Problem z panel ster. i update


(system) #1

Cześć

Ostatnio trochę wczytywanie stron zamuliło,no i nie działa panel sterowania,jak i windows update.Gdy próbuję otworzyć panel sterowania wyskakuje samo puste okienko.Gdy klikam na windows update,nic się nie dzieje.Proszę o pomoc.

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/

Operating System: Windows Vista

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]

"COMODO SafeSurf" = ""C:\Program Files\Comodo\SafeSurf\cssurf.exe" -s" ["COMODO"]

"COMODO Internet Security" = ""C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h" ["COMODO"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32(Default) = "C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{4255A182-CAD9-4214-A19B-7BA7FB633BBD}" = "Comodo Antivirus"

-> {HKLM...CLSID} = "Comodo AntiVirus"

\InProcServer32(Default) = "C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll" [null data]

"{85D26561-0241-4BE2-A8DF-8F921A0EF948}" = "a-squared Free Shell Extension x64"

-> {HKLM...CLSID} = "a-squared Free Shell Extension x64"

\InProcServer32(Default) = "C:\Program Files (x86)\a-squared Free\a2freecontmenu64.dll" ["Emsi Software GmbH"]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<> "BootExecute" = "PDBoot.exe" ["Raxco Software, Inc."]|"autocheck autochk *"

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

\InProcServer32(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes*\shellex\ContextMenuHandlers\

Comodo Antivirus(Default) = "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}"

-> {HKLM...CLSID} = "Comodo AntiVirus"

\InProcServer32(Default) = "C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll" [null data]

WinRAR(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

a-squared Free Shell Extension x64(Default) = "{85D26561-0241-4BE2-A8DF-8F921A0EF948}"

-> {HKLM...CLSID} = "a-squared Free Shell Extension x64"

\InProcServer32(Default) = "C:\Program Files (x86)\a-squared Free\a2freecontmenu64.dll" ["Emsi Software GmbH"]

Comodo Antivirus(Default) = "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}"

-> {HKLM...CLSID} = "Comodo AntiVirus"

\InProcServer32(Default) = "C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll" [null data]

WinRAR(Default) = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files (x86)\WinRAR\rarext64.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

a-squared Free Shell Extension x64(Default) = "{85D26561-0241-4BE2-A8DF-8F921A0EF948}"

-> {HKLM...CLSID} = "a-squared Free Shell Extension x64"

\InProcServer32(Default) = "C:\Program Files (x86)\a-squared Free\a2freecontmenu64.dll" ["Emsi Software GmbH"]

Default executables:


HKLM\SOFTWARE\Classes.hta(Default) = "htafile"

<> HKLM\SOFTWARE\Classes\htafile\shell\open\command(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]

Group Policies {GPedit.msc branch and setting}:


Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"DisableThumbnails" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoActiveDesktop" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

"NoActiveDesktopChanges" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

"ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Windows\System\

"DisableCMD" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Behavior Of The Elevation Prompt For Standard Users}

"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Detect Application Installations And Prompt For Elevation}

"EnableLUA" = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Run All Administrators In Admin Approval Mode}

"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Only elevate UIAccess applications that are installed in secure locations}

"EnableVirtualization" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Virtualize file and registry write failures to per-user locations}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Switch to the secure desktop when prompting for elevation}

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Admin Approval Mode for the Built-in Administrator Account}

"EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg"

Enabled Screen Saver:


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\Windows\system32\logon.scr" [MS]

Windows Portable Device AutoPlay Handlers


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AlcoholAutoPlayV2.BurnDisc\

"Provider" = "Alcohol 120%"

"InvokeProgID" = "AlcoholAutoPlayV2"

"InvokeVerb" = "BurnDisc"

HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command(Default) = ""C:\Program Files (x86)\Alcohol Soft\Alcohol 120\alcohol_.exe" %1" ["Alcohol Soft Development Team"]

AlcoholAutoPlayV2.ReadDisc\

"Provider" = "Alcohol 120%"

"InvokeProgID" = "AlcoholAutoPlayV2"

"InvokeVerb" = "BurnDisc"

HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command(Default) = ""C:\Program Files (x86)\Alcohol Soft\Alcohol 120\alcohol_.exe" %1" ["Alcohol Soft Development Team"]

MSPlayCDAudioOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.AudioCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"" [MS]

MSPlayDVDMovieOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.DVD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"" [MS]

MSPlaySuperVideoCDMovieOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.VCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]

MSPlayVideoCDMovieOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.VCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L"" [MS]

MSRipCDAudioOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.RipCD"

"InvokeVerb" = "Rip"

HKLM\SOFTWARE\Classes\WMP.RipCD\shell\Rip\Command(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /RipAudioCD "%L" " [MS]

MSWMPBurnCDOnArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.BurnCD"

"InvokeVerb" = "Burn"

HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" " [MS]

