Odpowiedz

System uruchamia się baaardzo wolno (około 15 minut)

 
simman
Wdrażany
Liczba postów: 12
Post: #8

RE: System uruchamia się baaardzo wolno (około 15 minut)


(21.07.2012 11:23)bolinio3 napisał(a):  A jakiego masz antywirusa?

Kasperky Internet Security 2012 - oryginalny klucz

Zastanawiają mnie te 3 procesy czy wiecie coś o nich?

csrss.exe
winlogon.exe.
atieclxx.exe

Czy widzicie tutaj błąd?
Kod:
"Silent Runners.vbs", revision 64, http: //www.silentrunners.org/
Operating System:  Microsoft Windows 7 Professional Service Pack 1 (64-bit)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
DAEMON Tools Lite = "C: \Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [DT Soft Ltd]
Steam = "C: \Program Files (x86)\Steam\Steam.exe" -silent [Valve Corporation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
AVP = "C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [Kaspersky Lab ZAO]
HDAudDeck = C: \Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [VIA]
Adobe ARM = "C: \Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
StartCCC = "C: \Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.]
SunJavaUpdateSched = "C: \Program Files (x86)\Java\jre1.6.0\bin\jusched.exe" [Sun Microsystems, Inc.]
DATAMNGR = C: \PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE [Bandoo Media, inc]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = IEVkbdBHO
  -> {HKLM…CLSID} = IEVkbdBHO Class
                 \InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll [Kaspersky Lab ZAO]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
  -> {HKLM…CLSID} = Groove GFS Browser Helper
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

{9D717F81-9148-4f12-8568-69135F087DB0}\(Default) = (no title provided)
  -> {HKLM…CLSID} = DataMngr
                 \InProcServer32\(Default) = C: \PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL [Bandoo Media, inc]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
  -> {HKLM…CLSID} = Office Document Cache Handler
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [MS]

{E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = link filter bho
  -> {HKLM…CLSID} = FilterBHO Class
                 \InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll [Kaspersky Lab ZAO]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
  -> {HKLM…Wow…CLSID} = Adobe PDF Link Helper
                     \InProcServer32\(Default) = C: \Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = IEVkbdBHO
  -> {HKLM…Wow…CLSID} = IEVkbdBHO Class
                     \InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [Kaspersky Lab ZAO]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
  -> {HKLM…Wow…CLSID} = Groove GFS Browser Helper
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM…Wow…CLSID} = SSVHelper Class
                     \InProcServer32\(Default) = C: \Program Files (x86)\Java\jre1.6.0\bin\ssv.dll [Sun Microsystems, Inc.]

{99079a25-328f-4bd4-be04-00955acaa0a7}\(Default) = Searchqu Toolbar
  -> {HKLM…Wow…CLSID} = Searchqu Toolbar
                     \InProcServer32\(Default) = C: \PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll [null data]

{9D717F81-9148-4f12-8568-69135F087DB0}\(Default) = (no title provided)
  -> {HKLM…Wow…CLSID} = DataMngr
                     \InProcServer32\(Default) = C: \PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL [Bandoo Media, inc]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
  -> {HKLM…Wow…CLSID} = Office Document Cache Handler
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS]

