Done!
Here is l2mfix log:
L2Mfix 1.03
Running From:
C:\Documents and Settings\Administrator\Pulpit\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(IO) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(NI) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(IO) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-NI) ALLOW Full access BUILTIN\Administratorzy
(ID-IO) ALLOW Full access BUILTIN\Administratorzy
(ID-NI) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(ID-IO) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(ID-IO) ALLOW Full access TWŕRCA-WťA—CICIEL
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administratorzy
(NI) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(IO) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(NI) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(IO) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-NI) ALLOW Full access BUILTIN\Administratorzy
(ID-IO) ALLOW Full access BUILTIN\Administratorzy
(ID-NI) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(ID-IO) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(ID-IO) ALLOW Full access TWŕRCA-WťA—CICIEL
Setting up for Reboot
Starting Reboot!
C:\Documents and Settings\Administrator\Pulpit\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\Administrator\Pulpit\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 1228 'explorer.exe'
Killing PID 1228 'explorer.exe'
Killing PID 1228 'explorer.exe'
Killing PID 1228 'explorer.exe'
Killing PID 1228 'explorer.exe'
Killing PID 1228 'explorer.exe'
Killing PID 1228 'explorer.exe'
Killing PID 1228 'explorer.exe'
Killing PID 1228 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]Killing PID 1932 'rundll32.exe'
Killing PID 1932 'rundll32.exe'
Killing PID 1596 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINDOWS\system32\avtxprxy.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\bfackbox.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\cucui.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\derawex.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\dpcpmon.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\dxvacm.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\ement97.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\ffusd.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\g2jolc131f.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\g6lm0g31e6.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\hpl0233mg.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\iiitpki.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\IqagXpr7.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\iqeshare.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\irjsl5171.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\j6l40g3qe6.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\jt0m07d1e.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\k844lihq184e.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\kodsl.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\kpdsmsfi.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\kwdpo.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\m2po0c73ef.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\mcr2cenu.