"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Operating System: Microsoft Windows XP Professional Service Pack 3 (32-bit) Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -> {HKLM...CLSID} = IEProtocolHandler Class \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [Skype Technologies] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ SimpleShlExt\(Default) = {A53118EA-E89E-49BD-AB1B-AB180BB12CFE} -> {HKLM...CLSID} = MenuHandle Class \InProcServer32\(Default) = C:\PROGRA~1\Clarus\SAMSUN~1\SHCONT~1.DLL [Clarus, Inc.] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ SimpleShlExt\(Default) = {A53118EA-E89E-49BD-AB1B-AB180BB12CFE} -> {HKLM...CLSID} = MenuHandle Class \InProcServer32\(Default) = C:\PROGRA~1\Clarus\SAMSUN~1\SHCONT~1.DLL [Clarus, Inc.] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [null data] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ PIDirectoryHook\(Default) = {E8244BEF-0200-4A1A-BE4E-35A4A9F51C3F} -> {HKLM...CLSID} = PI5 Ŀ¼ął \InProcServer32\(Default) = C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll [null data] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [null data] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ 00nView\(Default) = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} -> {HKLM...CLSID} = nView Desktop Context Menu \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\nView\nvshell.dll [NVIDIA Corporation] NvCplDesktopContext\(Default) = {A70C977A-BF00-412C-90B7-034C51DA2439} -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ IconLayout\(Default) = {19F500E0-9964-11cf-B63D-08002B317C03} -> {HKLM...CLSID} = Desktop Icon Layout \InProcServer32\(Default) = Layout.dll [Microsoft] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [null data] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ Wallpaper = C:\WINDOWS\webshots.bmp Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\WINDOWS\webshots.bmp Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = %SystemRoot%\system32\scrnsave.scr [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AlcoholAutoPlayV2.BurnDisc\ Provider = Alcohol 120% InvokeProgID = AlcoholAutoPlayV2 InvokeVerb = BurnDisc HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = "C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1 [Alcohol Soft Development Team] AlcoholAutoPlayV2.ReadDisc\ Provider = Alcohol 120% InvokeProgID = AlcoholAutoPlayV2 InvokeVerb = ReadDisc HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = "C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1 [Alcohol Soft Development Team] ASHAshampoo_Burning_Studio_14BURNONARRIVAL\ Provider = Ashampoo Burning Studio 14 InvokeProgID = Ashampoo.BurningStudio14 InvokeVerb = autoplay-burn HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio14\shell\autoplay-burn\Command\(Default) = "C:\Program Files\Ashampoo\Ashampoo Burning Studio 14\burningstudio14.exe" -autoplay "%l" -burndatacd [Ashampoo] ASHAshampoo_Burning_Studio_14COPYONARRIVAL\ Provider = Ashampoo Burning Studio 14 InvokeProgID = Ashampoo.BurningStudio14 InvokeVerb = autoplay-copy HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio14\shell\autoplay-copy\Command\(Default) = "C:\Program Files\Ashampoo\Ashampoo Burning Studio 14\burningstudio14.exe" -autoplay -selectdrive "%l" -copy [Ashampoo] ASHAshampoo_Burning_Studio_14RIPONARRIVAL\ Provider = Ashampoo Burning Studio 14 InvokeProgID = Ashampoo.BurningStudio14 InvokeVerb = autoplay-rip HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio14\shell\autoplay-rip\Command\(Default) = "C:\Program Files\Ashampoo\Ashampoo Burning Studio 14\burningstudio14.exe" -autoplay -selectdrive "%l" -rip [Ashampoo] ASHAshampoo_Burning_Studio_2014BURNONARRIVAL\ Provider = Ashampoo Burning Studio 2014 InvokeProgID = Ashampoo.BurningStudio2014 InvokeVerb = autoplay-burn HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2014\shell\autoplay-burn\Command\(Default) = "C:\Program Files\Ashampoo\Ashampoo Burning Studio 2014\burningstudio.exe" -autoplay -selectdrive "%l" [Ashampoo] ASHAshampoo_Burning_Studio_2014COPYONARRIVAL\ Provider = Ashampoo Burning Studio 2014 InvokeProgID = Ashampoo.BurningStudio2014 InvokeVerb = autoplay-copy HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2014\shell\autoplay-copy\Command\(Default) = "C:\Program Files\Ashampoo\Ashampoo Burning Studio 2014\burningstudio.exe" -autoplay -selectdrive "%l" -copy [Ashampoo] ASHAshampoo_Burning_Studio_2014RIPONARRIVAL\ Provider = Ashampoo Burning Studio 2014 InvokeProgID = Ashampoo.BurningStudio2014 InvokeVerb = autoplay-rip HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2014\shell\autoplay-rip\Command\(Default) = "C:\Program Files\Ashampoo\Ashampoo Burning Studio 2014\burningstudio.exe" -autoplay -selectdrive "%l" -rip [Ashampoo] CDBurnerXP\ Provider = CDBurnerXP InvokeProgID = CDBurnerXPOpen InvokeVerb = open HKLM\SOFTWARE\Classes\CDBurnerXPOpen\shell\open\command\(Default) = "E:\Program Files\Nagrywarka\CDBurnerXP\cdbxpp.exe" /od "%1" [file not found] iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] Media Go\ Provider = Media Go InvokeProgID = Media Go InvokeVerb = import HKLM\SOFTWARE\Classes\Media Go\shell\import\command\(Default) = "C:\Program Files\Sony\Media Go\MediaGo.exe" /import%L [Sony Network Entertainment International LLC] Media Go CD\ Provider = Media Go InvokeProgID = Media Go InvokeVerb = play HKLM\SOFTWARE\Classes\Media Go\shell\play\command\(Default) = "C:\Program Files\Sony\Media Go\MediaGo.exe" /play%L [Sony Network Entertainment International LLC] MPCPlayCDAudioOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayCDAudio HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd [MPC-HC Team] MPCPlayDVDMovieOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayDVDMovie HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd [MPC-HC Team] MPCPlayMusicFilesOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayMusicFiles HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team] MPCPlayVideoFilesOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayVideoFiles HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team] MSWPDShellNamespaceHandler\ Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS] PanasonicPhoebe5PhotoArrival\ Provider = Panasonic PHOTOfunSTUDIO -viewer- InvokeProgID = Shell.AutoplayForPhoebe5 InvokeVerb = open HKLM\SOFTWARE\Classes\Shell.AutoplayForPhoebe5\shell\open\command\(Default) = E:\Panasonic zdjęcia\phoebe5.exe /Autoplay %L [file not found] PDVD8PlayCDAudioOnArrival\ Provider = PowerDVD 8 InvokeProgID = AudioCD InvokeVerb = PlayWithPowerDVD8 HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD8\Command\(Default) = "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" "%L" [CyberLink Corp.] PDVD8PlayDVDMovieOnArrival\ Provider = PowerDVD 8 InvokeProgID = DVD InvokeVerb = PlayWithPowerDVD8 HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD8\Command\(Default) = "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" "%L" [CyberLink Corp.] PDVD8PlayVCDMovieOnArrival\ Provider = PowerDVD 8 InvokeProgID = VCD InvokeVerb = PlayWithPowerDVD8 HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD8\Command\(Default) = "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" "%L" [CyberLink Corp.] Picasa2ImportPicturesOnArrival\ Provider = Picasa3 InvokeProgID = picasa2.autoplay InvokeVerb = import HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Google\Picasa3\Picasa3.exe" "%1" [Google Inc.] PSASE30ImportPicturesOnArrival\ Provider = Adobe Photoshop Album Starter Edition InvokeProgID = PSASE30.autoplay InvokeVerb = launch HKLM\SOFTWARE\Classes\PSASE30.autoplay\shell\launch\command\(Default) = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\psaproxy.exe" -v %1\ [Adobe Systems Incorporated] RPCDBurningOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.CDBurn.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /burn "%1" [RealNetworks, Inc.] RPDeviceOnArrival\ Provider = RealPlayer ProgID = RealPlayer.HWEventHandler HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = {67E76F1D-BDE2-4052-913C-2752366192D2} -> {HKLM...CLSID} = RealNetworks Scheduler \LocalServer32\(Default) = "c:\program files\real\realplayer\Update\realsched.exe" -autoplay [RealNetworks, Inc.] RPDVDBurningOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.DVDBurn.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /burndvd "%1" [RealNetworks, Inc.] RPPlayCDAudioOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.AudioCD.6 InvokeVerb = play HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /play %1 [RealNetworks, Inc.] RPPlayDVDMovieOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.DVD.6 InvokeVerb = play HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /dvd %1 [RealNetworks, Inc.] RPPlayMediaOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.AutoPlay.