simman
Wdrażany
Liczba postów: 12
|
RE: System uruchamia się baaardzo wolno (około 15 minut)
(21.07.2012 11:23)bolinio3 napisał(a): A jakiego masz antywirusa?
Kasperky Internet Security 2012 - oryginalny klucz
Zastanawiają mnie te 3 procesy czy wiecie coś o nich?
csrss.exe
winlogon.exe.
atieclxx.exe
Czy widzicie tutaj błąd?
Kod:
"Silent Runners.vbs", revision 64, http: //www.silentrunners.org/
Operating System: Microsoft Windows 7 Professional Service Pack 1 (64-bit)
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
DAEMON Tools Lite = "C: \Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [DT Soft Ltd]
Steam = "C: \Program Files (x86)\Steam\Steam.exe" -silent [Valve Corporation]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
AVP = "C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [Kaspersky Lab ZAO]
HDAudDeck = C: \Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [VIA]
Adobe ARM = "C: \Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
StartCCC = "C: \Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.]
SunJavaUpdateSched = "C: \Program Files (x86)\Java\jre1.6.0\bin\jusched.exe" [Sun Microsystems, Inc.]
DATAMNGR = C: \PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE [Bandoo Media, inc]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = IEVkbdBHO
-> {HKLM…CLSID} = IEVkbdBHO Class
\InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll [Kaspersky Lab ZAO]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM…CLSID} = Groove GFS Browser Helper
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
{9D717F81-9148-4f12-8568-69135F087DB0}\(Default) = (no title provided)
-> {HKLM…CLSID} = DataMngr
\InProcServer32\(Default) = C: \PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL [Bandoo Media, inc]
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM…CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [MS]
{E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = link filter bho
-> {HKLM…CLSID} = FilterBHO Class
\InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll [Kaspersky Lab ZAO]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM…Wow…CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C: \Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = IEVkbdBHO
-> {HKLM…Wow…CLSID} = IEVkbdBHO Class
\InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [Kaspersky Lab ZAO]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Groove GFS Browser Helper
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = SSVHelper Class
\InProcServer32\(Default) = C: \Program Files (x86)\Java\jre1.6.0\bin\ssv.dll [Sun Microsystems, Inc.]
{99079a25-328f-4bd4-be04-00955acaa0a7}\(Default) = Searchqu Toolbar
-> {HKLM…Wow…CLSID} = Searchqu Toolbar
\InProcServer32\(Default) = C: \PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll [null data]
{9D717F81-9148-4f12-8568-69135F087DB0}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = DataMngr
\InProcServer32\(Default) = C: \PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL [Bandoo Media, inc]
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM…Wow…CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS]
{E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = link filter bho
-> {HKLM…Wow…CLSID} = FilterBHO Class
\InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [Kaspersky Lab ZAO]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
-> {HKLM…CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C: \Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C: \Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM…CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C: \Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM…CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C: \Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension
-> {HKLM…CLSID} = Obszary robocze
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C: \Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM…CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C: \Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM…CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C: \Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper
-> {HKLM…CLSID} = Groove GFS Browser Helper
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
-> {HKLM…CLSID} = Groove Folder Synchronization
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
-> {HKLM…CLSID} = Groove GFS Stub Execution Hook
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
-> {HKLM…CLSID} = Groove GFS Stub Icon Handler
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
-> {HKLM…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
-> {HKLM…CLSID} = Groove XML Icon Handler
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
-> {HKLM…CLSID} = Projekty w przedsiębiorstwie
\InProcServer32\(Default) = C: \Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS]
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C: \Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension
-> {HKLM…CLSID} = DisplayCplExt Class
\InProcServer32\(Default) = C: \Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM…Wow…CLSID} = (no title provided)
\InProcServer32\(Default) = C: \Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS]
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension
-> {HKLM…Wow…CLSID} = Obszary robocze
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM…Wow…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C: \Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM…Wow…CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C: \Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM…Wow…CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C: \Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper
-> {HKLM…Wow…CLSID} = Groove GFS Browser Helper
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
-> {HKLM…Wow…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
-> {HKLM…Wow…CLSID} = Groove Folder Synchronization
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
-> {HKLM…Wow…CLSID} = Groove GFS Stub Execution Hook
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
-> {HKLM…Wow…CLSID} = Groove GFS Stub Icon Handler
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
-> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
-> {HKLM…Wow…CLSID} = Groove XML Icon Handler
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
{00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler
-> {HKLM…Wow…CLSID} = Microsoft Outlook
\InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL [MS]
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
-> {HKLM…Wow…CLSID} = Outlook File Icon Extension
\InProcServer32\(Default) = C: \Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [MS]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension
-> {HKLM…Wow…CLSID} = WinRAR
\InProcServer32\(Default) = C: \Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
-> {HKLM…CLSID} = Groove GFS Stub Execution Hook
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
-> {HKLM…CLSID} = Groove GFS Stub Execution Hook
