"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Operating System: Microsoft Windows XP Professional Service Pack 3 (32-bit) Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS] (Default) = (empty string) [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {88895560-9AA2-1069-930E-00AA0030EBC8} = Rozszerzenie ikony HyperTerminalu -> {HKLM...CLSID} = HyperTerminal Icon Ext \InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.] {23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = UnlockerShellExtension -> {HKLM...CLSID} = UnlockerShellExtension \InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data] {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files\AVG\AVG2014\avgse.dll [AVG Technologies CZ, s.r.o.] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = Ati2evxx.dll [ATI Technologies Inc.] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files\AVG\AVG2014\avgse.dll [AVG Technologies CZ, s.r.o.] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ UnlockerShellExtension\(Default) = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} -> {HKLM...CLSID} = UnlockerShellExtension \InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files\AVG\AVG2014\avgse.dll [AVG Technologies CZ, s.r.o.] UnlockerShellExtension\(Default) = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} -> {HKLM...CLSID} = UnlockerShellExtension \InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ Wallpaper = C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Documents and Settings\Artur\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ ASHAshampoo_Burning_Studio_2012BURNONARRIVAL\ Provider = Ashampoo Burning Studio 2012 InvokeProgID = Ashampoo.BurningStudio2012 InvokeVerb = autoplay-burn HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2012\shell\autoplay-burn\Command\(Default) = "C:\Program Files\Ashampoo\Ashampoo Burning Studio 2012\burningstudio2012.exe" -autoplay -selectdrive "%l" [Ashampoo] ASHAshampoo_Burning_Studio_2012COPYONARRIVAL\ Provider = Ashampoo Burning Studio 2012 InvokeProgID = Ashampoo.BurningStudio2012 InvokeVerb = autoplay-copy HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2012\shell\autoplay-copy\Command\(Default) = "C:\Program Files\Ashampoo\Ashampoo Burning Studio 2012\burningstudio2012.exe" -autoplay -selectdrive "%l" -copy [Ashampoo] ASHAshampoo_Burning_Studio_2012RIPONARRIVAL\ Provider = Ashampoo Burning Studio 2012 InvokeProgID = Ashampoo.BurningStudio2012 InvokeVerb = autoplay-rip HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2012\shell\autoplay-rip\Command\(Default) = "C:\Program Files\Ashampoo\Ashampoo Burning Studio 2012\burningstudio2012.exe" -autoplay -selectdrive "%l" -rip [Ashampoo] GOMPlayDVDOnArrival\ Provider = GOM Player InvokeProgID = GomPlayer.DVD InvokeVerb = open HKLM\SOFTWARE\Classes\GomPlayer.DVD\shell\open\command\(Default) = "C:\Program Files\GRETECH\GomPlayer\GOM.EXE" /open "%1" [Gretech Corp.] GOMPlayMediaOnArrival\ Provider = GOM Player InvokeProgID = GomPlayer.MediaFile InvokeVerb = open HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\command\(Default) = "C:\Program Files\GRETECH\GomPlayer\GOM.EXE" /open "%1" [Gretech Corp.] HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\DropTarget\CLSID = {D0F0AD6B-ECCC-401E-8E71-C4363D41399C} -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = C:\PROGRA~1\GRETECH\GOMPLA~1\GOM.EXE [Gretech Corp.] MPCPlayBluRayOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayBlurayMovie HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %L\BDMV\INDEX.BDMV [MPC-HC Team] MPCPlayCDAudioOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayCDAudio HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd [MPC-HC Team] MPCPlayDVDMovieOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayDVDMovie HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd [MPC-HC Team] MPCPlayMusicFilesOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayMusicFiles HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team] MPCPlayVideoFilesOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayVideoFiles HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team] MSWPDShellNamespaceHandler\ Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS] NokiaOviSuite\ Provider = Nokia Suite ProgID = Nokia.Suite InitCmdLine = -autoplay HKLM\SOFTWARE\Classes\Nokia.Suite\CLSID\(Default) = {27F341A3-9735-41a3-AC51-75734826845F} -> {HKLM...CLSID} = Nokia Suite \LocalServer32\(Default) = C:/Program Files/Nokia/Nokia Suite/NokiaSuite.exe [Nokia] Enabled Scheduled Tasks: {++} ------------------------ SmartDefrag -> launches: C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe /Schedule [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Poszukaj Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Research BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM...CLSID} = &Poszukaj \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ MenuText = @xpsp3res.dll,-20001 Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG WatchDog, avgwd, "C:\Program Files\AVG\AVG2014\avgwdsvc.exe" [AVG Technologies CZ, s.r.o.] AVGIDSAgent, AVGIDSAgent, "C:\Program Files\AVG\AVG2014\avgidsagent.exe" [AVG Technologies CZ, s.r.o.] Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ <> UpperFilters = <> aswKbd [AVAST Software],kbdclass [MS] ---------- (launch time: 2014-02-24 14:24:15) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 73 seconds, including 18 seconds for message boxes)