Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:30-08-2015 Uruchomiony przez admin (2015-08-31 17:18:29) Run:4 Uruchomiony z C:\Users\admin\Desktop\1 Załadowane profile: admin (Dostępne profile: admin) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** ListPermissions: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc ListPermissions: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters ListPermissions: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Security File: C:\Windows\System32\nlasvc.dll Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc" /s Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters" /s Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Security" /s ***************** =================================== uprawnienia "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc": Owner: BUILTIN\Administrators DACL(AI): BUILTIN\Users ALLOW READ (I) BUILTIN\Users ALLOW READ (CI-I-OI) BUILTIN\Administrators ALLOW FULL (I) BUILTIN\Administrators ALLOW FULL (CI-I-OI) NT AUTHORITY\SYSTEM ALLOW FULL (I) NT AUTHORITY\SYSTEM ALLOW FULL (CI-I-OI) CREATOR OWNER ALLOW FULL (CI-I-OI) =================================== =================================== uprawnienia "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters": Owner: BUILTIN\Administrators DACL(PAI): BUILTIN\Administrators ALLOW FULL (NI) BUILTIN\Administrators ALLOW FULL (CI-IO) NT AUTHORITY\SYSTEM ALLOW FULL (NI) NT AUTHORITY\SYSTEM ALLOW FULL (CI-IO) NT AUTHORITY\INTERACTIVE ALLOW QUERY+CreateSubKey+NOTIFY (NI) NT AUTHORITY\SERVICE ALLOW QUERY+CreateSubKey+EnumSubKey+READ (NI) NT SERVICE\NlaSvc ALLOW QUERY+CreateSubKey+EnumSubKey+NOTIFY+READ (NI) NT SERVICE\Dhcp ALLOW QUERY+CreateSubKey+EnumSubKey+NOTIFY+READ (NI) =================================== =================================== uprawnienia "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Security": Owner: BUILTIN\Administrators DACL(AI): BUILTIN\Users ALLOW READ (I) BUILTIN\Users ALLOW READ (CI-I-OI) BUILTIN\Administrators ALLOW FULL (I) BUILTIN\Administrators ALLOW FULL (CI-I-OI) NT AUTHORITY\SYSTEM ALLOW FULL (I) NT AUTHORITY\SYSTEM ALLOW FULL (CI-I-OI) CREATOR OWNER ALLOW FULL (CI-I-OI) =================================== ========================= File: C:\Windows\System32\nlasvc.dll ======================== Plik podpisany cyfrowo MD5: D9A0CE66046D6EFA0C61BAA885CBA0A8 Data utworzenia i modyfikacji: 2009-07-14 02:09 - 2009-07-14 03:41 Rozmiar: 0302080 Atrybuty: ----A Firma: Microsoft Corporation Wewnętrzna nazwa: nlasvc.dll Oryginalna nazwa: nlasvc.dll.mui Produkt: System operacyjny Microsoft® Windows® Opis: Rozpoznawanie lokalizacji w sieci 2 Plik Wersja: 6.1.7600.16385 (win7_rtm.090713-1255) Produkt Wersja: 6.1.7600.16385 Prawa autorskie: © Microsoft Corporation. Wszelkie prawa zastrzeżone. ====== Koniec File: ====== ========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc" /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc DisplayName REG_SZ @%SystemRoot%\System32\nlasvc.dll,-1 ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k NetworkService Description REG_SZ @%SystemRoot%\System32\nlasvc.dll,-2 ObjectName REG_SZ NT AUTHORITY\NetworkService ErrorControl REG_DWORD 0x1 Start REG_DWORD 0x2 Type REG_DWORD 0x20 DependOnService REG_MULTI_SZ NSI\0RpcSs\0TcpIp ServiceSidType REG_DWORD 0x1 RequiredPrivileges REG_MULTI_SZ SeCreateGlobalPrivilege\0SeImpersonatePrivilege\0SeAuditPrivilege FailureActions REG_BINARY 8051010000000000000000000300000014000000010000006400000001000000640000000000000000000000 pname REG_SZ AS TST REG_SZ 1440928354 CMGUID REG_SZ 239 GUIDV REG_SZ 7 CMPK REG_SZ -rvr-rev-som-tot-opw-psp-cpm-prc-crb-crr-atm vpolicy REG_SZ som HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\nlasvc.dll ServiceDllUnloadOnStop REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet PassivePollPeriod REG_DWORD 0x5 StaleThreshold REG_DWORD 0x1e WebTimeout REG_DWORD 0x23 EnableActiveProbing REG_DWORD 0x1 ActiveWebProbeHost REG_SZ www.msftncsi.com ActiveWebProbePath REG_SZ ncsi.txt ActiveWebProbeContent REG_SZ Microsoft NCSI ActiveDnsProbeHost REG_SZ dns.msftncsi.com ActiveDnsProbeContent REG_SZ 131.107.255.255 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Security Security REG_BINARY 0100048098000000A40000000000000014000000020084000500000000021800FF010F000102000000000005200000002002000000021400FF010F00010100000000000512000000000014009D000200010100000000000504000000000014008D010200010100000000000506000000000028001D000200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E9010100000000000512000000010100000000000512000000 ========= Koniec Reg: ========= ========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters" /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\nlasvc.dll ServiceDllUnloadOnStop REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet PassivePollPeriod REG_DWORD 0x5 StaleThreshold REG_DWORD 0x1e WebTimeout REG_DWORD 0x23 EnableActiveProbing REG_DWORD 0x1 ActiveWebProbeHost REG_SZ www.msftncsi.com ActiveWebProbePath REG_SZ ncsi.txt ActiveWebProbeContent REG_SZ Microsoft NCSI ActiveDnsProbeHost REG_SZ dns.msftncsi.com ActiveDnsProbeContent REG_SZ 131.107.255.255 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies ========= Koniec Reg: ========= ========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Security" /s ========= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Security Security REG_BINARY 0100048098000000A40000000000000014000000020084000500000000021800FF010F000102000000000005200000002002000000021400FF010F00010100000000000512000000000014009D000200010100000000000504000000000014008D010200010100000000000506000000000028001D000200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E9010100000000000512000000010100000000000512000000 ========= Koniec Reg: ========= ==== Koniec Fixlog 17:18:29 ====