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\mjvcp50.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\mllbui.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\mpjava.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\mvwdat10.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\nftui1.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\ngrspl.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\ngtcfgx.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\nzshell.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\PH171Hwx.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\rHsser.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\RJOCURS.DLL
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\sncfiles.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\sQfrslv.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\sydpsrv.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\synike.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\wbnotify.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\wbntrust.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\wdhip6.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\wesapi32.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\wnncoreak.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\wrock32.dll
Liczba skopiowanych plik˘w: 1.
Backing Up: C:\WINDOWS\system32\wsntrust.dll
Liczba skopiowanych plik˘w: 1.
deleting: C:\WINDOWS\system32\avtxprxy.dll
Successfully Deleted: C:\WINDOWS\system32\avtxprxy.dll
deleting: C:\WINDOWS\system32\bfackbox.dll
Successfully Deleted: C:\WINDOWS\system32\bfackbox.dll
deleting: C:\WINDOWS\system32\cucui.dll
Successfully Deleted: C:\WINDOWS\system32\cucui.dll
deleting: C:\WINDOWS\system32\derawex.dll
Successfully Deleted: C:\WINDOWS\system32\derawex.dll
deleting: C:\WINDOWS\system32\dpcpmon.dll
Successfully Deleted: C:\WINDOWS\system32\dpcpmon.dll
deleting: C:\WINDOWS\system32\dxvacm.dll
Successfully Deleted: C:\WINDOWS\system32\dxvacm.dll
deleting: C:\WINDOWS\system32\ement97.dll
Successfully Deleted: C:\WINDOWS\system32\ement97.dll
deleting: C:\WINDOWS\system32\ffusd.dll
Successfully Deleted: C:\WINDOWS\system32\ffusd.dll
deleting: C:\WINDOWS\system32\g2jolc131f.dll
Successfully Deleted: C:\WINDOWS\system32\g2jolc131f.dll
deleting: C:\WINDOWS\system32\g6lm0g31e6.dll
Successfully Deleted: C:\WINDOWS\system32\g6lm0g31e6.dll
deleting: C:\WINDOWS\system32\hpl0233mg.dll
Successfully Deleted: C:\WINDOWS\system32\hpl0233mg.dll
deleting: C:\WINDOWS\system32\iiitpki.dll
Successfully Deleted: C:\WINDOWS\system32\iiitpki.dll
deleting: C:\WINDOWS\system32\IqagXpr7.dll
Successfully Deleted: C:\WINDOWS\system32\IqagXpr7.dll
deleting: C:\WINDOWS\system32\iqeshare.dll
Successfully Deleted: C:\WINDOWS\system32\iqeshare.dll
deleting: C:\WINDOWS\system32\irjsl5171.dll
Successfully Deleted: C:\WINDOWS\system32\irjsl5171.dll
deleting: C:\WINDOWS\system32\j6l40g3qe6.dll
Successfully Deleted: C:\WINDOWS\system32\j6l40g3qe6.dll
deleting: C:\WINDOWS\system32\jt0m07d1e.dll
Successfully Deleted: C:\WINDOWS\system32\jt0m07d1e.dll
deleting: C:\WINDOWS\system32\k844lihq184e.dll
Successfully Deleted: C:\WINDOWS\system32\k844lihq184e.dll
