"Silent Runners.vbs", revision 63, http://www.silentrunners.org/ Operating System: Windows XP SP3 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "chromium" = "C:\Documents and Settings\Maatzey\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe --no-startup-window" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "avast5" = ""C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui" [file not found] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "COMODO" = "C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe" ["COMODO"] "CPA" = "C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe" ["COMODO"] "COMODO Internet Security" = ""C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h" ["COMODO"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {07A11D74-9D25-4fea-A833-8B0D76A5577A}\(Default) = (no title provided) -> {HKLM...CLSID} = "CmjBrowserHelperObject Object" \InProcServer32\(Default) = "C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll" ["Mindjet"] {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub" -> {HKLM...CLSID} = "Adobe PDF Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."] {E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl" -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GladinetIconOverlay\(Default) = "{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}" -> {HKLM...CLSID} = "GlOverlayIcon Class" \InProcServer32\(Default) = "C:\Program Files\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll" ["Gladinet, INC"] GladinetUploading\(Default) = "{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}" -> {HKLM...CLSID} = "GlOverlayIcon Class" \InProcServer32\(Default) = "C:\Program Files\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll" ["Gladinet, INC"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete" -> {HKLM...CLSID} = "IE Microsoft AutoComplete" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] "{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}" = "wodShellMenu" -> {HKLM...CLSID} = "wodShellMenu" \InProcServer32\(Default) = "C:\WINDOWS\system32\sql.dll" ["WeOnlyDo! COM"] "{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "KbLogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech, Inc."] "{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "LogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech, Inc."] "{A51A8D7A-BEDB-4cac-8B19-59C7EB9FB91D}" = "SRFImageExt" -> {HKLM...CLSID} = "SRFImageExt" \InProcServer32\(Default) = "C:\Program Files\Sony\Sony Image Data Suite\Image Data Converter SR ver. 2\SRFImageExt.dll" [null data] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["OpenOffice.org"] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["OpenOffice.org"] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["OpenOffice.org"] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["OpenOffice.org"] "{1984DD45-52CF-49cd-AB77-18F378FEA264}" = "FencesShlExt" -> {HKLM...CLSID} = "FencesShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Stardock\Fences\FencesMenu.dll" ["Stardock"] "{693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B}" = "Fast Explorer Shell Extension" -> {HKLM...CLSID} = "Fast Explorer Shell Extension" \InProcServer32\(Default) = "C:\DOCUME~1\ALLUSE~1\DANEAP~1\AllDup\FEShlExt.dll" ["Alex Yakovlev"] "{CAE41CE0-1855-4985-A332-7D83704A45B6}" = "Gladinet Copy Handler" -> {HKLM...CLSID} = "'CopyHandler Class" \InProcServer32\(Default) = "C:\Program Files\Gladinet\Gladinet Cloud Desktop\GlCopyHandler.dll" ["Gladinet, INC"] "{97090E2F-3062-4459-855B-014F0D3CDBB1}" = "Windows Search Deskbar" -> {HKCU...CLSID} = "Windows Search Deskbar" \InProcServer32\(Default) = "C:\Program Files\Windows Desktop Search\deskbar.dll" [MS] -> {HKLM...CLSID} = "Windows Search Deskbar" \InProcServer32\(Default) = "C:\Program Files\Windows Desktop Search\deskbar.dll" [MS] "{13E7F612-F261-4391-BEA2-39DF4F3FA311}" = "Windows Desktop Search" -> {HKLM...CLSID} = "Windows Desktop Search" \InProcServer32\(Default) = "C:\Program Files\Windows Desktop Search\msnlExt.dll" [MS] "{DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611}" = "ReflectShellExt extension" -> {HKCU...CLSID} = "ReflectShellExt Class" \InProcServer32\(Default) = "C:\Program Files\Macrium\Reflect\RShellExt.dll" ["Paramount Software UK Ltd"] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\Program Files\NVIDIA Corporation\nView\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\NVIDIA Corporation\nView\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\Program Files\NVIDIA Corporation\nView\nvshell.