{E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = link filter bho
  -> {HKLM…Wow…CLSID} = FilterBHO Class
                     \InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [Kaspersky Lab ZAO]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}
  -> {HKLM…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
  -> {HKLM…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}
  -> {HKLM…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}
  -> {HKLM…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
  -> {HKLM…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}
  -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
  -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}
  -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}
  -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
  -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
  -> {HKLM…CLSID} = SimpleShlExt Class
                 \InProcServer32\(Default) = C: \Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM…CLSID} = (no title provided)
                 \InProcServer32\(Default) = C: \Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM…CLSID} = Microsoft Office Metadata Handler
                 \InProcServer32\(Default) = C: \Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM…CLSID} = Microsoft Office Thumbnail Handler
                 \InProcServer32\(Default) = C: \Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension
  -> {HKLM…CLSID} = Obszary robocze
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                 \InProcServer32\(Default) = C: \Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
  -> {HKLM…CLSID} = ImageExtractorShellExt Class
                 \InProcServer32\(Default) = C: \Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
  -> {HKLM…CLSID} = CInfoTipShellExt Class
                 \InProcServer32\(Default) = C: \Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper
  -> {HKLM…CLSID} = Groove GFS Browser Helper
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
  -> {HKLM…CLSID} = Groove GFS Context Menu Handler
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
  -> {HKLM…CLSID} = Groove Folder Synchronization
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
  -> {HKLM…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
  -> {HKLM…CLSID} = Groove GFS Stub Execution Hook
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
  -> {HKLM…CLSID} = Groove GFS Stub Icon Handler
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
  -> {HKLM…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
  -> {HKLM…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
  -> {HKLM…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
  -> {HKLM…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
  -> {HKLM…CLSID} = Groove XML Icon Handler
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
  -> {HKLM…CLSID} = Projekty w przedsiębiorstwie
                 \InProcServer32\(Default) = C: \Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
  -> {HKLM…CLSID} = (no title provided)
                 \InProcServer32\(Default) = C: \Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension
  -> {HKLM…CLSID} = DisplayCplExt Class
                 \InProcServer32\(Default) = C: \Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM…Wow…CLSID} = (no title provided)
                     \InProcServer32\(Default) = C: \Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS]

{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension
  -> {HKLM…Wow…CLSID} = Obszary robocze
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM…Wow…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                     \InProcServer32\(Default) = C: \Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
  -> {HKLM…Wow…CLSID} = ImageExtractorShellExt Class
                     \InProcServer32\(Default) = C: \Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
  -> {HKLM…Wow…CLSID} = CInfoTipShellExt Class
                     \InProcServer32\(Default) = C: \Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper
  -> {HKLM…Wow…CLSID} = Groove GFS Browser Helper
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
  -> {HKLM…Wow…CLSID} = Groove GFS Context Menu Handler
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
  -> {HKLM…Wow…CLSID} = Groove Folder Synchronization
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
  -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
  -> {HKLM…Wow…CLSID} = Groove GFS Stub Execution Hook
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
  -> {HKLM…Wow…CLSID} = Groove GFS Stub Icon Handler
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
  -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
  -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
  -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
  -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
  -> {HKLM…Wow…CLSID} = Groove XML Icon Handler
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

{00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler
  -> {HKLM…Wow…CLSID} = Microsoft Outlook
                     \InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
  -> {HKLM…Wow…CLSID} = Outlook File Icon Extension
                     \InProcServer32\(Default) = C: \Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension
  -> {HKLM…Wow…CLSID} = WinRAR
                     \InProcServer32\(Default) = C: \Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
  -> {HKLM…CLSID} = Groove GFS Stub Execution Hook
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
  -> {HKLM…CLSID} = Groove GFS Stub Execution Hook
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> AppInit_DLLs = C: \PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C: \PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll  [Bandoo Media, inc]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> AppInit_DLLs = C: \PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C: \PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll  [Bandoo Media, inc]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM…CLSID} = Microsoft Office InfoPath XML Mime Filter
                 \InProcServer32\(Default) = C: \Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = {dd230880-495a-11d1-b064-008048ec2fc5}
  -> {HKLM…CLSID} = (no title provided)
                 \InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\shellex.dll [Kaspersky Lab ZAO]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM…CLSID} = WinRAR
                 \InProcServer32\(Default) = C: \Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM…CLSID} = Groove GFS Context Menu Handler
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM…CLSID} = Groove GFS Context Menu Handler
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = {dd230880-495a-11d1-b064-008048ec2fc5}
  -> {HKLM…CLSID} = (no title provided)
                 \InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\shellex.dll [Kaspersky Lab ZAO]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM…CLSID} = WinRAR
                 \InProcServer32\(Default) = C: \Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM…CLSID} = Groove GFS Context Menu Handler
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