deleting: C:\WINDOWS\system32\kodsl.dll
Successfully Deleted: C:\WINDOWS\system32\kodsl.dll
deleting: C:\WINDOWS\system32\kpdsmsfi.dll
Successfully Deleted: C:\WINDOWS\system32\kpdsmsfi.dll
deleting: C:\WINDOWS\system32\kwdpo.dll
Successfully Deleted: C:\WINDOWS\system32\kwdpo.dll
deleting: C:\WINDOWS\system32\m2po0c73ef.dll
Successfully Deleted: C:\WINDOWS\system32\m2po0c73ef.dll
deleting: C:\WINDOWS\system32\mcr2cenu.dll
Successfully Deleted: C:\WINDOWS\system32\mcr2cenu.dll
deleting: C:\WINDOWS\system32\mjvcp50.dll
Successfully Deleted: C:\WINDOWS\system32\mjvcp50.dll
deleting: C:\WINDOWS\system32\mllbui.dll
Successfully Deleted: C:\WINDOWS\system32\mllbui.dll
deleting: C:\WINDOWS\system32\mpjava.dll
Successfully Deleted: C:\WINDOWS\system32\mpjava.dll
deleting: C:\WINDOWS\system32\mvwdat10.dll
Successfully Deleted: C:\WINDOWS\system32\mvwdat10.dll
deleting: C:\WINDOWS\system32\nftui1.dll
Successfully Deleted: C:\WINDOWS\system32\nftui1.dll
deleting: C:\WINDOWS\system32\ngrspl.dll
Successfully Deleted: C:\WINDOWS\system32\ngrspl.dll
deleting: C:\WINDOWS\system32\ngtcfgx.dll
Successfully Deleted: C:\WINDOWS\system32\ngtcfgx.dll
deleting: C:\WINDOWS\system32\nzshell.dll
Successfully Deleted: C:\WINDOWS\system32\nzshell.dll
deleting: C:\WINDOWS\system32\PH171Hwx.dll
Successfully Deleted: C:\WINDOWS\system32\PH171Hwx.dll
deleting: C:\WINDOWS\system32\rHsser.dll
Successfully Deleted: C:\WINDOWS\system32\rHsser.dll
deleting: C:\WINDOWS\system32\RJOCURS.DLL
Successfully Deleted: C:\WINDOWS\system32\RJOCURS.DLL
deleting: C:\WINDOWS\system32\sncfiles.dll
Successfully Deleted: C:\WINDOWS\system32\sncfiles.dll
deleting: C:\WINDOWS\system32\sQfrslv.dll
Successfully Deleted: C:\WINDOWS\system32\sQfrslv.dll
deleting: C:\WINDOWS\system32\sydpsrv.dll
Successfully Deleted: C:\WINDOWS\system32\sydpsrv.dll
deleting: C:\WINDOWS\system32\synike.dll
Successfully Deleted: C:\WINDOWS\system32\synike.dll
deleting: C:\WINDOWS\system32\wbnotify.dll
Successfully Deleted: C:\WINDOWS\system32\wbnotify.dll
deleting: C:\WINDOWS\system32\wbntrust.dll
Successfully Deleted: C:\WINDOWS\system32\wbntrust.dll
deleting: C:\WINDOWS\system32\wdhip6.dll
Successfully Deleted: C:\WINDOWS\system32\wdhip6.dll
deleting: C:\WINDOWS\system32\wesapi32.dll
Successfully Deleted: C:\WINDOWS\system32\wesapi32.dll
deleting: C:\WINDOWS\system32\wnncoreak.dll
Successfully Deleted: C:\WINDOWS\system32\wnncoreak.dll
deleting: C:\WINDOWS\system32\wrock32.dll
Successfully Deleted: C:\WINDOWS\system32\wrock32.dll
deleting: C:\WINDOWS\system32\wsntrust.dll
Successfully Deleted: C:\WINDOWS\system32\wsntrust.dll
Zipping up files for submission:
adding: avtxprxy.dll (164 bytes security) (deflated 5%)
adding: bfackbox.dll (164 bytes security) (deflated 5%)
adding: cucui.dll (164 bytes security) (deflated 4%)
adding: derawex.dll (164 bytes security) (deflated 5%)
adding: dpcpmon.dll (164 bytes security) (deflated 5%)
adding: dxvacm.dll (164 bytes security) (deflated 6%)
adding: ement97.dll (164 bytes security) (deflated 4%)
adding: ffusd.dll (164 bytes security) (deflated 5%)
adding: g2jolc131f.dll (164 bytes security) (deflated 5%)
adding: g6lm0g31e6.dll (164 bytes security) (deflated 4%)
