"Silent Runners.vbs", revision 64, http://www.silentrunners.org/ Operating System: Microsoft Windows XP Home Edition Service Pack 3 (32-bit) Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe [MS] AdobeBridge = REM [LAB1.DE] LightScribe Control Panel = REM C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden [LAB1.DE] BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = REM "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [LAB1.DE] MSMSGS = REM "C:\Programme\Messenger\msmsgs.exe" /background [LAB1.DE] TomTomHOME.exe = "C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe" -s [file not found] PCSpeedUp = "C:\Programme\PC Beschleunigen\PCSpeedUp.exe" [file not found] (Default) = (empty string) [file not found] NokiaOviSuite2 = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray [Nokia] T-Online_Software_6\WLAN-Access Finder = C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized [Deutsche Telekom AG, Marmiko IT-Solutions GmbH] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} ATIPTA = C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [ATI Technologies, Inc.] LaunchAp = C:\Program Files\Launch Manager\LaunchAp.exe [empty string] HotkeyApp = C:\Program Files\Launch Manager\HotkeyApp.exe [Wistron] LMgrVolOSD = C:\Program Files\Launch Manager\OSD.exe [Wistron] LMgrOSD = C:\Program Files\Launch Manager\OSDCtrl.exe [empty string] CtrlVol = REM C:\Program Files\Launch Manager\CtrlVol.exe [LAB1.DE] Device Detector = REM DevDetect.exe -autorun [LAB1.DE] BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent [MS] TMController = C:\WINDOWS\system32\TMController.exe [empty string] (Default) = (empty string) [file not found] ISUSScheduler = "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start [Macrovision Corporation] LanguageShortcut = REM C:\Programme\CyberLink\PowerDVD\Language\Language.exe [LAB1.DE] UDC Integration = (empty string) [file not found] Acrobat Assistant 8.0 = "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [Adobe Systems Inc.] Adobe Acrobat Speed Launcher = "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [Adobe Systems Incorporated] Adobe Reader Speed Launcher = REM "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [LAB1.DE] CloneCDTray = REM "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s [LAB1.DE] PCMService = REM "C:\Programme\CyberLink\PowerCinema\PCMService.exe" [LAB1.DE] ISUSPM Startup = "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup [Macrovision Corporation] NeroFilterCheck = REM C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [LAB1.DE] Wbutton = C:\Program Files\Launch Manager\WButton.exe [empty string] TkBellExe = "realsched.exe" -osboot [file not found] facemoods = "C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I [facemoods.com] NokiaMServer = C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles startup [Nokia] B2C_AGENT = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [LG Electronics] APSDaemon = "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.] DATAMNGR = C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE [Bandoo Media, inc] AppleSyncNotifier = C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe [Apple Inc.] QuickTime Task = "C:\Programme\QuickTime\qttask.exe" -atboottime [Apple Inc.] iTunesHelper = "C:\Programme\iTunes\iTunesHelper.exe" [Apple Inc.] SunJavaUpdateSched = "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Sun Microsystems, Inc.] MSC = "c:\Programme\Microsoft Security Client\msseces.exe" -hide -runkey [MS] HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\ {10880D85-AAD9-4558-ABDC-2AB1552D831F}\(Default) = LightScribe Control Panel \StubPath = "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe" [Hewlett-Packard Company] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {1631550F-191D-4826-B069-D9439253D926}\(Default) = PriceGong -> {HKLM…CLSID} = Shopping Assistant Plugin \InProcServer32\(Default) = C:\Programme\PriceGong\2.6.4\PriceGongIE.dll [PriceGong] {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub -> {HKLM…CLSID} = Adobe PDF Link Helper \InProcServer32\(Default) = C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [file not