MSWMPBurnDataDVDArrival\

"Provider" = "@wmploc.dll,-6502"

"InvokeProgID" = "WMP.BurnDVD"

"InvokeVerb" = "Burn"

HKLM\SOFTWARE\Classes\WMP.BurnDVD\shell\Burn\Command(Default) = ""C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:DVDWrite /Device:"%L" " [MS]

NeroAutoPlay7AudioToNeroDigital\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command(Default) = "C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7CDAudio\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command(Default) = "C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command(Default) = "C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]

NeroAutoPlay7DataDisc\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command(Default) = "C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\

"Provider" = "Nero StartSmart"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7PlayAudioCD\

"Provider" = "Nero ShowTime"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7PlayDVD\

"Provider" = "Nero ShowTime"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7RipCD\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command(Default) = "C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7TranscodeVideo\

"Provider" = "Nero Recode"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay7VideoCapture\

"Provider" = "Nero Vision"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = ""C:\Program Files (x86)\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"

\LocalServer32(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay7ViewPhotos\

"Provider" = "Nero PhotoSnap Viewer"

"InvokeProgID" = "Nero.AutoPlay7"

"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command(Default) = "C:\Program Files (x86)\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

WIA_{72D4AB6D-7603-48DE-97C6-9B78AE78182E}\

"Provider" = "Microsoft Office Publisher"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Microsoft Office\Office12\MSPUB.EXE /IMG_STI /StiDevice:%1 /StiEvent:%2;"

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{C127208D-2367-4116-B14D-7761E1C14986}\

"Provider" = "Microsoft Office Publisher"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Microsoft Office\Office12\MSPUB.EXE /IMG_WIA;"

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{EB2D27F5-BBA0-4E65-ADC9-0426417F30B0}\

"Provider" = "Microsoft Office Word"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE /IMG_WIA;"

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

Non-disabled Scheduled Tasks:


C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client

"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"

-> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"

\InProcServer32(Default) = "C:\Windows\system32\msdrm.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth

"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

-> {HKLM...CLSID} = "Certificate Services Client Task Handler"

\InProcServer32(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

-> {HKLM...CLSID} = "Certificate Services Client Task Handler"

\InProcServer32(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

"UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

-> {HKLM...CLSID} = "Certificate Services Client Task Handler"

\InProcServer32(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program

"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]

"OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag

"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c -i" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic

"Microsoft-Windows-DiskDiagnosticDataCollector" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center

"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]

"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS]

"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]

"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery" [MS]

"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC

"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"

-> {HKLM...CLSID} = "HotStart User Agent"

\InProcServer32(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]

"TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}"

-> {HKLM...CLSID} = "Transient Multi-Monitor Manager"

\InProcServer32(Default) = "C:\Windows\System32\TMM.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI

"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia

"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"

-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"

\InProcServer32(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection

"NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}"

-> {HKLM...CLSID} = "Nap ITask Handler Implementation"

\InProcServer32(Default) = "C:\Windows\System32\QAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System

"ConvertLogEntries" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC

"RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance

"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell

"CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}"

-> {HKLM...CLSID} = "CrawlStartPages Task Handler"

\InProcServer32(Default) = "C:\Windows\System32\srchadmin.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow

"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"

-> {HKLM...CLSID} = "GadgetsManager Class"

\InProcServer32(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore

"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip

"IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]

"IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"

-> {HKLM...CLSID} = "MsCtfMonitor task handler"

\InProcServer32(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP

"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI

"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"

-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"

\InProcServer32(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting

"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wired

"GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Wireless

"GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows Defender

"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

Running Services (Display Name, Service Name, Path {Service DLL}):


a-squared Free Service, a2free, ""C:\Program Files (x86)\a-squared Free\a2service.exe"" ["Emsi Software GmbH"]

COMODO Internet Security Helper Service, cmdAgent, ""C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"" ["COMODO"]

PDAgent, PDAgent, ""C:\Program Files (x86)\Raxco\PerfectDisk\PDAgent.exe"" ["Raxco Software, Inc."]

PDEngine, PDEngine, ""C:\Program Files (x86)\Raxco\PerfectDisk\PDEngine.exe"" ["Raxco Software, Inc."]

StarWind AE Service, StarWindServiceAE, "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]

Usługa Protokół SSTP, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]}

Windows Driver Foundation — User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}

Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}

---------- (launch time: 2009-03-05 20:38:03)

<>: Suspicious data at a malware launch point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • The search for DESKTOP.INI DLL launch points on all local fixed drives

took 105 seconds.

---------- (total run time: 142 seconds)

Dałbym jeszcze log z combofix'a ale wyskakuje błąd:

bdcombofix.th.jpg


(13 Alek) #2

Daj log z RSIT :arrow: instrukcja

Log dajesz na http://www.wklej.eu/, http://www.wklej.org/ lub http://www.wklejto.pl/, a w poście tylko link.