adding: hpl0233mg.dll (164 bytes security) (deflated 4%)
adding: iiitpki.dll (164 bytes security) (deflated 4%)
adding: IqagXpr7.dll (164 bytes security) (deflated 5%)
adding: iqeshare.dll (164 bytes security) (deflated 4%)
adding: irjsl5171.dll (164 bytes security) (deflated 4%)
adding: j6l40g3qe6.dll (164 bytes security) (deflated 4%)
adding: jt0m07d1e.dll (164 bytes security) (deflated 4%)
adding: k844lihq184e.dll (164 bytes security) (deflated 4%)
adding: kodsl.dll (164 bytes security) (deflated 4%)
adding: kpdsmsfi.dll (164 bytes security) (deflated 5%)
adding: kwdpo.dll (164 bytes security) (deflated 4%)
adding: m2po0c73ef.dll (164 bytes security) (deflated 5%)
adding: mcr2cenu.dll (164 bytes security) (deflated 4%)
adding: mjvcp50.dll (164 bytes security) (deflated 6%)
adding: mllbui.dll (164 bytes security) (deflated 5%)
adding: mpjava.dll (164 bytes security) (deflated 4%)
adding: mvwdat10.dll (164 bytes security) (deflated 4%)
adding: nftui1.dll (164 bytes security) (deflated 4%)
adding: ngrspl.dll (164 bytes security) (deflated 6%)
adding: ngtcfgx.dll (164 bytes security) (deflated 4%)
adding: nzshell.dll (164 bytes security) (deflated 4%)
adding: PH171Hwx.dll (164 bytes security) (deflated 5%)
adding: rHsser.dll (164 bytes security) (deflated 6%)
adding: RJOCURS.DLL (164 bytes security) (deflated 5%)
adding: sncfiles.dll (164 bytes security) (deflated 4%)
adding: sQfrslv.dll (164 bytes security) (deflated 5%)
adding: sydpsrv.dll (164 bytes security) (deflated 6%)
adding: synike.dll (164 bytes security) (deflated 6%)
adding: wbnotify.dll (164 bytes security) (deflated 5%)
adding: wbntrust.dll (164 bytes security) (deflated 5%)
adding: wdhip6.dll (164 bytes security) (deflated 6%)
adding: wesapi32.dll (164 bytes security) (deflated 4%)
adding: wnncoreak.dll (164 bytes security) (deflated 4%)
adding: wrock32.dll (164 bytes security) (deflated 6%)
adding: wsntrust.dll (164 bytes security) (deflated 5%)
adding: clear.reg (164 bytes security) (deflated 71%)
adding: echo.reg (164 bytes security) (deflated 10%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 87%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 74%)
adding: test.txt (164 bytes security) (deflated 83%)
adding: test2.txt (164 bytes security) (deflated 49%)
adding: test3.txt (164 bytes security) (deflated 49%)
adding: test5.txt (164 bytes security) (deflated 49%)
adding: xfind.txt (164 bytes security) (deflated 77%)
adding: backregs/134DD1E3-0BEF-4CE3-AA00-18CFF12C12A8.reg (164 bytes security) (deflated 70%)
adding: backregs/176B46C9-82EB-4FD0-BF9A-A16E0598E286.reg (164 bytes security) (deflated 70%)
adding: backregs/1E2A9011-D673-4BBB-AA72-93D193050811.reg (164 bytes security) (deflated 70%)
adding: backregs/307FBA9E-CE59-43BE-9226-E720731A5C2F.reg (164 bytes security) (deflated 70%)
adding: backregs/30C685CA-F533-460B-8EBB-C17FDBFC3203.reg (164 bytes security) (deflated 70%)
adding: backregs/4DD12615-D6F6-4EA9-BF08-A6B72FD6AEDF.reg (164 bytes security) (deflated 70%)
adding: backregs/513C468B-9E16-468B-A715-B8FA2736B1DE.reg (164 bytes security) (deflated 70%)
adding: backregs/52F46697-236A-43D2-B0D8-06B2E64E1BFD.reg (164 bytes security) (deflated 70%)