FileZilla3CopyHook\(Default) = {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}
  -> {HKLM…CLSID} = FileZilla 3 Shell Extension
                 \InProcServer32\(Default) = C: \Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM…CLSID} = WinRAR
                 \InProcServer32\(Default) = C: \Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
  -> {HKLM…CLSID} = SimpleShlExt Class
                 \InProcServer32\(Default) = C: \Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM…CLSID} = Groove GFS Context Menu Handler
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = {dd230880-495a-11d1-b064-008048ec2fc5}
  -> {HKLM…CLSID} = (no title provided)
                 \InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\shellex.dll [Kaspersky Lab ZAO]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM…CLSID} = WinRAR
                 \InProcServer32\(Default) = C: \Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM…CLSID} = Groove GFS Context Menu Handler
                 \InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM…CLSID} = WinRAR
                 \InProcServer32\(Default) = C: \Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]


Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = ComFile


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note:  detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoLowDiskSpaceChecks = (REG_DWORD) dword: 0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C: \Users\Rafal\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AdobePremiereProCS3CameraArrival\
Provider = Adobe Premiere Pro
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C: \Program Files (x86)\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
  -> {HKLM…CLSID} = Shell Execute Hardware Event Handler
                 \LocalServer32\(Default) = C: \Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

BridgeCS3ImportMediaOnArrival\
Provider = Adobe Bridge CS3
InvokeProgID = Adobe.adobebridge
InvokeVerb = launch
HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = C: \Program Files (x86)\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1 [Adobe Systems, Inc.]

BridgeCS5ImportMediaOnArrival\
Provider = Adobe Bridge CS5
InvokeProgID = Adobe.adobebridgeCS5
InvokeVerb = launch
HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS5\shell\launch\command\(Default) = C: \Program Files (x86)\Adobe\Adobe Bridge CS5\bridgeproxy.exe -v %1 [Adobe Systems, Inc.]

MPCPlayBluRayOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayBlurayMovie
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = "C: \Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %L\BDMV\INDEX.BDMV [MPC-HC Team]

MPCPlayCDAudioOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayCDAudio
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C: \Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd [MPC-HC Team]

MPCPlayDVDMovieOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayDVDMovie
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C: \Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd [MPC-HC Team]

MPCPlayMusicFilesOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayMusicFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C: \Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team]

MPCPlayVideoFilesOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayVideoFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C: \Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C: \Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch: 3 /device: AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C: \Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch: 4 /device: DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C: \Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch: 4 /device: VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C: \Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch: 4 /device: VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C: \Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch: 3 /Task: CDWrite /Device: "%L" [MS]