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /autoplay "%1" [RealNetworks, Inc.] WinampMTPHandler\ Provider = Winamp ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\Program Files\Winamp\winamp.exe HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] WinampPlayMediaOnArrival\ Provider = Winamp InvokeProgID = Winamp.File InvokeVerb = Play HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = "C:\Program Files\Winamp\winamp.exe" "%1" [Nullsoft] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = {46986115-84D6-459c-8F95-52DD653E532E} -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Program Files\Winamp\winamp.exe" [Nullsoft] ZcMTPOnArrival\ Provider = Creative Centrale ProgID = ZcAuto.ZcAutoPlayHandler InitCmdLine = OrganizeMTP HKLM\SOFTWARE\Classes\ZcAuto.ZcAutoPlayHandler\CLSID\(Default) = {E90A5EBC-C2DD-4BE9-81ED-CAB69B411C9D} -> {HKLM...CLSID} = ZcAutoPlayHandler Class \LocalServer32\(Default) = "C:\Program Files\Creative\Shared Files\ZcAuto.exe" [Creative Technology Ltd] ZcRipAudioCDOnArrival\ Provider = Creative Centrale InvokeProgID = ZcAuto.AudioCD InvokeVerb = Rip HKLM\SOFTWARE\Classes\ZcAuto.AudioCD\shell\Rip\Command\(Default) = "C:\Program Files\Creative\Creative Centrale\Centrale.exe" -PID {20AA23E3-CA98-43b6-A91B-AAA87BDC6D53}DiscPluginMgPid_1 -SID %L -FW [Creative Technology Ltd] ZcRipDVDMovieOnArrival\ Provider = Creative Centrale InvokeProgID = ZcAuto.DVD InvokeVerb = Rip HKLM\SOFTWARE\Classes\ZcAuto.DVD\shell\Rip\Command\(Default) = "C:\Program Files\Creative\Creative Centrale\Centrale.exe" -PID {20AA23E3-CA98-43b6-A91B-AAA87BDC6D53}DiscPluginMgPid_1 -SID %L -FW [Creative Technology Ltd] ZcRipVideoCDMovieOnArrival\ Provider = Creative Centrale InvokeProgID = ZcAuto.VCD InvokeVerb = Rip HKLM\SOFTWARE\Classes\ZcAuto.VCD\shell\Rip\Command\(Default) = "C:\Program Files\Creative\Creative Centrale\Centrale.exe" -PID {20AA23E3-CA98-43b6-A91B-AAA87BDC6D53}DiscPluginMgPid_1 -SID %L -FW [Creative Technology Ltd] Enabled Scheduled Tasks: {++} ------------------------ AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] GoogleUpdateTaskUserS-1-5-18Core -> launches: C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe /c [file not found] GoogleUpdateTaskUserS-1-5-18UA -> launches: C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [file not found] Opera scheduled Autoupdate 1409959301 -> launches: E:\Programy\Program Files\foldery Opera\launcher.exe --scheduledautoupdate [Opera Software] Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc -> launches: C:\WINDOWS\system32\xp_eos.exe [MS] Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie -> launches: C:\WINDOWS\system32\xp_eos.exe -c [MS] RealPlayerRealUpgradeLogonTaskS-1-5-21-1229272821-57989841-1801674531-500 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck [RealNetworks, Inc.] RealPlayerRealUpgradeScheduledTaskS-1-5-21-1229272821-57989841-1801674531-500 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck [RealNetworks, Inc.] RealUpgradeLogonTaskS-1-5-21-1229272821-57989841-1801674531-500 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck [RealNetworks, Inc.] RealUpgradeScheduledTaskS-1-5-21-1229272821-57989841-1801674531-500 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck [RealNetworks, Inc.] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000004\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 18 - 19 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Poszukaj Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Research BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM...CLSID} = &Poszukaj \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ MenuText = @xpsp3res.dll,-20001 Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ ButtonText = Messenger MenuText = Windows Messenger Exec = C:\Program Files\Messenger\msmsgs.exe [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Apple Mobile Device, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] CT Device Query service, CTDevice_Srv, C:\Program Files\Creative\Shared Files\CTDevSrv.exe [Creative Technology Ltd] France Telecom Routing Table Service, FTRTSVC, C:\WINDOWS\System32\FTRTSVC.exe [France Telecom] Pml Driver HPZ12, Pml Driver HPZ12, C:\WINDOWS\system32\HPZipm12.exe [HP] RealNetworks Downloader Resolver Service, RealNetworks Downloader Resolver Service, "C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe" [null data] SecretZone Assist Service, SZASSIST, "C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe" [Clarus, Inc.] Usługa Bonjour, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> {1a3e09be-1e45-494b-9174-d7385b45bbf5}, Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ hpzsnt12\Driver = hpzsnt12.dll [HP] ---------- (launch time: 2014-09-18 18:42:28) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 54 seconds, including 14 seconds for message boxes)