"Silent Runners.vbs", revision 59, http://www.silentrunners.org/ Operating System: Windows Vista Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS] "swg" = ""C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"" ["Google Inc."] "ALLUpdate" = ""C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"" [empty string] "Skype" = ""C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"] "IPLA!" = "C:\Program Files\ipla\ipla.exe /autorun" ["Redefine Sp z o.o."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS] "NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS] "WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."] "Domino" = "C:\Windows\Domino.exe" [empty string] "NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "(Default)" = "(empty string)" [file not found] "GrpConv" = "grpconv -o" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {0EEDB912-C5FA-486F-8334-57288578C627}\(Default) = (no title provided) -> {HKLM...CLSID} = "Shareaza Web Download Hook" \InProcServer32\(Default) = "C:\Program Files\BearShare MP3\Plugins\RazaWebHook.dll" [file not found] {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\(Default) = "Winamp Toolbar Loader" -> {HKLM...CLSID} = "Winamp Toolbar Loader" \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."] {2bae58c2-79f9-45d1-a286-81f911301c3a}\(Default) = (no title provided) -> {HKLM...CLSID} = "Download Energy Toolbar" \InProcServer32\(Default) = "C:\Program Files\P2P_Energy\tbP2P0.dll" ["Conduit Ltd."] {37B85A21-692B-4205-9CAD-2626E4993404}\(Default) = "My Global Search Bar BHO" -> {HKLM...CLSID} = "My Global Search Bar BHO" \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Pomocnik rejestracji usługi Windows Live" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" ["Google Inc."] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Notifier BHO" \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll" ["Google Inc."] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\(Default) = "Google Dictionary Compression sdch" -> {HKLM...CLSID} = "Google Dictionary Compression sdch" \InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll" ["Google Inc."] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{00020d75-0000-0000-c000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Moje foldery udostępniania" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS] "{0563DB41-F538-4B37-A92D-4659049B7766}" = "WLMD Message Handler" -> {HKLM...CLSID} = "CLSID_WLMCMimeFilter" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast5\ashShell.dll" ["AVAST Software"] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] <> x-sdch\CLSID = "{B1759355-3EEC-4C1E-B0F1-B719FE26E377}" -> {HKLM...CLSID} = "Google Dictionary Compression filter" \InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll" ["Google Inc."] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast5\ashShell.dll" ["AVAST Software"] EPPShellEx\(Default) = "{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll" ["SEIKO EPSON CORPORATION"] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast5\ashShell.dll" ["AVAST Software"] Default executables: -------------------- <> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile" Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} "ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Standard Users} "EnableInstallerDetection" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Detect Application Installations And Prompt For Elevation} "EnableLUA" = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Run All Administrators In Admin Approval Mode} "EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Only elevate UIAccess applications that are installed in secure locations} "EnableVirtualization" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Virtualize file and registry write failures to per-user locations} "PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Switch to the secure desktop when prompting for elevation} "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "FilterAdministratorToken" = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Admin Approval Mode for the Built-in Administrator Account} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Users\Dom\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\Windows\system32\logon.scr" [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AlcoholAutoPlayV2.BurnDisc\ "Provider" = "Alcohol 120%" "InvokeProgID" = "AlcoholAutoPlayV2" "InvokeVerb" = "BurnDisc" HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\_Alcohol.exe" %1" ["Alcohol Soft Development Team"] AlcoholAutoPlayV2.ReadDisc\ "Provider" = "Alcohol 120%" "InvokeProgID" = "AlcoholAutoPlayV2" "InvokeVerb" = "ReadDisc" HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\_Alcohol.exe" %1" ["Alcohol Soft Development Team"] BSMediaPlayerOnArrival\ "Provider" = "BearShare" "ProgID" = "BearShare.LauncherEventHandler" HKLM\SOFTWARE\Classes\BearShare.LauncherEventHandler\CLSID\(Default) = "{A7A4A19A-00AC-473c-8225-1B97D1FDD43E}" -> {HKLM...CLSID} = "CLauncherEventHandler