Non-disabled Scheduled Tasks:
-----------------------------

C: \Users\Rafal\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

C: \Windows\System32\Tasks
Adobe Flash Player Updater ->  launches:  C: \Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
AdobeAAMUpdater-1.0-Rafal-Komputer-Rafal ->  launches:  C: \Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled [Adobe Systems Incorporated]
GoogleUpdateTaskMachineCore ->  launches:  C: \Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA ->  launches:  C: \Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
Wise Care 365 ->  launches:  C: \Program Files (x86)\Wise\Wise Care 365\WiseTray.exe -StartTray [WiseCleaner.com]
{3618BFCE-8B74-4D9A-8C86-1E3B9AFECFC9} ->  launches:  C: \Windows\system32\pcalua.exe -a D: \Setup.exe -d D: \ [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches:  {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                 \InProcServer32\(Default) = C: \Windows\system32\msdrm.dll [MS]
  -> {HKLM…Wow…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                     \InProcServer32\(Default) = C: \Windows\system32\msdrm.dll [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches:  aitagent [MS]
ProgramDataUpdater ->  launches:  %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches:  %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches:  BthUdTask.exe $(Arg0) [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches:  {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM…CLSID} = Certificate Services Client Task Handler
                 \InProcServer32\(Default) = C: \Windows\system32\dimsjob.dll [MS]
  -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
                     \InProcServer32\(Default) = C: \Windows\system32\dimsjob.dll [MS]
UserTask ->  launches:  {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM…CLSID} = Certificate Services Client Task Handler
                 \InProcServer32\(Default) = C: \Windows\system32\dimsjob.dll [MS]
  -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
                     \InProcServer32\(Default) = C: \Windows\system32\dimsjob.dll [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches:  %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches:  {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  -> {HKLM…CLSID} = KernelCeipCustomHandler
                 \InProcServer32\(Default) = C: \Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches:  {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  -> {HKLM…CLSID} = UsbCeip
                 \InProcServer32\(Default) = C: \Windows\System32\usbceip.dll [MS]
  -> {HKLM…Wow…CLSID} = UsbCeip
                     \InProcServer32\(Default) = C: \Windows\System32\usbceip.dll [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches:  %windir%\system32\defrag.exe -c [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches:  {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  -> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler
                 \InProcServer32\(Default) = C: \Windows\System32\sdiagschd.dll [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches:  %windir%\System32\LocationNotifications.exe [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT ->  launches:  {A9A33436-678B-4C9C-A211-7CC38785E79D}
  -> {HKLM…CLSID} = WinSAT Task Manger Task
                 \InProcServer32\(Default) = C: \Windows\system32\WinSATAPI.dll [MS]
  -> {HKLM…Wow…CLSID} = WinSAT Task Manger Task
                     \InProcServer32\(Default) = C: \Windows\system32\WinSATAPI.dll [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch ->  launches:  %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService ->  launches:  %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks ->  launches:  %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit ->  launches:  %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady ->  launches:  %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate ->  launches:  %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask ->  launches:  %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask ->  launches:  %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate ->  launches:  %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery ->  launches:  %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery ->  launches:  %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 ->  launches:  %SystemRoot%\ehome\ehPrivJob.exe /wait: 7 /PBDADiscovery [MS]
PBDADiscoveryW2 ->  launches:  %SystemRoot%\ehome\ehPrivJob.exe /wait: 90 /PBDADiscovery [MS]
PvrRecoveryTask ->  launches:  %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask ->  launches:  %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch ->  launches:  %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot ->  launches:  %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask ->  launches:  %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording ->  launches:  %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath ->  launches:  %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches:  {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
                 \InProcServer32\(Default) = C: \Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches:  {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
                 \InProcServer32\(Default) = C: \Windows\System32\memdiag.dll [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches:  {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM…CLSID} = HotStart User Agent
                 \InProcServer32\(Default) = C: \Windows\System32\HotStartUserAgent.dll [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches:  %windir%\system32\lpremove.exe [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches:  {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM…CLSID} = Microsoft PlaySoundService Class
                 \InProcServer32\(Default) = C: \Windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM…Wow…CLSID} = Microsoft PlaySoundService Class
                     \InProcServer32\(Default) = C: \Windows\System32\PlaySndSrv.dll [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches:  %windir%\system32\gatherNetworkInfo.vbs [null data]