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}" = "Comodo Antivirus" -> {HKLM...CLSID} = "Comodo AntiVirus" \InProcServer32\(Default) = "C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll" ["COMODO"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ <> "{1984DD45-52CF-49cd-AB77-18F378FEA264}" = "FencesShellExt" -> {HKLM...CLSID} = "FencesShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Stardock\Fences\FencesMenu.dll" ["Stardock"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> "{56F9679E-7826-4C84-81F3-532071A8BCC5}" = (no title provided) -> {HKLM...CLSID} = "Windows Desktop Search Namespace Manager" \InProcServer32\(Default) = "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> LBTWlgn\DLLName = "c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll" ["Logitech, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] Comodo Antivirus\(Default) = "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}" -> {HKLM...CLSID} = "Comodo AntiVirus" \InProcServer32\(Default) = "C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll" ["COMODO"] FencesShellExt\(Default) = "{1984DD45-52CF-49cd-AB77-18F378FEA264}" -> {HKLM...CLSID} = "FencesShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Stardock\Fences\FencesMenu.dll" ["Stardock"] Mp3tagShell\(Default) = "{6351E20C-35FA-4BE3-98FB-4CABF1363E12}" -> {HKLM...CLSID} = "MTShell Class" \InProcServer32\(Default) = "C:\Program Files\Mp3tag\Mp3tagShell32.dll" ["Florian Heidenreich"] wodShellMenu\(Default) = "{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}" -> {HKLM...CLSID} = "wodShellMenu" \InProcServer32\(Default) = "C:\WINDOWS\system32\sql.dll" ["WeOnlyDo! COM"] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] Open With Gladinet\(Default) = "{81695C6B-C2CA-492F-951D-5469840B2098}" -> {HKLM...CLSID} = "ContextMenuHandler Class" \InProcServer32\(Default) = "C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladinetShellProxy.dll" ["Gladinet, INC"] wodShellMenu\(Default) = "{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}" -> {HKLM...CLSID} = "wodShellMenu" \InProcServer32\(Default) = "C:\WINDOWS\system32\sql.dll" ["WeOnlyDo! COM"] {C95FFEAE-A32E-4122-A5C4-49B5BFB69795}\(Default) = "{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}" -> {HKLM...CLSID} = "Adobe Drive CS4" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] FencesShellExt\(Default) = "{1984DD45-52CF-49cd-AB77-18F378FEA264}" -> {HKLM...CLSID} = "FencesShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Stardock\Fences\FencesMenu.dll" ["Stardock"] Mp3tagShell\(Default) = "{6351E20C-35FA-4BE3-98FB-4CABF1363E12}" -> {HKLM...CLSID} = "MTShell Class" \InProcServer32\(Default) = "C:\Program Files\Mp3tag\Mp3tagShell32.dll" ["Florian Heidenreich"] wodShellMenu\(Default) = "{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}" -> {HKLM...CLSID} = "wodShellMenu" \InProcServer32\(Default) = "C:\WINDOWS\system32\sql.dll" ["WeOnlyDo! COM"] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ GladinetCopyHandler\(Default) = "{CAE41CE0-1855-4985-A332-7D83704A45B6}" -> {HKLM...CLSID} = "'CopyHandler Class" \InProcServer32\(Default) = "C:\Program Files\Gladinet\Gladinet Cloud Desktop\GlCopyHandler.dll" ["Gladinet, INC"] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] GladinetDDHandler\(Default) = "{B46F8244-86E6-43CF-B8AB-8C3A89928A48}" -> {HKLM...CLSID} = "GladinetDDHandler Class" \InProcServer32\(Default) = "C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladinetDDHandler.dll" ["Gladinet, INC"] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ 00nView\(Default) = "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\Program Files\NVIDIA Corporation\nView\nvshell.dll" ["NVIDIA Corporation"] ContextMenu\(Default) = "{AA592759-B0E7-4c78-843E-79DB3D7216E8}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "ATKDispCPL.dll" ["ASUSTeK COMPUTER