found] {3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided) -> {HKLM…CLSID} = RealPlayer Download and Record Plugin for Internet Explorer \InProcServer32\(Default) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer] {64182481-4F71-486b-A045-B233BD0DA8FC}\(Default) = facemoods Helper -> {HKLM…CLSID} = CescrtHlpr Object \InProcServer32\(Default) = C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll [facemoods.com BHO] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM…CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Programme\Java\jre6\bin\ssv.dll [Sun Microsystems, Inc.] {99079a25-328f-4bd4-be04-00955acaa0a7}\(Default) = Searchqu Toolbar -> {HKLM…CLSID} = Searchqu Toolbar \InProcServer32\(Default) = C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll [null data] {9D717F81-9148-4f12-8568-69135F087DB0}\(Default) = (no title provided) -> {HKLM…CLSID} = DataMngr \InProcServer32\(Default) = C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL [Bandoo Media, inc] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM…CLSID} = Adobe PDF Conversion Toolbar Helper \InProcServer32\(Default) = C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [file not found] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO -> {HKLM…CLSID} = Skype Plug-In \InProcServer32\(Default) = C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM…CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Programme\Java\jre6\bin\jp2ssv.dll [Sun Microsystems, Inc.] {E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = JQSIEStartDetectorImpl -> {HKLM…CLSID} = JQSIEStartDetectorImpl Class \InProcServer32\(Default) = C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Sun Microsystems, Inc.] {F4971EE7-DAA0-4053-9964-665D8EE6A077}\(Default) = SmartSelect -> {HKLM…CLSID} = SmartSelect Class \InProcServer32\(Default) = C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Programme\Microsoft Office\Office10\msohev.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM…CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM…CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll [MS] {09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MI239C~1\shellext.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ WPDShServiceObj = {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -> {HKLM…CLSID} = WPDShServiceObj Class \InProcServer32\(Default) = C:\WINDOWS\system32\WPDShServiceObj.dll [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ <> Userinit = Userinit.exe, [MS] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <> Authentication Packages = msv1_0|C:\WINDOWS\system32\tuvVLbXq HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = Ati2evxx.dll [ATI Technologies Inc.] <> efcBrOfC\DLLName = efcBrOfC.dll [file not found] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> mso-offdap\CLSID = {3D9F03FA-7A94-11D3-BE81-0050048385D1} -> {HKLM…CLSID} = Data Page Pluggable Protocol mso-offdap Handler \InProcServer32\(Default) = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL [MS] <> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8} -> {HKLM…CLSID} = Skype IE add-on Pluggable Protocol \InProcServer32\(Default) = C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.] <> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -> {HKLM…CLSID} = IEProtocolHandler Class \InProcServer32\(Default) = C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL [Skype Technologies] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ VIDEOTRANS\(Default) = {C8CA0A66-AF32-4D5E-879E-F0809ACEDC55} -> {HKLM…CLSID} = AmvTransform Class \InProcServer32\(Default) = C:\Programme\Media Player Utilities 4.36\AMVConverter\AmvTransform.dll [empty string] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM…CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Programme\7-Zip\7-zip.dll [Igor Pavlov] Adobe.Acrobat.ContextMenu\(Default) = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} -> {HKLM…CLSID} = Acrobat Elements Context Menu \InProcServer32\(Default) = C:\Programme\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.] EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MI239C~1\shellext.dll [MS] MagicISO\(Default) = {DB85C504-C730-49DD-BEC1-7B39C6103B7A} -> {HKLM…CLSID} = MShellExtMenu Class \InProcServer32\(Default) = C:\Programme\MagicISO\misosh.dll [MagicISO, Inc.] SnagItMainShellExt\(Default) = {CF74B903-3389-469c-B3B6-0204D204FCBD} -> {HKLM…CLSID} = SnagItShellExt Class \InProcServer32\(Default) = C:\Programme\TechSmith\SnagIt 7\SnagItShellExt.dll [TechSmith Corporation] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Programme\WinRAR\rarext.dll [null data] {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided) -> {HKLM…CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Programme\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\ NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} -> {HKLM…CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Programme\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ WEB.DE SmartDrive\(Default) = {42368EF3-D9FE-4bc4-9FD5-01903EB21F53} -> {HKLM…CLSID} = ShellContextMenuHandler Class \InProcServer32\(Default) = C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\SHNDLERS.DLL [WEB.DE GmbH] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM…CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Programme\7-Zip\7-zip.dll [Igor Pavlov] EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MI239C~1\shellext.dll [MS] MagicISO\(Default) = {DB85C504-C730-49DD-BEC1-7B39C6103B7A} -> {HKLM…CLSID} = MShellExtMenu Class \InProcServer32\(Default) = C:\Programme\MagicISO\misosh.dll [MagicISO, Inc.] SnagItMainShellExt\(Default) = {CF74B903-3389-469c-B3B6-0204D204FCBD} -> {HKLM…CLSID} = SnagItShellExt Class \InProcServer32\(Default) = C:\Programme\TechSmith\SnagIt 7\SnagItShellExt.dll [TechSmith Corporation] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Programme\WinRAR\rarext.dll [null data] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ Nokia\(Default) = {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} -> {HKLM…CLSID} = Nokia Phone Browser \InProcServer32\(Default) = C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll [Nokia] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM…CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Programme\7-Zip\7-zip.dll [Igor Pavlov] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Programme\WinRAR\rarext.dll [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = NeroDigitalExt.NeroDigitalColumnHandler -> {HKLM…CLSID} = NeroDigitalColumnHandler Class \InProcServer32\(Default) = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll [Nero AG] {8EF5DC20-419C-4E43-A088-DE5B5625CA47}\(Default) = CDR Column Info -> {HKLM…CLSID} = CDR Column Provider \InProcServer32\(Default) = c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellXP.dll [Corel Corporation] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM…CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} -> {HKLM…CLSID} = Acrobat Elements Context Menu \InProcServer32\(Default) = C:\Programme\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.] MagicISO\(Default) = {DB85C504-C730-49DD-BEC1-7B39C6103B7A} -> {HKLM…CLSID} = MShellExtMenu Class \InProcServer32\(Default) = C:\Programme\MagicISO\misosh.dll [MagicISO, Inc.] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Programme\WinRAR\rarext.dll [null data] {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided) -> {HKLM…CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Programme\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} -> {HKLM…CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Programme\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Programme\WinRAR\rarext.dll [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ Wallpaper = C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ ACDSeePro20AcquirePicturesOnArrival\ Provider = ACDSee Pro 2 InvokeProgID = ACDSee Pro 2.0.AutoPlayHandlerAcquire InvokeVerb = Acquire HKLM\SOFTWARE\Classes\ACDSee Pro 2.0.AutoPlayHandlerAcquire\shell\Acquire\command\(Default) = "C:\Programme\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" /detect:%1 [ACD Systems] ACDSeePro20AcquireVideoFilesOnArrival\ Provider = ACDSee Pro 2 InvokeProgID = ACDSee Pro 2.0.AutoPlayHandlerAcquire InvokeVerb = Acquire HKLM\SOFTWARE\Classes\ACDSee Pro 