C: \Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches:  %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches:  {42060D27-CA53-41f5-96E4-B1E8169308A6}
  -> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler
                 \InProcServer32\(Default) = C: \Windows\system32\RacEngn.dll [MS]
  -> {HKLM…Wow…CLSID} = ReliabilityAnalysisCustomHandler
                     \InProcServer32\(Default) = C: \Windows\system32\RacEngn.dll [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches:  {c463a0fc-794f-4fdf-9201-01938ceacafa}
  -> {HKLM…CLSID} = RasMobilityManager
                 \InProcServer32\(Default) = C: \Windows\system32\rasmbmgr.dll [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches:  {ca767aa8-9157-4604-b64b-40747123d5f2}
  -> {HKLM…CLSID} = RegistryIdleBackupHandler
                 \InProcServer32\(Default) = C: \Windows\System32\regidle.dll [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches:  %windir%\system32\RAServer.exe /offerraupdate [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches:  {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM…CLSID} = GadgetsManager Class
                 \InProcServer32\(Default) = C: \Windows\System32\AuxiliaryDisplayServices.dll [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches:  {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  -> {HKLM…CLSID} = RunTask
                 \InProcServer32\(Default) = C: \Windows\system32\wdc.dll [MS]
  -> {HKLM…Wow…CLSID} = RunTask
                     \InProcServer32\(Default) = C: \Windows\system32\wdc.dll [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 ->  launches:  %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches:  %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches:  {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM…CLSID} = MsCtfMonitor task handler
                 \InProcServer32\(Default) = C: \Windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM…Wow…CLSID} = MsCtfMonitor task handler
                     \InProcServer32\(Default) = C: \Windows\system32\MsCtfMonitor.dll [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime ->  launches:  %windir%\system32\sc.exe start w32time task_started [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches:  sc.exe config upnphost start= auto [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches:  {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler
                 \InProcServer32\(Default) = C: \Windows\System32\wdi.dll [MS]
  -> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler
                     \InProcServer32\(Default) = C: \Windows\System32\wdi.dll [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches:  %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches:  %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches:  %windir%\system32\wermgr.exe -queuereporting [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches:  %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches:  "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C: \Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification ->  launches:  %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C: \Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches:  c: \program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS]

C: \Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-1341734248-3807135842-1907004200-1000 -> (HIDDEN!) launches:  %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C: \Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Computer, Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{99079A25-328F-4BD4-BE04-00955ACAA0A7} = Searchqu Toolbar
  -> {HKLM…Wow…CLSID} = Searchqu Toolbar
                     \InProcServer32\(Default) = C: \PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll [null data]

Explorer Bars

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Wyślij do programu OneNote
MenuText = Wyślij &do programu OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM…CLSID} = Send to OneNote from Internet Explorer button
                 \InProcServer32\(Default) = C: \Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]

{4248FE82-7FCB-46AC-B270-339F08212110}\
ButtonText = &Klawiatura wirtualna
CLSIDExtension = {4248FE82-7FCB-46AC-B270-339F08212110}
  -> {HKLM…CLSID} = VirtualKeyboardButtonHandler Class
                 \InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll [Kaspersky Lab ZAO]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = &Notatki połączone programu OneNote
MenuText = &Notatki połączone programu OneNote
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
  -> {HKLM…CLSID} = Linked Notes button
                 \InProcServer32\(Default) = C: \Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]

{CCF151D8-D089-449F-A5A4-D9909053F20F}\
ButtonText = &Sprawdzanie adresów internetowych
CLSIDExtension = {CCF151D8-D089-449F-A5A4-D9909053F20F}
  -> {HKLM…CLSID} = FilterButtonHandler Class
                 \InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll [Kaspersky Lab ZAO]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Wyślij do programu OneNote
MenuText = Wyślij &do programu OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM…Wow…CLSID} = Send to OneNote from Internet Explorer button
                     \InProcServer32\(Default) = C: \Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS]

{4248FE82-7FCB-46AC-B270-339F08212110}\
ButtonText = &Klawiatura wirtualna
CLSIDExtension = {4248FE82-7FCB-46AC-B270-339F08212110}
  -> {HKLM…Wow…CLSID} = VirtualKeyboardButtonHandler Class
                     \InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [Kaspersky Lab ZAO]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = &Notatki połączone programu OneNote
MenuText = &Notatki połączone programu OneNote
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
  -> {HKLM…Wow…CLSID} = Linked Notes button
                     \InProcServer32\(Default) = C: \Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]