INC."] FencesShellExt\(Default) = "{1984DD45-52CF-49cd-AB77-18F378FEA264}" -> {HKLM...CLSID} = "FencesShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Stardock\Fences\FencesMenu.dll" ["Stardock"] NvCplDesktopContext\(Default) = "{A70C977A-BF00-412C-90B7-034C51DA2439}" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] wodShellMenu\(Default) = "{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}" -> {HKLM...CLSID} = "wodShellMenu" \InProcServer32\(Default) = "C:\WINDOWS\system32\sql.dll" ["WeOnlyDo! COM"] {C95FFEAE-A32E-4122-A5C4-49B5BFB69795}\(Default) = "{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}" -> {HKLM...CLSID} = "Adobe Drive CS4" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"" ["OpenOffice.org"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Comodo Antivirus\(Default) = "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}" -> {HKLM...CLSID} = "Comodo AntiVirus" \InProcServer32\(Default) = "C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll" ["COMODO"] Fast Explorer\(Default) = "{693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B}" -> {HKLM...CLSID} = "Fast Explorer Shell Extension" \InProcServer32\(Default) = "C:\DOCUME~1\ALLUSE~1\DANEAP~1\AllDup\FEShlExt.dll" ["Alex Yakovlev"] FencesShellExt\(Default) = "{1984DD45-52CF-49cd-AB77-18F378FEA264}" -> {HKLM...CLSID} = "FencesShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Stardock\Fences\FencesMenu.dll" ["Stardock"] MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] wodShellMenu\(Default) = "{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}" -> {HKLM...CLSID} = "wodShellMenu" \InProcServer32\(Default) = "C:\WINDOWS\system32\sql.dll" ["WeOnlyDo! COM"] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ GladinetDDHandler\(Default) = "{B46F8244-86E6-43CF-B8AB-8C3A89928A48}" -> {HKLM...CLSID} = "GladinetDDHandler Class" \InProcServer32\(Default) = "C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladinetDDHandler.dll" ["Gladinet, INC"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Windows\System\ "disablecmd" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Disable the command prompt} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Maatzey\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ BridgeCS4ImportMediaOnArrival\ "Provider" = "Adobe Bridge CS4" "InvokeProgID" = "Adobe.adobebridgeCS4" "InvokeVerb" = "launch" HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS4\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS4\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."] BridgeCS4NonVolumeHandler\ "Provider" = "Adobe Bridge CS4" "ProgID" = "Adobe.adobebridgeMTP_1" HKLM\SOFTWARE\Classes\Adobe.adobebridgeMTP_1\CLSID\(Default) = "{1E6C711B-6D70-4a65-8AB6-745DC19BE2A6}" -> {HKLM...CLSID} = "Adobe Bridge CS4" \LocalServer32\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS4\bridgeproxy.exe -m" ["Adobe Systems, Inc."] cam2pc.Browse\ "Provider" = "cam2pc" "InvokeProgID" = "nabocorp.AutoPlay" "InvokeVerb" = "cam2pc.Browse" HKLM\SOFTWARE\Classes\nabocorp.AutoPlay\shell\cam2pc.Browse\command\(Default) = ""C:\Program Files\cam2pc\cam2pc.exe" /browse %L" ["nabocorp. softwares"] cam2pc.Transfer\ "Provider" = "cam2pc" "InvokeProgID" = "nabocorp.AutoPlay" "InvokeVerb" = "cam2pc.Transfer" HKLM\SOFTWARE\Classes\nabocorp.AutoPlay\shell\cam2pc.Transfer\command\(Default) = ""C:\Program Files\cam2pc\cam2pc.exe" /transfer %L" ["nabocorp. softwares"] CDBurnerXP\ "Provider" = "CDBurnerXP" "InvokeProgID" = "CDBurnerXPOpen" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\CDBurnerXPOpen\shell\open\command\(Default) = ""C:\Program Files\CDBurnerXP\cdbxpp.exe"" [null