2.0.AutoPlayHandlerAcquire\shell\Acquire\command\(Default) = "C:\Programme\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" /detect:%1 [ACD Systems] ACDSeePro20PlayVideoFilesOnArrival\ Provider = ACDSee Pro 2 InvokeProgID = ACDSee Pro 2.0.AutoPlayHandler InvokeVerb = Open HKLM\SOFTWARE\Classes\ACDSee Pro 2.0.AutoPlayHandler\shell\Open\command\(Default) = "C:\Programme\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" [ACD Systems] ACDSeePro20ShowPicturesOnArrival\ Provider = ACDSee Pro 2 InvokeProgID = ACDSee Pro 2.0.AutoPlayHandler InvokeVerb = Open HKLM\SOFTWARE\Classes\ACDSee Pro 2.0.AutoPlayHandler\shell\Open\command\(Default) = "C:\Programme\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" [ACD Systems] AlcoholAutoPlayV2.BurnDisc\ Provider = Alcohol 120% InvokeProgID = AlcoholAutoPlayV2 InvokeVerb = BurnDisc HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = "C:\Programme\Alcohol Soft\Alcohol 120\alcohol_.exe" %1 [Alcohol Soft Development Team] AlcoholAutoPlayV2.ReadDisc\ Provider = Alcohol 120% InvokeProgID = AlcoholAutoPlayV2 InvokeVerb = ReadDisc HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = "C:\Programme\Alcohol Soft\Alcohol 120\alcohol_.exe" %1 [Alcohol Soft Development Team] ArcSoftTMAudioCDArrival\ Provider = ArcSoft TotalMedia 3 InvokeProgID = TotalMediaOpenAudioCD InvokeVerb = open HKLM\SOFTWARE\Classes\TotalMediaOpenAudioCD\shell\open\command\(Default) = C:\Programme\ArcSoft\TotalMedia 3\TotalMedia.exe -a %L [ArcSoft, Inc.] ArcSoftTMDVDArrival\ Provider = ArcSoft TotalMedia 3 InvokeProgID = TotalMediaOpenDVD InvokeVerb = open HKLM\SOFTWARE\Classes\TotalMediaOpenDVD\shell\open\command\(Default) = C:\Programme\ArcSoft\TotalMedia 3\TotalMedia.exe -d %L [ArcSoft, Inc.] ArcSoftTMMusicArrival\ Provider = ArcSoft TotalMedia 3 InvokeProgID = TotalMediaOpenMusic InvokeVerb = open HKLM\SOFTWARE\Classes\TotalMediaOpenMusic\shell\open\command\(Default) = C:\Programme\ArcSoft\TotalMedia 3\TotalMedia.exe -a %L [ArcSoft, Inc.] ArcSoftTMPictureArrival\ Provider = ArcSoft TotalMedia 3 InvokeProgID = TotalMediaOpen InvokeVerb = open HKLM\SOFTWARE\Classes\TotalMediaOpen\shell\open\command\(Default) = C:\Programme\ArcSoft\TotalMedia 3\TotalMedia.exe -r %L [ArcSoft, Inc.] ArcSoftTMVideoArrival\ Provider = ArcSoft TotalMedia 3 InvokeProgID = TotalMediaOpenVideo InvokeVerb = open HKLM\SOFTWARE\Classes\TotalMediaOpenVideo\shell\open\command\(Default) = C:\Programme\ArcSoft\TotalMedia 3\TotalMedia.exe -v %L [ArcSoft, Inc.] ArcSoftTMVideoCameraArrival\ Provider = ArcSoft TotalMedia 3 ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\PROGRA~1\ArcSoft\TOTALM~1\TOTALM~1.EXE -c HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM…CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] BridgeCS3ImportMediaOnArrival\ Provider = Adobe Bridge CS3 InvokeProgID = Adobe.adobebridge InvokeVerb = launch HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = C:\Programme\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1 [Adobe Systems, Inc.] iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Programme\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Programme\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Programme\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Programme\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] LightScribeOnArrivalAP\ Provider = LightScribe Direct Disc Labeling InvokeProgID = LightScribe.AutoPlayHandler InvokeVerb = LabelLightScribeDisc HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = C:\Programme\Gemeinsame Dateien\LightScribe\LsLauncher.exe [Hewlett-Packard Company] MPCPlayCDAudioOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayCDAudio HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C:\Programme\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd [MPC-HC Team] MPCPlayDVDMovieOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayDVDMovie HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C:\Programme\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd [MPC-HC Team] MPCPlayMusicFilesOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayMusicFiles HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C:\Programme\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team] MPCPlayVideoFilesOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayVideoFiles HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C:\Programme\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team] MSWPDShellNamespaceHandler\ Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = -> {HKLM…CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS] NeroAutoPlay7AudioToNeroDigital\ Provider = Nero Burning ROM InvokeProgID = Nero.AutoPlay7 InvokeVerb = AudioToNeroDigital_PlayCDAudioOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = C:\Programme\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks /Drive:%L [Nero AG] NeroAutoPlay7CDAudio\ Provider = Nero Express InvokeProgID = Nero.AutoPlay7 InvokeVerb = CDAudio_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = C:\Programme\Nero\Nero 7\Core\nero.exe /New:AudioCD [Nero AG] NeroAutoPlay7CopyCD\ Provider = Nero Burning ROM InvokeProgID = Nero.AutoPlay7 InvokeVerb = CopyCD_PlayMusicFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = C:\Programme\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy /Drive:%L [Nero AG] NeroAutoPlay7DataDisc\ Provider = Nero Express InvokeProgID = Nero.AutoPlay7 InvokeVerb = DataDisc_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = C:\Programme\Nero\Nero 7\Core\nero.exe /New:ISODisc [Nero AG] NeroAutoPlay7LaunchNeroStartSmart\ Provider = Nero StartSmart InvokeProgID = Nero.AutoPlay7 InvokeVerb = LaunchNeroStartSmart_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = C:\Programme\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay [Nero AG] NeroAutoPlay7PlayAudioCD\ Provider = Nero ShowTime InvokeProgID = Nero.AutoPlay7 InvokeVerb = PlayAudioCD_PlayMusicFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play /Drive:%L [Nero AG] NeroAutoPlay7PlayDVD\ Provider = Nero ShowTime InvokeProgID = Nero.AutoPlay7 InvokeVerb = PlayDVD_PlayVideoFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play /Drive:%L [Nero AG] NeroAutoPlay7RipCD\ Provider = Nero Burning ROM InvokeProgID = Nero.AutoPlay7 InvokeVerb = RipCD_PlayCDAudioOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = C:\Programme\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks /Drive:%L [Nero AG] NeroAutoPlay7TranscodeVideo\ Provider = Nero Recode InvokeProgID = Nero.AutoPlay7 InvokeVerb = TranscodeVideo_PlayDVDMovieOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = C:\Programme\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo [Nero AG] NeroAutoPlay7VideoCapture\ Provider = Nero Vision ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = /New:VideoCapture HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM…CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] NeroAutoPlay7ViewPhotos\ Provider = Nero PhotoSnap Viewer InvokeProgID = Nero.AutoPlay7 InvokeVerb = ViewPhotos_ShowPicturesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = C:\Programme\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe / [Nero AG] NMMPlayCDAudioOnArrival\ Provider = Nokia Music Manager InvokeProgID = NokiaMusicManager InvokeVerb = NMMPlayCD HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = C:\Programme\Nokia\Nokia PC Suite 7\MusicManager.exe /playCD "%L" [Nokia] NMMRipCDAudioOnArrival\ Provider = Nokia Music Manager InvokeProgID = NokiaMusicManager InvokeVerb = NMMRipCD HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = C:\Programme\Nokia\Nokia PC Suite 7\MusicManager.exe /ripCD "%L" [Nokia] NokiaOviSuite\ Provider = Nokia Ovi Suite ProgID = Nokia.OviSuite InitCmdLine = -autoplay HKLM\SOFTWARE\Classes\Nokia.OviSuite\CLSID\(Default) = {27F341A3-9735-41a3-AC51-75734826845F} -> {HKLM…CLSID} = Nokia Ovi Suite \LocalServer32\(Default) = C:/Programme/Nokia/Nokia Ovi Suite/NokiaOviSuite.exe [Nokia] PCinemaMusicFilesArrival\ InvokeProgID = MusicFiles InvokeVerb = PlayWithPowerCinema HKLM\SOFTWARE\Classes\MusicFiles\shell\PlayWithPowerCinema\Command\(Default) = "C:\Programme\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MUSIC "%L" [file not found] PCinemaPlayCDAudioOnArrival\ InvokeProgID = AudioCD InvokeVerb = PlayWithPowerCinema HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerCinema\Command\(Default) = "C:\Programme\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY CD "%L" [file not found] PCinemaPlayDVDMovieOnArrival\ InvokeProgID = DVD InvokeVerb = PlayWithPowerCinema HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerCinema\Command\(Default) = "C:\Programme\CyberLink\PowerCinema\PowerCinema.exe" AUTOPLAY MOVIE "%L" [file not found] PDVDPlayCDAudioOnArrival\ Provider = PowerDVD InvokeProgID = AudioCD InvokeVerb = PlayWithPowerDVD HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = "C:\Programme\CyberLink\PowerDVD\PowerDVD.exe" "%L" [CyberLink Corp.] PDVDPlayDVDMovieOnArrival\ Provider = PowerDVD InvokeProgID = DVD InvokeVerb = PlayWithPowerDVD HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = "C:\Programme\CyberLink\PowerDVD\PowerDVD.exe" "%l" [CyberLink Corp.] PDVDPlayVCDMovieOnArrival\ Provider = PowerDVD InvokeProgID = VCD InvokeVerb = PlayWithPowerDVD HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = "C:\Programme\CyberLink\PowerDVD\PowerDVD.exe" "%l" [CyberLink Corp.] PPCDBurningOnArrival\ Provider = PowerProducer InvokeProgID = Picture InvokeVerb = OpenWithPowerProducer HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = "C:\Programme\CyberLink\PowerProducer\Producer.exe" [CyberLink] PPDCameraArrival\ Provider = PowerProducer InvokeProgID = Picture InvokeVerb = OpenWithPowerProducer HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = "C:\Programme\CyberLink\PowerProducer\Producer.exe" [CyberLink] PPDVArrival\ Provider = PowerProducer ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\Programme\CyberLink\PowerProducer\Producer.exe HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM…CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] PStarterBlankCDArrival\ Provider = DVD Suite InvokeProgID = BlankCD InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Programme\CyberLink\DVD Suite\PowerStarter.exe" [CyberLink] PStarterDVDBurningOnArrival\ Provider = DVD Suite InvokeProgID = BlankDVD InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Programme\CyberLink\DVD Suite\PowerStarter.exe" [CyberLink] PStarterMixedCDArrival\ Provider = DVD Suite InvokeProgID = MixedContent InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = "C:\Programme\CyberLink\DVD Suite\PowerStarter.exe" [CyberLink] PStarterMusicFilesArrival\ Provider = DVD Suite InvokeProgID = MusicFiles InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Programme\CyberLink\DVD Suite\PowerStarter.exe" [CyberLink] PStarterPicturesArrival\ Provider = DVD Suite InvokeProgID = Picture InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = "C:\Programme\CyberLink\DVD Suite\PowerStarter.exe" [CyberLink] PStarterVideoFilesArrival\ Provider = DVD Suite InvokeProgID = VideoFiles InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Programme\CyberLink\DVD Suite\PowerStarter.exe" [CyberLink] RPCDBurningOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.CDBurn.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = "c:\programme\real\realone player\\RealPlay.exe" /burn "%1" [file not found] RPDeviceOnArrival\ Provider = RealPlayer ProgID = RealPlayer.HWEventHandler HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = {67E76F1D-BDE2-4052-913C-2752366192D2} -> {HKLM…CLSID} = RealNetworks Scheduler \LocalServer32\(Default) = "C:\Programme\Real\RealPlayer\Update\realsched.exe" -autoplay [RealNetworks, Inc.] RPDVDBurningOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.DVDBurn.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = "c:\programme\real\realone player\\RealPlay.exe" /burndvd "%1" [file not found] RPPlayCDAudioOnArrival\ Provider = RealOne Player InvokeProgID = RealPlayer.AudioCD.6 InvokeVerb = play HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = "c:\programme\real\realone player\\RealPlay.exe" /play %1 [file not found] RPPlayDVDMovieOnArrival\ Provider = RealOne Player InvokeProgID = RealPlayer.DVD.6 InvokeVerb = play HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = "c:\programme\real\realone player\\RealPlay.exe" /dvd %1 [file not found] RPPlayMediaOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.AutoPlay.