jednak wiedzieć coś więcej.
    Poza tym proszę o poradę, jak skutecznie usunąć coś o czym informował mnie Bit Defender.

    Do obu Kolegów - wybaczcie mi Panowie trywializm pytań, jestem dyletantem w tym temacie i wiem, że najlepszym rozwiązaniem jest zwrócić się na forum o poradę.
    Jeszcze raz wielkie podziękowania - niecierpliwie czekam na wiadomość od Was. Pozdrawiam

  • #5 05 Lip 2006 20:35
    Kolobos
    Spec od komputerów

    Po uruchomieniu Silent Runners.vbs utworzy sie plik txt, ktorego zawartosc wklej na forum (plik ten utworzy sie w katalogu w ktorym znajduje sie silent runners).
    BitDefender wykrywa jakis plik usuniety przez mks'a, do ktorego mks blokuje dostep, a wiec usun w mks wszystkie pliki z kwarantanny.

  • #6 05 Lip 2006 20:42
    vojnarov
    Poziom 10  

    Dziękuję za odpowiedź.
    Oto zawartość pliku:

    "Silent Runners.vbs", revision 46, http://www.silentrunners.org/
    Operating System: Windows 2000
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "internat.exe" = "rem internat.exe" [file not found]
    "Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" [file not found]
    "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
    "NvMediaCenter" = "RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "Synchronization Manager" = "mobsync.exe /logon" [MS]
    "HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
    "HPDJ Taskbar Utility" = "C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
    "Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
    "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "MKS_MENU" = "C:\Program Files\MKS\Bin\mks_menu.exe" ["MKS Sp. z o.o."]
    "ABREGMON" = "C:\Program Files\MKS\Bin\ABregmon.exe" ["ArcaBit"]
    "NvCplDaemon" = "RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup" [MS]
    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
    "NeroFilterCheck" = "C:\WINNT\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "NvMediaCenter" = "RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Google Toolbar Helper"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
    "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
    "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
    "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
    "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
    -> {HKLM...CLSID} = "Desktop Explorer"
    \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
    -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
    "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
    -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
    "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
    -> {HKLM...CLSID} = "ShellLink for Application References"
    \InProcServer32\(Default) = "C:\WINNT\system32\dfshim.dll" [MS]
    "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
    -> {HKLM...CLSID} = "Shell Icon Handler for Application References"
    \InProcServer32\(Default) = "C:\WINNT\system32\dfshim.dll" [MS]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
    -> {HKLM...CLSID} = "nView Desktop Context Menu"
    \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
    -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
    \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
    INFECTION WARNING! "load" = "C:\YDPDict\watch.exe" [null data]

    HKLM\System\CurrentControlSet\Control\Session Manager\
    "BootExecute" = ** WARNING -- empty or invalid data! **

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
    -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
    -> {HKLM...CLSID} = "Ctest Object"
    \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
    MkS_Vir\(Default) = "{CC4245C0-D511-11D0-8918-444553540000}"
    -> {HKLM...CLSID} = "MkS_Vir Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\MKS\Bin\MkSShell.dll" [null data]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
    -> {HKLM...CLSID} = "Ctest Object"
    \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    MkS_Vir\(Default) = "{CC4245C0-D511-11D0-8918-444553540000}"
    -> {HKLM...CLSID} = "MkS_Vir Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\MKS\Bin\MkSShell.dll" [null data]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is enabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


    Autostart via AUTORUN.INF on local fixed drives:
    ------------------------------------------------

    D:\
    INFECTION WARNING! D:\AUTORUN.INF -> "OPEN=starter.EXE" [null data]


    Startup items in "Wojnarowicz" & "All Users" startup folders:
    -------------------------------------------------------------

    C:\Documents and Settings\All Users.WINNT\Menu Start\Programy\Autostart
    "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
    "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
    "NkbMonitor.exe" -> shortcut to: "C:\Program Files\Nikon\PictureProject\NkbMonitor.exe" ["Nikon Corporation"]
    "WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing LP"]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 11
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
    -> {HKLM...CLSID} = "Yahoo! Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
    -> {HKLM...CLSID} = "Yahoo! Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll" ["Yahoo! Inc."]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {85D1F590-48F4-11D9-9669-0800200C9A66}\
    "MenuText" = "Uninstall BitDefender Online Scanner v8"
    "Exec" = "%windir%\bdoscandel.exe" [null data]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    ArcaBit NetMonitor, ABNetMon, "C:\Program Files\MKS\Bin\NetMonSV.exe" ["ArcaBit sp. z o.o."]
    ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
    MkS_Scan, MkS_Scan, "C:\Program Files\MKS\Bin\mks_scan.exe" [empty string]
    MkS_Vir Monitor, MksVirMonSvc, "C:\Program Files\MKS\Bin\mksmonsv.exe" [empty string]
    NVIDIA Driver Helper Service, NVSvc, "C:\WINNT\system32\nvsvc32.exe" ["NVIDIA Corporation"]
    System zdarzeń COM+, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [null data]}


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]


    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
    use the -supp parameter or answer "No" at the first message box.
    ---------- (total run time: 36 seconds, including 7 seconds for message boxes)

TME logo Szukaj w ofercie
Zamknij 
Wyszukaj w ofercie 200 tys. produktów TME
TME Logo