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> AppInit_DLLs = C: \PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C: \PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll [Bandoo Media, inc]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> AppInit_DLLs = C: \PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C: \PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll [Bandoo Media, inc]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
-> {HKLM…CLSID} = Microsoft Office InfoPath XML Mime Filter
\InProcServer32\(Default) = C: \Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = {dd230880-495a-11d1-b064-008048ec2fc5}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\shellex.dll [Kaspersky Lab ZAO]
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C: \Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = {dd230880-495a-11d1-b064-008048ec2fc5}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\shellex.dll [Kaspersky Lab ZAO]
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C: \Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\
FileZilla3CopyHook\(Default) = {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}
-> {HKLM…CLSID} = FileZilla 3 Shell Extension
\InProcServer32\(Default) = C: \Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C: \Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
-> {HKLM…CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C: \Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = {dd230880-495a-11d1-b064-008048ec2fc5}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\shellex.dll [Kaspersky Lab ZAO]
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C: \Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM…CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM…CLSID} = WinRAR
\InProcServer32\(Default) = C: \Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]
Default executables:
--------------------
<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = ComFile
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoLowDiskSpaceChecks = (REG_DWORD) dword: 0x00000001
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C: \Users\Rafal\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
AdobePremiereProCS3CameraArrival\
Provider = Adobe Premiere Pro
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C: \Program Files (x86)\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM…CLSID} = Shell Execute Hardware Event Handler
\LocalServer32\(Default) = C: \Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
BridgeCS3ImportMediaOnArrival\
Provider = Adobe Bridge CS3
InvokeProgID = Adobe.adobebridge
InvokeVerb = launch
HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = C: \Program Files (x86)\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1 [Adobe Systems, Inc.]
BridgeCS5ImportMediaOnArrival\
Provider = Adobe Bridge CS5
InvokeProgID = Adobe.adobebridgeCS5
InvokeVerb = launch
HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS5\shell\launch\command\(Default) = C: \Program Files (x86)\Adobe\Adobe Bridge CS5\bridgeproxy.exe -v %1 [Adobe Systems, Inc.]
MPCPlayBluRayOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayBlurayMovie
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = "C: \Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %L\BDMV\INDEX.BDMV [MPC-HC Team]
MPCPlayCDAudioOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayCDAudio
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C: \Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd [MPC-HC Team]
MPCPlayDVDMovieOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayDVDMovie
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C: \Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd [MPC-HC Team]
MPCPlayMusicFilesOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayMusicFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C: \Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team]
MPCPlayVideoFilesOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayVideoFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C: \Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team]
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C: \Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch: 3 /device: AudioCD "%L" [MS]
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C: \Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch: 4 /device: DVD "%L" [MS]
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C: \Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch: 4 /device: VCD "%L" [MS]
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C: \Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch: 4 /device: VCD "%L" [MS]
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C: \Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch: 3 /Task: CDWrite /Device: "%L" [MS]
Non-disabled Scheduled Tasks:
-----------------------------
C: \Users\Rafal\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
C: \Windows\System32\Tasks
Adobe Flash Player Updater -> launches: C: \Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
AdobeAAMUpdater-1.0-Rafal-Komputer-Rafal -> launches: C: \Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled [Adobe Systems Incorporated]
GoogleUpdateTaskMachineCore -> launches: C: \Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C: \Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
Wise Care 365 -> launches: C: \Program Files (x86)\Wise\Wise Care 365\WiseTray.exe -StartTray [WiseCleaner.com]
{3618BFCE-8B74-4D9A-8C86-1E3B9AFECFC9} -> launches: C: \Windows\system32\pcalua.exe -a D: \Setup.exe -d D: \ [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C: \Windows\system32\msdrm.dll [MS]
-> {HKLM…Wow…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C: \Windows\system32\msdrm.dll [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C: \Windows\system32\dimsjob.dll [MS]
-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C: \Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C: \Windows\system32\dimsjob.dll [MS]
-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C: \Windows\system32\dimsjob.dll [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM…CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C: \Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM…CLSID} = UsbCeip
\InProcServer32\(Default) = C: \Windows\System32\usbceip.dll [MS]
-> {HKLM…Wow…CLSID} = UsbCeip
\InProcServer32\(Default) = C: \Windows\System32\usbceip.dll [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C: \Windows\System32\sdiagschd.dll [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM…CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C: \Windows\system32\WinSATAPI.dll [MS]
-> {HKLM…Wow…CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C: \Windows\system32\WinSATAPI.dll [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait: 7 /PBDADiscovery [MS]
PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait: 90 /PBDADiscovery [MS]
PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C: \Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C: \Windows\System32\memdiag.dll [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM…CLSID} = HotStart User Agent