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = "c:\programme\real\realone player\\RealPlay.exe" /autoplay "%1" [file not found] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file cdda://%1 [the VideoLAN Team] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Programme\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1 [the VideoLAN Team] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Programme\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1 [the VideoLAN Team] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1 [the VideoLAN Team] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Programme\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team] Startup items in "Heinz" & "All Users" startup folders: ------------------------------------------------------- C:\Dokumente und Einstellungen\Heinz\Startmenü\Programme\Autostart MagicDisc -> shortcut to: C:\Programme\MagicDisc\MagicDisc.exe [MagicISO, Inc.] Telefon- und Branchenbuch + Rückwärtssuche Sommer 2012 - Schnellstarter -> shortcut to: C:\Programme\klickTel\Telefon- und Branchenbuch + Rückwärtssuche Sommer 2012\kstart32.exe [telegate MEDIA AG] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart hp psc 1000 series -> shortcut to: C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [Hewlett-Packard Co.] hpoddt01.exe -> shortcut to: C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [Hewlett-Packard] Microsoft Office -> shortcut to: C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l [MS] TMMonitor -> shortcut to: C:\Programme\ArcSoft\TotalMedia 3\TMMonitor.exe [ArcSoft, Inc.] WISO Mein Steuer-Sparbuch heute -> shortcut to: C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe [Buhl Tax Service, Hannover] Enabled Scheduled Tasks: ------------------------ AppleSoftwareUpdate -> launches: C:\Programme\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] Driver Robot -> launches: C:\Programme\Driver Robot\1.1.0.5\DriverRobot.exe --scan --stack=from-scheduler [file not found] FRU Task #Hewlett-Packard#hp psc 1100 series#1236936262 -> launches: C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1100 series#1236936262" [empty string] GoogleUpdateTaskMachineUA -> launches: C:\Programme\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] Microsoft Antimalware Scheduled Scan -> launches: c:\Programme\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS] MpIdleTask -> launches: c:\Programme\Microsoft Security Client\MpCmdRun.exe -IdleTask -TaskName MpIdleTask [MS] RealUpgradeLogonTaskS-1-5-21-606747145-583907252-1801674531-1005 -> launches: C:\Programme\Real\RealUpgrade\realupgrade.exe /logoncheck [RealNetworks, Inc.] RealUpgradeScheduledTaskS-1-5-21-606747145-583907252-1801674531-1005 -> launches: C:\Programme\Real\RealUpgrade\realupgrade.exe /scheduledcheck [RealNetworks, Inc.] {22116563-108C-42c0-A7CE-60161B75E508} -> launches: C:\DOKUME~1\Heinz\LOKALE~1\Temp\Zjl.exe [file not found] {62C40AA6-4406-467a-A5A5-DFDF1B559B7A} -> launches: C:\WINDOWS\Zkenya.exe [file not found] {BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} -> launches: C:\DOKUME~1\Heinz\LOKALE~1\Temp\Zjm.exe [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = mswsock.dll [MS] 000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000003\LibraryPath = mswsock.dll [MS] 000000000004\LibraryPath = C:\Programme\Bonjour\mdnsNSP.dll [Apple Inc.] 000000000005\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: mswsock.dll [MS], 01 - 34 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {47833539-D0C5-4125-9FA8-0819E2EAAC93} -> {HKLM…CLSID} = Adobe PDF \InProcServer32\(Default) = C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [file not found] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {47833539-D0C5-4125-9FA8-0819E2EAAC93} = (no title provided) -> {HKLM…CLSID} = Adobe PDF \InProcServer32\(Default) = C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [file not found] {DB4E9724-F518-4DFD-9C7C-78B52103CAB9} = facemoods Toolbar -> {HKLM…CLSID} = facemoods Toolbar \InProcServer32\(Default) = C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll [facemoods.com] {99079A25-328F-4BD4-BE04-00955ACAA0A7} = Searchqu Toolbar -> {HKLM…CLSID} = Searchqu Toolbar \InProcServer32\(Default) = C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll [null data] Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{929801A8-4AEF-4D12-BE31-D85BF666452B}\(Default) = facemoods.com Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll [facemoods.com BHO] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Plug-In MenuText = Skype Plug-In CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM…CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ MenuText = @xpsp3res.dll,-20001 Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ ButtonText = Messenger MenuText = Windows Messenger Exec = C:\Programme\Messenger\msmsgs.exe [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> Tabs = http://start.facemoods.com/?a=cpd&f=2 [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Apple Mobile Device, Apple Mobile Device, "C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] Ati HotKey Poller, Ati HotKey Poller, C:\WINDOWS\system32\Ati2evxx.exe [ATI Technologies Inc.] Autodata Limited License Service, Autodata Limited License Service, "C:\Programme\Gemeinsame Dateien\Autodata Limited Shared\Service\ADCDLicSvc.exe" [Autodata Limited] B's Recorder GOLD Library General Service, bgsvcgen, "C:\WINDOWS\system32\bgsvcgen.exe" [B.H.A Corporation] Bluetooth Support Service, BthServ, C:\WINDOWS\system32\svchost.exe -k bthsvcs {C:\WINDOWS\System32\bthserv.dll [MS]} Crypkey License, Crypkey License, crypserv.exe [CrypKey (Canada) Ltd.] CyberLink Background Capture Service (CBCS), CLCapSvc, "C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe" [empty string] Cyberlink RichVideo Service(CRVS), RichVideo, "C:\Programme\CyberLink\Shared Files\RichVideo.exe" [empty string] CyberLink Task Scheduler (CTS), CLSched, "C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe" [empty string] Dienst "Bonjour", Bonjour Service, C:\Programme\Bonjour\mDNSResponder.exe [Apple Inc.] FABS - Helping agent for MAGIX media database, Fabs, C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe /DisableUI [MAGIX® AG] Fax, Fax, C:\WINDOWS\system32\fxssvc.exe [MS] iPod-Dienst, iPod Service, C:\Programme\iPod\bin\iPodService.exe [Apple Inc.] Java Quick Starter, JavaQuickStarterService, "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" [Sun Microsystems, Inc.] LightScribeService Direct Disc Labeling Service, LightScribeService, "C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe" [Hewlett-Packard Company] Microsoft Antimalware Service, MsMpSvc, "c:\Programme\Microsoft Security Client\MsMpEng.exe" [MS] Protexis Licensing V2, PSI_SVC_2, "c:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe" [Protexis Inc.] ProtexisLicensing, ProtexisLicensing, C:\WINDOWS\system32\PSIService.exe [null data] ServiceLayer, ServiceLayer, "C:\Programme\PC Connectivity Solution\ServiceLayer.exe" [Nokia] SQL Server (SQLEXPRESS), MSSQL$SQLEXPRESS, "C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [MS] SQL Server Browser, SQLBrowser, "C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [MS] SQL Server VSS Writer, SQLWriter, "C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe" [MS] StarWind iSCSI Service, StarWindService, C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [Rocket Division Software] T-Online WLAN Adapter Steuerungsdienst, MZCCntrl, C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [Deutsche Telekom AG, Marmiko IT-Solutions GmbH] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup {C:\WINDOWS\System32\WUDFSvc.dll [MS]} WMI-Leistungsadapter, WmiApSrv, C:\WINDOWS\system32\wbem\wmiapsrv.exe [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> MsMpSvc, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> MsMpSvc, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port Monitor\Driver = AdobePDF.dll [Adobe Systems Inc] avm:\Driver = avmprmon.dll [file not found] hpzsnt07\Driver = hpzsnt07.dll [HP] Microsoft Shared Fax Monitor\Driver = FXSMON.DLL [MS] UDC\Driver = udcpm.dll [fCoder Group, Inc.] WEB.DE Fax Monitor\Driver = UIWEBMON.DLL [WEB.DE GmbH] WinFax Ports (Fotoqualität)\Driver = WFXMNTHQ.DLL [file not found] ---------- (launch time: 2012-06-20 09:10:10) <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 225 seconds)