data] ImgBurnBDBurningOnArrival_BuildImage\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "HandleBDBurningOnArrival_BuildImage" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBDBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"] ImgBurnBDBurningOnArrival_BurnImage\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "HandleBDBurningOnArrival_BurnImage" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBDBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"] ImgBurnBluRayBurningOnArrival_BuildImage\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "HandleBluRayBurningOnArrival_BuildImage" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBluRayBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"] ImgBurnBluRayBurningOnArrival_BurnImage\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "HandleBluRayBurningOnArrival_BurnImage" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleBluRayBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"] ImgBurnCDBurningOnArrival_BuildImage\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "HandleCDBurningOnArrival_BuildImage" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"] ImgBurnCDBurningOnArrival_BurnImage\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "HandleCDBurningOnArrival_BurnImage" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"] ImgBurnDVDBurningOnArrival_BuildImage\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "HandleDVDBurningOnArrival_BuildImage" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"] ImgBurnDVDBurningOnArrival_BurnImage\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "HandleDVDBurningOnArrival_BurnImage" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"] ImgBurnHDDVDBurningOnArrival_BuildImage\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "HandleHDDVDBurningOnArrival_BuildImage" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BuildImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE BUILD /OUTPUTMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"] ImgBurnHDDVDBurningOnArrival_BurnImage\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "HandleHDDVDBurningOnArrival_BurnImage" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleHDDVDBurningOnArrival_BurnImage\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE WRITE /DEST "%1"" ["LIGHTNING UK!"] ImgBurnPlayBluRayOnArrival_ReadDisc\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "PlayBluRayOnArrival_ReadDisc" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayBluRayOnArrival_ReadDisc\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"] ImgBurnPlayCDAudioOnArrival_ReadDisc\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "PlayCDAudioOnArrival_ReadDisc" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayCDAudioOnArrival_ReadDisc\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"] ImgBurnPlayDVDMovieOnArrival_ReadDisc\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "PlayDVDMovieOnArrival_ReadDisc" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayDVDMovieOnArrival_ReadDisc\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"] ImgBurnPlayHDDVDOnArrival_ReadDisc\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "PlayHDDVDOnArrival_ReadDisc" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\PlayHDDVDOnArrival_ReadDisc\command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE READ /SRC "%1"" ["LIGHTNING UK!"] MSPlayCDAudioOnArrival\ "Provider" = "ALLPlayer" "InvokeProgID" = "AllPlayerFile" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\command\(Default) = ""L:\Apps\ALLPlayer\ALLPlayer.exe" "%1"" [file not found] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] Picasa2ImportPicturesOnArrival\ "Provider" = "Picasa3" "InvokeProgID" = "picasa2.autoplay" "InvokeVerb" = "import" HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Google\Picasa3\Picasa3.exe "%1"" ["Google Inc."] SongbirdCDOnRip\ "Provider" = "Songbird" "InvokeProgID" = "Songbird.AutoPlay" "InvokeVerb" = "Rip" HKLM\SOFTWARE\Classes\Songbird.AutoPlay\shell\Rip\command\(Default) = "C:\Program Files\Songbird\Songbird.exe -autoplay-cd-rip" ["POTI, Inc."] SongbirdManageMTPDeviceOnArrival\ "Provider" = "Songbird" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\Songbird\Songbird.exe" -autoplay-manage-mtp-device" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] SongbirdManageVolumeDeviceOnArrival\ "Provider" = "Songbird" "InvokeProgID" = "Songbird.ManageVolumeDevice" "InvokeVerb" = "manage" HKLM\SOFTWARE\Classes\Songbird.ManageVolumeDevice\shell\manage\command\(Default) = "C:\Program Files\Songbird\Songbird.exe -autoplay-manage-volume-device -start-in-app-directory" ["POTI, Inc."] WinampMTPHandler\ "Provider" = "Winamp" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Program Files\Winamp\winamp.