adding: backregs/6568AC85-8DC8-409F-A5A1-3C47BA7454CC.reg (164 bytes security) (deflated 70%)
adding: backregs/69A9F73B-EF00-4C59-838F-A1CC7C67CFE7.reg (164 bytes security) (deflated 70%)
adding: backregs/6D0EF48D-12C8-4100-985F-305DAA6B0152.reg (164 bytes security) (deflated 70%)
adding: backregs/6E1F735B-79C1-4BE6-A785-C4ECE7DD41AA.reg (164 bytes security) (deflated 70%)
adding: backregs/6F71190C-540D-42A4-88E9-8CF85AFCF99F.reg (164 bytes security) (deflated 70%)
adding: backregs/7B1A5549-4F3F-4F46-9EE8-DC7BDD24AC28.reg (164 bytes security) (deflated 70%)
adding: backregs/7D2A0C63-9650-4AC9-A906-B64593F10B33.reg (164 bytes security) (deflated 70%)
adding: backregs/848BE854-8940-4CD9-9D03-AF1177D8BA6C.reg (164 bytes security) (deflated 70%)
adding: backregs/84DF0C38-8BC1-4D7A-A84E-AFA7F5583307.reg (164 bytes security) (deflated 70%)
adding: backregs/85152FA3-FE73-4E27-8E2A-F3D4858A1532.reg (164 bytes security) (deflated 70%)
adding: backregs/886AA7FC-45A8-4731-8407-6DEC7EB47ADE.reg (164 bytes security) (deflated 70%)
adding: backregs/88C655DB-B0E0-4940-BF9C-F354E0BB207F.reg (164 bytes security) (deflated 70%)
adding: backregs/8C9A3AB3-8DA3-4FB9-98BB-847D36F21C8C.reg (164 bytes security) (deflated 70%)
adding: backregs/9D7A4927-2C9C-47C8-AF12-932CAC016F1F.reg (164 bytes security) (deflated 70%)
adding: backregs/A8486EFD-69AE-45AA-BAE0-357332F628F3.reg (164 bytes security) (deflated 70%)
adding: backregs/B3266DCF-2009-44D9-B164-694492B420DE.reg (164 bytes security) (deflated 70%)
adding: backregs/C9DC4E7D-896B-496A-9063-B688C9382DDE.reg (164 bytes security) (deflated 70%)
adding: backregs/E3A800CC-38D8-4B1F-A3ED-393FA8198E48.reg (164 bytes security) (deflated 70%)
adding: backregs/ECC3D30C-E354-4866-BBCA-008BA0D493DE.reg (164 bytes security) (deflated 69%)
adding: backregs/FFBBE799-F5E7-40E1-B652-F4B913E3E19E.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 72%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(IO) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(NI) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(IO) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy
(ID-NI) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-IO) ALLOW Read BUILTIN\Uľytkownicy zaawansowani
(ID-NI) ALLOW Full access BUILTIN\Administratorzy
(ID-IO) ALLOW Full access BUILTIN\Administratorzy
(ID-NI) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(ID-IO) ALLOW Full access ZARZ¤DZANIE NT\SYSTEM
(ID-IO) ALLOW Full access TWŕRCA-WťA—CICIEL
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332
deleting local copy: avtxprxy.dll
deleting local copy: bfackbox.dll
deleting local copy: cucui.dll
deleting local copy: derawex.dll
deleting local copy: dpcpmon.dll
deleting local copy: dxvacm.dll
deleting local copy: ement97.dll
deleting local copy: ffusd.dll
deleting local copy: g2jolc131f.dll
deleting local copy: g6lm0g31e6.dll
deleting local copy: hpl0233mg.dll
deleting local copy: iiitpki.dll
deleting local copy: IqagXpr7.dll
deleting local copy: iqeshare.dll
deleting local copy: irjsl5171.dll
deleting local copy: j6l40g3qe6.dll
deleting local copy: jt0m07d1e.dll
deleting local copy: k844lihq184e.dll
deleting local copy: kodsl.dll
deleting local copy: kpdsmsfi.dll