\InProcServer32\(Default) = C: \Windows\System32\HotStartUserAgent.dll [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM…CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C: \Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM…Wow…CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C: \Windows\System32\PlaySndSrv.dll [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
C: \Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C: \Windows\system32\RacEngn.dll [MS]
-> {HKLM…Wow…CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C: \Windows\system32\RacEngn.dll [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM…CLSID} = RasMobilityManager
\InProcServer32\(Default) = C: \Windows\system32\rasmbmgr.dll [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM…CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C: \Windows\System32\regidle.dll [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM…CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C: \Windows\System32\AuxiliaryDisplayServices.dll [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM…CLSID} = RunTask
\InProcServer32\(Default) = C: \Windows\system32\wdc.dll [MS]
-> {HKLM…Wow…CLSID} = RunTask
\InProcServer32\(Default) = C: \Windows\system32\wdc.dll [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM…CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C: \Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM…Wow…CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C: \Windows\system32\MsCtfMonitor.dll [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C: \Windows\System32\wdi.dll [MS]
-> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C: \Windows\System32\wdi.dll [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
C: \Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]
C: \Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c: \program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS]
C: \Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-1341734248-3807135842-1907004200-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C: \Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Computer, Inc.]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{99079A25-328F-4BD4-BE04-00955ACAA0A7} = Searchqu Toolbar
-> {HKLM…Wow…CLSID} = Searchqu Toolbar
\InProcServer32\(Default) = C: \PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll [null data]
Explorer Bars
HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C: \PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C: \PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Wyślij do programu OneNote
MenuText = Wyślij &do programu OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM…CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C: \Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]
{4248FE82-7FCB-46AC-B270-339F08212110}\
ButtonText = &Klawiatura wirtualna
CLSIDExtension = {4248FE82-7FCB-46AC-B270-339F08212110}
-> {HKLM…CLSID} = VirtualKeyboardButtonHandler Class
\InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll [Kaspersky Lab ZAO]
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = &Notatki połączone programu OneNote
MenuText = &Notatki połączone programu OneNote
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM…CLSID} = Linked Notes button
\InProcServer32\(Default) = C: \Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]
{CCF151D8-D089-449F-A5A4-D9909053F20F}\
ButtonText = &Sprawdzanie adresów internetowych
CLSIDExtension = {CCF151D8-D089-449F-A5A4-D9909053F20F}
-> {HKLM…CLSID} = FilterButtonHandler Class
\InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll [Kaspersky Lab ZAO]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Wyślij do programu OneNote
MenuText = Wyślij &do programu OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM…Wow…CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C: \Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS]
{4248FE82-7FCB-46AC-B270-339F08212110}\
ButtonText = &Klawiatura wirtualna
CLSIDExtension = {4248FE82-7FCB-46AC-B270-339F08212110}
-> {HKLM…Wow…CLSID} = VirtualKeyboardButtonHandler Class
\InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [Kaspersky Lab ZAO]
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = &Notatki połączone programu OneNote
MenuText = &Notatki połączone programu OneNote
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM…Wow…CLSID} = Linked Notes button
\InProcServer32\(Default) = C: \Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]
{CCF151D8-D089-449F-A5A4-D9909053F20F}\
ButtonText = &Sprawdzanie adresów internetowych
CLSIDExtension = {CCF151D8-D089-449F-A5A4-D9909053F20F}
-> {HKLM…Wow…CLSID} = FilterButtonHandler Class
\InProcServer32\(Default) = C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [Kaspersky Lab ZAO]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, "C: \Program Files (x86)\Bonjour\mDNSResponder.exe" [Apple Computer, Inc.]
AMD External Events Utility, AMD External Events Utility, C: \Windows\system32\atiesrxx.exe [AMD]
KMService, KMService, C: \Windows\system32\srvany.exe [file not found]
OracleDBConsoleorcl, OracleDBConsoleorcl, C: \app\oracle\product\11.2.0\dbhome_1\bin\nmesrvc.exe [Oracle Corporation]
OracleServiceORCL, OracleServiceORCL, c: \app\oracle\product\11.2.0\dbhome_1\bin\ORACLE.EXE ORCL [Oracle Corporation]
SQL Server Analysis Services (MSSQLSERVER), MSSQLServerOLAPService, "C: \Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C: \Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Config" [MS]
SQL Server Analysis Services (MSSQLSERVER2), MSOLAP$MSSQLSERVER2, "C: \Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER2\OLAP\bin\msmdsrv.exe" -s "C: \Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER2\OLAP\Config" [MS]
SQL Server Browser, SQLBrowser, "C: \Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [MS]
SQL Server Integration Services 11.0, MsDtsServer110, "C: \Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe" [MS]
SQL Server Reporting Services (MSSQLSERVER), ReportServer, "C: \Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [MS]
SQL Server Reporting Services (MSSQLSERVER2), ReportServer$MSSQLSERVER2, "C: \Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER2\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [MS]
SQL Server VSS Writer, SQLWriter, "C: \Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [MS]
TeamViewer 7, TeamViewer7, C: \Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [TeamViewer GmbH]
Usługa Kaspersky Anti-Virus, AVP, "C: \Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r [Kaspersky Lab ZAO]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
PDFill Writer Monitor\Driver = C: \Program Files (x86)\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll [Windows (R) Codename Longhorn DDK provider]
PJL Language Monitor\Driver = PJLMON.DLL [MS]
---------- (launch time: 2012-07-22 10: 03: 19)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 114 seconds)
(Ten post był ostatnio modyfikowany: 22.07.2012 09:12 przez simman.)
22.07.2012 08:30
|
Post: #8