Object" \LocalServer32\(Default) = ""C:\PROGRA~1\BEARSH~1\BEARSH~1\Launcher.exe"" [file not found] BSPlayCDAudioOnArrival\ "Provider" = "BearShare" "InvokeProgID" = "BearShare.AudioCD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\BearShare.AudioCD\shell\play\Command\(Default) = "C:\PROGRA~1\BEARSH~1\BEARSH~1\BearShare.exe --playdrive %L" [file not found] BSRipCDAudioOnArrival\ "Provider" = "BearShare" "InvokeProgID" = "BearShare.AudioCD" "InvokeVerb" = "rip" HKLM\SOFTWARE\Classes\BearShare.AudioCD\shell\rip\Command\(Default) = "C:\PROGRA~1\BEARSH~1\BEARSH~1\BearShare.exe --ripdrive %L" [file not found] BSShowCDAudioOnArrival\ "Provider" = "BearShare" "InvokeProgID" = "BearShare.AudioCD" "InvokeVerb" = "show" HKLM\SOFTWARE\Classes\BearShare.AudioCD\shell\show\Command\(Default) = "C:\PROGRA~1\BEARSH~1\BEARSH~1\BearShare.exe --showdrive %L" [file not found] BSShowVolumeOnArrival\ "Provider" = "BearShare" "InvokeProgID" = "BearShare.Device" "InvokeVerb" = "show" HKLM\SOFTWARE\Classes\BearShare.Device\shell\show\Command\(Default) = "C:\PROGRA~1\BEARSH~1\BEARSH~1\BearShare.exe --showportable = 1 %L" [file not found] EpsonCreativitySuite\ "Provider" = "FileManager" "InvokeProgID" = "EpsonCreativitySuite" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\EpsonCreativitySuite\shell\Play\DropTarget\CLSID = "{7720BCC1-4F11-4f17-A80F-0BB69EF9788F}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Program Files\EPSON\Creativity Suite\File Manager\eppqcom.exe" [null data] MSLivePhotoAcqHWEventHandler\ "Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10" "ProgID" = "Microsoft.LivePhotoAcqHWEventHandler" HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS] MSLiveVideoCameraArrivalCaptureWizard\ "Provider" = "@C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10" "ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler" "InitCmdLine" = "WLXVideoAcquireWizard" HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}" -> {HKLM...CLSID} = "WLXWEventHandler Class" \LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS] MSPlayCDAudioOnArrival\ "Provider" = "ALLPlayer" "InvokeProgID" = "AllPlayerFile" "InvokeVerb" = "play" HKCU\Software\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\ALLPlayer\ALLPlayer.exe" "%1"" ["ALLPlayer"] NeroAutoPlay7CDAudio\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"] NeroAutoPlay7CopyCD\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:DiscCopy" ["Nero AG"] NeroAutoPlay7DataDisc\ "Provider" = "Nero Express Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "DataDisc_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"] NeroAutoPlay7LaunchNeroStartSmart\ "Provider" = "Nero StartSmart Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"] NeroAutoPlay7PlayAudioCD\ "Provider" = "Nero ShowTime Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7PlayDVD\ "Provider" = "Nero ShowTime Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7TranscodeVideo\ "Provider" = "Nero Recode Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"] NeroAutoPlay7VideoCapture\ "Provider" = "Nero Vision Essentials" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler" \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] NeroAutoPlay7ViewPhotos\ "Provider" = "Nero PhotoSnap Viewer Essentials" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"] NeroAutoPlay9LaunchNeroStartSmart\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe /AutoPlay" [file not found] Picasa2ImportPicturesOnArrival\ "Provider" = "Picasa3" "InvokeProgID" = "picasa2.autoplay" "InvokeVerb" = "import" HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Picasa2\Picasa3.exe "%1"" ["Google Inc."] WIA_{16C3995E-F00F-45FA-A77C-EA9300778341}\ "Provider" = "Picasa3" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = "/WiaCmd;C:\Program Files\Picasa2\Picasa3.exe /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS] WIA_{30A99EBE-ADB3-4E0F-AF32-632F247F0A2C}\ "Provider" = "Microsoft Office Word" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = "/WiaCmd;C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /IMG_WIA;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS] WIA_{426B62AC-CACB-4E8E-9911-784CCBD3D2A5}\ "Provider" = "Picasa2" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = "/WiaCmd;C:\Program Files\Picasa2\PicasaMediaDetector.exe /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS] WIA_{94E4D7FD-8436-4CE5-AE1C-47E6EC2723B4}\ "Provider" = "Picasa2" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = "/WiaCmd;C:\Program Files\Picasa2\PicasaMediaDetector.exe /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS] WIA_{C3DC6802-63F2-4D51-AF7A-84EAF174D3BD}\ "Provider" = "Picasa2" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = "/WiaCmd;C:\Program Files\Picasa2\PicasaMediaDetector.exe /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS] WIA_{D6239A15-6223-401E-AD0E-1F6FB9A38CD1}\ "Provider" = "Picasa2" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = "/WiaCmd;C:\Program Files\Picasa2\PicasaMediaDetector.exe /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS] WIA_{FBA3B8A1-4E37-4AA4-B469-EF689A2FD117}\ "Provider" = "Picasa2" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = "/WiaCmd;C:\Program Files\Picasa2\PicasaMediaDetector.exe /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS] WinampMTPHandler\ "Provider" = "Winamp" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Program Files\Winamp\winamp.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler" \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"] Non-disabled Scheduled Tasks: ----------------------------- C:\Windows\System32\Tasks "CreateChoiceProcessTask" -> launches: "C:\Windows\System32\browserchoice.exe /launch" [MS] "GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."] "GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."] "Sprawdź aktualizacje paska narzędzi Windows Live Toolbar" -> launches: "C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE" [MS] "{7067622D-23B5-47EE-918A-30DBE2DA75F5}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Windows\unvise32qt.exe -c C:\Windows\system32\QuickTime\Uninstall.log" [MS] "{D8D34C98-8121-442C-AE09-6EEA8F919EA7}" -> launches: "C:\Program Files\Skype\Phone\Skype.exe" ["Skype Technologies S.A."] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth "UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient "SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] "UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] "UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program "Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS] "OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag "ManualDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS] "ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c -i" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center "ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS] "mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS] "OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS] "OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery" [MS] "UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC "HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}" -> {HKLM...CLSID} = "HotStart User Agent" \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS] "TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}" -> {HKLM...CLSID} = "Transient Multi-Monitor Manager" \InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI "LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia "SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}" -> {HKLM...CLSID} = "Microsoft PlaySoundService Class" \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection "NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}" -> {HKLM...CLSID} = "Nap ITask Handler Implementation" \InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC "RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance "RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell "CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}" -> {HKLM...CLSID} = "CrawlStartPages Task Handler" \InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow "GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}" -> {HKLM...CLSID} = "GadgetsManager Class" \InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore "SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip "IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS] "IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework "MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}" -> {HKLM...CLSID} = "MsCtfMonitor task handler" \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP "UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI "ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}" -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting "QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar "Reminders - Dom" -> launches: "C:\Program Files\Windows Calendar\WinCal.exe /reminder" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wired "GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Wireless "GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data] C:\Windows\System32\Tasks\Microsoft\Windows Defender "MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS] "MP Scheduled Signature Update" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe SignatureUpdate" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS] 000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 15 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" -> {HKLM...CLSID} = "Windows Live Toolbar" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] "{F2CF5485-4E02-4F68-819C-B92DE9277049}" -> {HKLM...CLSID} = "&Links" \InProcServer32\(Default) = "C:\Windows\system32\ieframe.dll" [MS] "{2BAE58C2-79F9-45D1-A286-81F911301C3A}" -> {HKLM...CLSID} = "Download Energy Toolbar" \InProcServer32\(Default) = "C:\Program Files\P2P_Energy\tbP2P0.dll" ["Conduit Ltd."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "Google Toolbar" \InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" ["Google Inc."] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" -> {HKLM...CLSID} = "Winamp Toolbar" \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."] "{37B85A29-692B-4205-9CAD-2626E4993404}" -> {HKLM...CLSID} = "My Global Search Bar" \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided) -> {HKLM...CLSID} = "Windows Live Toolbar" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] "{2BAE58C2-79F9-45D1-A286-81F911301C3A}" = "Download Energy Toolbar" -> {HKLM...CLSID} = "Download Energy Toolbar" \InProcServer32\(Default) = "C:\Program Files\P2P_Energy\tbP2P0.dll" ["Conduit Ltd."] "{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided) -> {HKLM...CLSID} = "My Global Search Bar" \InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "Google Toolbar" \InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" ["Google Inc."] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" = "Winamp Toolbar" -> {HKLM...CLSID} = "Winamp Toolbar" \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{B243D735-F1FB-4A42-8C80-1DC9ADDDD840}\(Default) = "Download Energy Findbar" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\Program Files\P2P_Energy\tbP2P0.dll" ["Conduit Ltd."] HKLM\SOFTWARE\Classes\CLSID\{E16DC1FE-7C34-43F2-B754-F3AD12DDF97C}\(Default) = "Google Find Bar" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" ["Google Inc."] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ "ButtonText" = "Wpis w blogu" "MenuText" = "&Wpis w blogu w Windows Live Writer" "CLSIDExtension" = "{5F7B1267-94A9-47F5-98DB-E99415F33AEC}" -> {HKLM...CLSID} = "BlogThisToolbarButton Class" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}" = (no title provided) -> {HKLM...CLSID} = "Winamp Search Class" \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."] <> "{2bae58c2-79f9-45d1-a286-81f911301c3a}" = (no title provided) -> {HKLM...CLSID} = "Download Energy Toolbar" \InProcServer32\(Default) = "C:\Program Files\P2P_Energy\tbP2P0.dll" ["Conduit Ltd."] HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> "Tabs" = "http://toolbar.aol.com/browserpages/newtab-winamp-ie-en-us.html" [file not found] <> "bkup_Tabs" = "res://ieframe.dll/tabswelcome.htm" [MS] <> "tbNumber" = "1" [file not found] All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}): --------------------------------------------------------------------------- Agent ochrony dostępu do sieci, napagent, "C:\Windows\System32\svchost.exe -k NetworkService" {"C:\Windows\system32\qagentRT.dll" [MS]} Aplikacja systemowa modelu COM+, COMSysApp, "C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" [MS] Ares Chatroom server, AresChatServer, "C:\Program Files\Ares\chatServer.exe" ["Ares Development Group"] Ati External Event Utility, Ati External Event Utility, "C:\Windows\system32\Ati2evxx.exe" ["ATI Technologies Inc."] Autokonfiguracja sieci WLAN, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]} Automatyczna konfiguracja sieci przewodowej, dot3svc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\dot3svc.dll" [MS]} avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"" ["AVAST Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"" ["AVAST Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"" ["AVAST Software"] Dostęp do urządzeń interfejsu HID, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\hidserv.dll" [MS]} Dysk wirtualny, vds, "C:\Windows\System32\vds.exe" [MS] Dzienniki wydajności i &alerty, pla, "C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\system32\pla.dll" [MS]} Google Software Updater, gusvc, ""C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"] Grupowanie sieci równorzędnej, p2psvc, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\system32\p2psvc.dll" [MS]} Host usługi diagnostyki, WdiServiceHost, "C:\Windows\System32\svchost.exe -k wdisvc" {"C:\Windows\system32\wdi.dll" [MS]} Instalator Windows, msiserver, "C:\Windows\system32\msiexec.exe /V" [MS] Izolacja klucza CNG, KeyIso, "C:\Windows\system32\lsass.exe" [MS] Karta inteligentna, SCardSvr, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\System32\SCardSvr.dll" [MS]} Kolektor zdarzeń systemu Windows, Wecsvc, "C:\Windows\system32\svchost.exe -k NetworkService" {"C:\Windows\system32\wecsvc.dll" [MS]} Kolory w systemie Windows, WcsPlugInService, "C:\Windows\system32\svchost.exe -k wcssvc" {"C:\Windows\System32\WcsPlugInService.dll" [MS]} Konfiguracja usług terminalowych, SessionEnv, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\system32\sessenv.dll" [MS]} Kontrola rodzicielska, WPCSvc, "C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\wpcsvc.dll" [MS]} Koordynator transakcji rozproszonych, MSDTC, "C:\Windows\System32\msdtc.exe" [MS] Kopia zapasowa systemu Windows, SDRSVC, "C:\Windows\system32\svchost.exe -k SDRSVC" {"C:\Windows\System32\SDRSVC.dll" [MS]} Lokalizator usługi zdalnego wywołania procedury (RPC), RpcLocator, "C:\Windows\system32\locator.exe" [MS] Mapowanie z odnajdywaniem topologii warstwy łącza, lltdsvc, "C:\Windows\System32\svchost.exe -k LocalService" {"C:\Windows\System32\lltdsvc.dll" [MS]} Menedżer autopołączenia dostępu zdalnego, RasAuto, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\rasauto.dll" [MS]} Menedżer tożsamości sieci równorzędnej, p2pimsvc, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\system32\p2psvc.dll" [MS]} Microsoft .NET Framework NGEN v2.0.50727_X86, clr_optimization_v2.0.50727_32, "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [MS] Microsoft Office Diagnostics Service, odserv, ""C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"" [MS] Moduł wyliczający magistrali PnP-X IP, IPBusEnum, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\ipbusenum.dll" [MS]} NetLogon, Netlogon, "C:\Windows\system32\lsass.exe" [MS] NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"] Office Source Engine, ose, ""C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"" [MS] PnkBstrA, PnkBstrA, "C:\Windows\system32\PnkBstrA.exe" [null data] PnkBstrB, PnkBstrB, "C:\Windows\system32\PnkBstrB.exe" [null data] Pomoc techniczna panelu sterowania Raporty i rozwiązania problemów, wercplsupport, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\wercplsupport.dll" [MS]} Połącz teraz w systemie Windows — Rejestrator konfiguracji, wcncsvc, "C:\Windows\System32\svchost.exe -k LocalService" {"C:\Windows\System32\wcncsvc.dll" [MS]} Propagacja certyfikatu, CertPropSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\certprop.dll" [MS]} Protokół PNRP (Peer Name Resolution Protocol), PNRPsvc, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\system32\p2psvc.dll" [MS]} Protokół uwierzytelniania rozszerzonego (EAP), EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]} Przeglądarka komputera, Browser, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]} Quality Windows Audio Video Experience, QWAVE, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\qwave.dll" [MS]} Rejestr zdalny, RemoteRegistry, "C:\Windows\system32\svchost.exe -k regsvc" {"C:\Windows\system32\regsvc.dll" [MS]} Replikacja systemu plików DFS, DFSR, "C:\Windows\system32\DFSR.exe" [MS] SNMP Trap, SNMPTRAP, "C:\Windows\System32\snmptrap.exe" [MS] StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"] Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" [file not found] Udostępnianie połączenia internetowego (ICS), SharedAccess, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\ipnathlp.dll" [MS]} Uruchamianie usług w programie Windows Media Center, ehstart, "C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\ehome\ehstart.dll" [MS]} Usługa bramy warstwy aplikacji, ALG, "C:\Windows\System32\alg.exe" [MS] Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0, FontCache3.0.0.0, "C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" [MS] Usługa Google Update (gupdate1ca702588ad6933), gupdate1ca702588ad6933, ""C:\Program Files\Google\Update\GoogleUpdate.exe" /svc" ["Google Inc."] Usługa inicjatora iSCSI firmy Microsoft, MSiSCSI, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\iscsiexe.dll" [MS]} Usługa monitora podczerwieni, Irmon, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\irmon.dll" [MS]} Usługa Odbiornik Windows Media Center, ehRecvr, "C:\Windows\ehome\ehRecvr.exe" [MS] Usługa Planowanie nagrywania, ehSched, "C:\Windows\ehome\ehsched.exe" [MS] Usługa powiadamiania SL UI, SLUINotify, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\SLUINotify.dll" [MS]} Usługa publikowania nazw komputerów PNRP, PNRPAutoReg, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\system32\p2psvc.dll" [MS]} Usługa udostępniania w sieci programu Windows Media Player, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS] Usługi podstawowe modułu TPM, TBS, "C:\Windows\System32\svchost.exe -k LocalService" {"C:\Windows\System32\tbssvc.dll" [MS]} Windows CardSpace, idsvc, ""C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"" [MS] Windows Driver Foundation — User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]} Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]} Windows Live Setup Service, WLSetupSvc, ""C:\Program Files\Windows Live\installer\WLSetupSvc.exe"" [MS] WMI Performance Adapter, wmiApSrv, "C:\Windows\system32\wbem\WmiApSrv.exe" [MS] Wykrywanie usług interakcyjnych, UI0Detect, "C:\Windows\system32\UI0Detect.exe" [MS] Zarządzanie kluczami i certyfikatami kondycji, hkmsvc, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\system32\kmsvc.dll" [MS]} Zasady usuwania karty inteligentnej, SCPolicySvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\certprop.dll" [MS]} Zdalne zarządzanie systemem Windows (WS-Management), WinRM, "C:\Windows\System32\svchost.exe -k NetworkService" {"C:\Windows\system32\WsmSvc.dll" [MS]} Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ EPSON Stylus DX7400 Series 32MonitorBE\Driver = "E_FLBCDE.DLL" ["SEIKO EPSON CORPORATION"] ---------- (launch time: 2010-11-19 17:02:08) <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 55 seconds, including 10 seconds for message boxes)