deleting local copy: kwdpo.dll
deleting local copy: m2po0c73ef.dll
deleting local copy: mcr2cenu.dll
deleting local copy: mjvcp50.dll
deleting local copy: mllbui.dll
deleting local copy: mpjava.dll
deleting local copy: mvwdat10.dll
deleting local copy: nftui1.dll
deleting local copy: ngrspl.dll
deleting local copy: ngtcfgx.dll
deleting local copy: nzshell.dll
deleting local copy: PH171Hwx.dll
deleting local copy: rHsser.dll
deleting local copy: RJOCURS.DLL
deleting local copy: sncfiles.dll
deleting local copy: sQfrslv.dll
deleting local copy: sydpsrv.dll
deleting local copy: synike.dll
deleting local copy: wbnotify.dll
deleting local copy: wbntrust.dll
deleting local copy: wdhip6.dll
deleting local copy: wesapi32.dll
deleting local copy: wnncoreak.dll
deleting local copy: wrock32.dll
deleting local copy: wsntrust.dll
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\avtxprxy.dll
C:\WINDOWS\system32\bfackbox.dll
C:\WINDOWS\system32\cucui.dll
C:\WINDOWS\system32\derawex.dll
C:\WINDOWS\system32\dpcpmon.dll
C:\WINDOWS\system32\dxvacm.dll
C:\WINDOWS\system32\ement97.dll
C:\WINDOWS\system32\ffusd.dll
C:\WINDOWS\system32\g2jolc131f.dll
C:\WINDOWS\system32\g6lm0g31e6.dll
C:\WINDOWS\system32\hpl0233mg.dll
C:\WINDOWS\system32\iiitpki.dll
C:\WINDOWS\system32\IqagXpr7.dll
C:\WINDOWS\system32\iqeshare.dll
C:\WINDOWS\system32\irjsl5171.dll
C:\WINDOWS\system32\j6l40g3qe6.dll
C:\WINDOWS\system32\jt0m07d1e.dll
C:\WINDOWS\system32\k844lihq184e.dll
C:\WINDOWS\system32\kodsl.dll
C:\WINDOWS\system32\kpdsmsfi.dll
C:\WINDOWS\system32\kwdpo.dll
C:\WINDOWS\system32\m2po0c73ef.dll
C:\WINDOWS\system32\mcr2cenu.dll
C:\WINDOWS\system32\mjvcp50.dll
C:\WINDOWS\system32\mllbui.dll
C:\WINDOWS\system32\mpjava.dll
C:\WINDOWS\system32\mvwdat10.dll
C:\WINDOWS\system32\nftui1.dll
C:\WINDOWS\system32\ngrspl.dll
C:\WINDOWS\system32\ngtcfgx.dll
C:\WINDOWS\system32\nzshell.dll
C:\WINDOWS\system32\PH171Hwx.dll
C:\WINDOWS\system32\rHsser.dll
C:\WINDOWS\system32\RJOCURS.DLL
C:\WINDOWS\system32\sncfiles.dll
C:\WINDOWS\system32\sQfrslv.dll
C:\WINDOWS\system32\sydpsrv.dll
C:\WINDOWS\system32\synike.dll
C:\WINDOWS\system32\wbnotify.dll
C:\WINDOWS\system32\wbntrust.dll
C:\WINDOWS\system32\wdhip6.dll
C:\WINDOWS\system32\wesapi32.dll
C:\WINDOWS\system32\wnncoreak.dll
C:\WINDOWS\system32\wrock32.dll
C:\WINDOWS\system32\wsntrust.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{E3A800CC-38D8-4B1F-A3ED-393FA8198E48}"=-
"{88C655DB-B0E0-4940-BF9C-F354E0BB207F}"=-
"{6E1F735B-79C1-4BE6-A785-C4ECE7DD41AA}"=-
"{176B46C9-82EB-4FD0-BF9A-A16E0598E286}"=-
"{886AA7FC-45A8-4731-8407-6DEC7EB47ADE}"=-
"{6F71190C-540D-42A4-88E9-8CF85AFCF99F}"=-
"{6568AC85-8DC8-409F-A5A1-3C47BA7454CC}"=-
"{ECC3D30C-E354-4866-BBCA-008BA0D493DE}"=-
"{FFBBE799-F5E7-40E1-B652-F4B913E3E19E}"=-
"{513C468B-9E16-468B-A715-B8FA2736B1DE}"=-
"{7D2A0C63-9650-4AC9-A906-B64593F10B33}"=-
"{307FBA9E-CE59-43BE-9226-E720731A5C2F}"=-
"{9D7A4927-2C9C-47C8-AF12-932CAC016F1F}"=-
"{8C9A3AB3-8DA3-4FB9-98BB-847D36F21C8C}"=-
"{30C685CA-F533-460B-8EBB-C17FDBFC3203}"=-
"{B3266DCF-2009-44D9-B164-694492B420DE}"=-
"{84DF0C38-8BC1-4D7A-A84E-AFA7F5583307}"=-
"{A8486EFD-69AE-45AA-BAE0-357332F628F3}"=-
"{69A9F73B-EF00-4C59-838F-A1CC7C67CFE7}"=-