{CCF151D8-D089-449F-A5A4-D9909053F20F}\
ButtonText = &Sprawdzanie adresów internetowych
CLSIDExtension = {CCF151D8-D089-449F-A5A4-D9909053F20F}
  -> {HKLM…Wow…CLSID} = FilterButtonHandler Class
                     \InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [Kaspersky Lab ZAO]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, "C: \Program Files (x86)\Bonjour\mDNSResponder.exe" [Apple Computer, Inc.]
AMD External Events Utility, AMD External Events Utility, C: \Windows\system32\atiesrxx.exe [AMD]
KMService, KMService, C: \Windows\system32\srvany.exe [file not found]
OracleDBConsoleorcl, OracleDBConsoleorcl, C: \app\oracle\product\11.2.0\dbhome_1\bin\nmesrvc.exe [Oracle Corporation]
OracleServiceORCL, OracleServiceORCL, c: \app\oracle\product\11.2.0\dbhome_1\bin\ORACLE.EXE ORCL [Oracle Corporation]
SQL Server Analysis Services (MSSQLSERVER), MSSQLServerOLAPService, "C: \Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C: \Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Config" [MS]
SQL Server Analysis Services (MSSQLSERVER2), MSOLAP$MSSQLSERVER2, "C: \Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER2\OLAP\bin\msmdsrv.exe" -s "C: \Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER2\OLAP\Config" [MS]
SQL Server Browser, SQLBrowser, "C: \Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [MS]
SQL Server Integration Services 11.0, MsDtsServer110, "C: \Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe" [MS]
SQL Server Reporting Services (MSSQLSERVER), ReportServer, "C: \Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [MS]
SQL Server Reporting Services (MSSQLSERVER2), ReportServer$MSSQLSERVER2, "C: \Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER2\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [MS]
SQL Server VSS Writer, SQLWriter, "C: \Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [MS]
TeamViewer 7, TeamViewer7, C: \Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [TeamViewer GmbH]
Usługa Kaspersky Anti-Virus, AVP, "C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r [Kaspersky Lab ZAO]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
PDFill Writer Monitor\Driver = C: \Program Files (x86)\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll [Windows (R) Codename Longhorn DDK provider]
PJL Language Monitor\Driver = PJLMON.DLL [MS]


---------- (launch time:  2012-07-22 10: 03: 19)
<<!>>:  Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time:  114 seconds)
(Ten post był ostatnio modyfikowany: 22.07.2012 09:12 przez simman.)

22.07.2012 08:30

Znajdź wszystkie posty użytkownika
Odpowiedz cytując ten post
Odpowiedz


Wiadomości w tym wątku
RE: System uruchamia się baaardzo wolno (około 15 minut) - simman - 22.07.2012 08:30
Podobne wątki
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
Rozwiązany Win7 uruchamia się 7 minut pomocy GregPl 4 2.880 15.05.2016 09:50
Ostatni post: GregPl
Usuwanie opcji startu systemu: napraw system, przywróć system, uruchom normalnie metronomus 1 2.467 01.01.2016 16:15
Ostatni post: thermalfake
System Windows7 się nie uruchamia Esejem 1 2.188 19.09.2015 22:07
Ostatni post: thermalfake
Po odzyskiwaniu systemu ( Recovery - przebiega prawidłowo ) system nie uruchamia się whoockey 1 1.874 19.09.2015 21:58
Ostatni post: thermalfake
system uruchamia się tylko do "Starting windows" tomek200 1 1.757 22.07.2015 15:34
Ostatni post: Bartixxx
Zatrzymanie systemu zaraz po starcie na około 15 minut psg 2 1.583 22.07.2015 15:33
Ostatni post: Bartixxx
« Starszy wątek | Nowszy wątek »

Temat został oceniony na 0 w skali 1-5 gwiazdek.
Zebrano 2 głosów.