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft, Inc."] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft, Inc."] Startup items in "Maatzey" & "All Users" startup folders: --------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech, Inc."] "Synkron" -> shortcut to: "C:\Program Files\Synkron\Synkron.exe" [null data] "Windows Search" -> shortcut to: "C:\Program Files\Windows Desktop Search\WindowsSearch.exe /startup" [MS] Enabled Scheduled Tasks: ------------------------ "fba_poczta" -> launches: "C:\Program Files\Softland\FBackup 4\fbaSchedStarter.exe /R "poczta" -PRIORITY 2" ["Softland"] "GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."] "GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."] "GoogleUpdateTaskUserS-1-5-21-1614895754-1897051121-1801674531-1003Core" -> launches: "C:\Documents and Settings\Maatzey\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe /c" [file not found] "GoogleUpdateTaskUserS-1-5-21-1614895754-1897051121-1801674531-1003UA" -> launches: "C:\Documents and Settings\Maatzey\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{32099AAC-C132-4136-9E9A-4E364A424E17}" -> {HKLM...CLSID} = "DAEMON Tools Toolbar" \InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [null data] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{32099AAC-C132-4136-9E9A-4E364A424E17}" = (no title provided) -> {HKLM...CLSID} = "DAEMON Tools Toolbar" \InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [null data] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {941E1A34-C6AF-4BAA-A973-224F9C3E04BF}\ "ButtonText" = "Send to Mindjet MindManager" "CLSIDExtension" = "{07A11D74-9D25-4fea-A833-8B0D76A5577A}" -> {HKLM...CLSID} = "CmjBrowserHelperObject Object" \InProcServer32\(Default) = "C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll" ["Mindjet"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ArcSoft Connect Daemon, ACDaemon, "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe" ["ArcSoft Inc."] COMODO Internet Security Helper Service, cmdAgent, ""C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"" ["COMODO"] COMODO livePCsupport Service, CLPSLS, "C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe" ["COMODO"] GladFileMonSvc, GladFileMonSvc, ""C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe"" ["Gladinet, INC"] Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."] Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS] Macrium Reflect Image Mounting Service, ReflectService, ""C:\Program Files\Macrium\Reflect\ReflectService.exe"" [null data] MSSQL$ELFADP, MSSQL$ELFADP, "C:\Program Files\Design Program\MSSQL$ELFADP\Binn\sqlservr.exe -sELFADP" [MS] NMSAccessU, NMSAccessU, "C:\Program Files\CDBurnerXP\NMSAccessU.exe" [null data] NVIDIA Display Driver Service, nvsvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] NVIDIA Update Service Daemon, nvUpdatusService, "C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" ["NVIDIA Corporation"] PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data] PnkBstrB, PnkBstrB, "C:\WINDOWS\system32\PnkBstrB.exe" [null data] TabletServicePen, TabletServicePen, "C:\Program Files\Tablet\Pen\Pen_Tablet.exe" ["Wacom Technology, Corp."] Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."] Wacom Consumer Touch Service, TouchServicePen, "C:\Program Files\Tablet\Pen\Pen_TouchService.exe" ["Wacom Technology, Corp."] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Windows Search, WSearch, "C:\WINDOWS\system32\SearchIndexer.exe /Embedding" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> CLPSLS, "Service" <> PEVSystemStart, "Service" <> procexp90.Sys, "Driver" <> WdfLoadGroup, (title not found) HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> CLPSLS, "Service" <> PEVSystemStart, "Service" <> procexp90.Sys, "Driver" <> vsmon, "Service" <> WdfLoadGroup, (title not found) Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ HPLJ1020LM\Driver = "ZLhp1020.DLL" ["Zenographics, Inc."] PDF-XChange\Driver = "C:\WINDOWS\system32\pxc25pm.dll" ["Tracker Software"] ---------- (launch time: 2011-11-16 00:43:48) <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 29 seconds, including 5 seconds for message boxes)