"{6D0EF48D-12C8-4100-985F-305DAA6B0152}"=-
"{848BE854-8940-4CD9-9D03-AF1177D8BA6C}"=-
"{52F46697-236A-43D2-B0D8-06B2E64E1BFD}"=-
"{7B1A5549-4F3F-4F46-9EE8-DC7BDD24AC28}"=-
"{1E2A9011-D673-4BBB-AA72-93D193050811}"=-
"{4DD12615-D6F6-4EA9-BF08-A6B72FD6AEDF}"=-
"{85152FA3-FE73-4E27-8E2A-F3D4858A1532}"=-
"{C9DC4E7D-896B-496A-9063-B688C9382DDE}"=-
"{134DD1E3-0BEF-4CE3-AA00-18CFF12C12A8}"=-
[-HKEY_CLASSES_ROOT\CLSID\{E3A800CC-38D8-4B1F-A3ED-393FA8198E48}]
[-HKEY_CLASSES_ROOT\CLSID\{88C655DB-B0E0-4940-BF9C-F354E0BB207F}]
[-HKEY_CLASSES_ROOT\CLSID\{6E1F735B-79C1-4BE6-A785-C4ECE7DD41AA}]
[-HKEY_CLASSES_ROOT\CLSID\{176B46C9-82EB-4FD0-BF9A-A16E0598E286}]
[-HKEY_CLASSES_ROOT\CLSID\{886AA7FC-45A8-4731-8407-6DEC7EB47ADE}]
[-HKEY_CLASSES_ROOT\CLSID\{6F71190C-540D-42A4-88E9-8CF85AFCF99F}]
[-HKEY_CLASSES_ROOT\CLSID\{6568AC85-8DC8-409F-A5A1-3C47BA7454CC}]
[-HKEY_CLASSES_ROOT\CLSID\{ECC3D30C-E354-4866-BBCA-008BA0D493DE}]
[-HKEY_CLASSES_ROOT\CLSID\{FFBBE799-F5E7-40E1-B652-F4B913E3E19E}]
[-HKEY_CLASSES_ROOT\CLSID\{513C468B-9E16-468B-A715-B8FA2736B1DE}]
[-HKEY_CLASSES_ROOT\CLSID\{7D2A0C63-9650-4AC9-A906-B64593F10B33}]
[-HKEY_CLASSES_ROOT\CLSID\{307FBA9E-CE59-43BE-9226-E720731A5C2F}]
[-HKEY_CLASSES_ROOT\CLSID\{9D7A4927-2C9C-47C8-AF12-932CAC016F1F}]
[-HKEY_CLASSES_ROOT\CLSID\{8C9A3AB3-8DA3-4FB9-98BB-847D36F21C8C}]
[-HKEY_CLASSES_ROOT\CLSID\{30C685CA-F533-460B-8EBB-C17FDBFC3203}]
[-HKEY_CLASSES_ROOT\CLSID\{B3266DCF-2009-44D9-B164-694492B420DE}]
[-HKEY_CLASSES_ROOT\CLSID\{84DF0C38-8BC1-4D7A-A84E-AFA7F5583307}]
[-HKEY_CLASSES_ROOT\CLSID\{A8486EFD-69AE-45AA-BAE0-357332F628F3}]
[-HKEY_CLASSES_ROOT\CLSID\{69A9F73B-EF00-4C59-838F-A1CC7C67CFE7}]
[-HKEY_CLASSES_ROOT\CLSID\{6D0EF48D-12C8-4100-985F-305DAA6B0152}]
[-HKEY_CLASSES_ROOT\CLSID\{848BE854-8940-4CD9-9D03-AF1177D8BA6C}]
[-HKEY_CLASSES_ROOT\CLSID\{52F46697-236A-43D2-B0D8-06B2E64E1BFD}]
[-HKEY_CLASSES_ROOT\CLSID\{7B1A5549-4F3F-4F46-9EE8-DC7BDD24AC28}]
[-HKEY_CLASSES_ROOT\CLSID\{1E2A9011-D673-4BBB-AA72-93D193050811}]
[-HKEY_CLASSES_ROOT\CLSID\{4DD12615-D6F6-4EA9-BF08-A6B72FD6AEDF}]
[-HKEY_CLASSES_ROOT\CLSID\{85152FA3-FE73-4E27-8E2A-F3D4858A1532}]
[-HKEY_CLASSES_ROOT\CLSID\{C9DC4E7D-896B-496A-9063-B688C9382DDE}]
[-HKEY_CLASSES_ROOT\CLSID\{134DD1E3-0BEF-4CE3-AA00-18CFF12C12A8}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
and here hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 00:36:42, on 2005-05-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\ibmtools\aptezbtn\aptezbp.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\ibmtools\aptezbtn\rakusb.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Moje dokumenty\Utilities\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://www.cult3d.co...wnload/cult.cabO16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} -
http://advnt01.com/dialer/russia.CABO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1093656769562O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.app.../ITDetector.cabO16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
http://skaner.mks.co...kanerOnline.cabO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Erss8udkaski - Creative Technology Ltd - (no file)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe