"Silent Runners.vbs", revision 64, hxxp://www.silentrunners.org/
Operating System: Microsoft Windows 7 Home Premium Service Pack 1 (64-bit)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
AVP = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [Kaspersky Lab ZAO]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\(Default) = ContentBlockerBrowserHelperObject
-> {HKLM…CLSID} = Content Blocker Plugin
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [Kaspersky Lab ZAO]

{73455575-E40C-433C-9784-C78DC7761455}\(Default) = VirtualKeyboardBrowserHelperObject
-> {HKLM…CLSID} = Virtual Keyboard Plugin
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Kaspersky Lab ZAO]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM…CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\(Default) = Safe Money Plugin
-> {HKLM…CLSID} = Safe Money Plugin
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [Kaspersky Lab ZAO]

{E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = link filter bho
-> {HKLM…CLSID} = URL Advisor Plugin
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [Kaspersky Lab ZAO]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM…Wow…CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\(Default) = ContentBlockerBrowserHelperObject
-> {HKLM…Wow…CLSID} = Content Blocker Plugin
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [Kaspersky Lab ZAO]

{73455575-E40C-433C-9784-C78DC7761455}\(Default) = VirtualKeyboardBrowserHelperObject
-> {HKLM…Wow…CLSID} = Virtual Keyboard Plugin
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Kaspersky Lab ZAO]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\(Default) = Safe Money Plugin
-> {HKLM…Wow…CLSID} = Safe Money Plugin
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [Kaspersky Lab ZAO]

{AA609D72-8482-4076-8991-8CDAE5B93BCB}\(Default) = Samsung BHO Helper
-> {HKLM…Wow…CLSID} = Samsung BHO Class
\InProcServer32\(Default) = C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [Samsung Electronics Co., Ltd.]

{E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = link filter bho
-> {HKLM…Wow…CLSID} = URL Advisor Plugin
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [Kaspersky Lab ZAO]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Incorporated]

{dd230880-495a-11d1-b064-008048ec2fc5} = Scan with Kaspersky Anti-Virus
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\shellex.dll [Kaspersky Lab ZAO]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{E99987AC-6311-4686-B095-EB30B69F9258} = Samsung AnyWeb Print Clipbook - shell extension module of desk band
-> {HKLM…Wow…CLSID} = Samsung AnyWeb Print
\InProcServer32\(Default) = C:\Program Files\Samsung AnyWeb Print\W2PDeskband.dll [Samsung Electronics Co., Ltd.]

{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{dd230880-495a-11d1-b064-008048ec2fc5} = Scan with Kaspersky Anti-Virus
-> {HKLM…Wow…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\shellex.dll [Kaspersky Lab ZAO]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> (livessp [MS]) Security Packages = kerberos|msv1_0|schannel|wdigest|tspkg|pku2u|livessp

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = WLIDCredentialProvider
-> {HKLM…CLSID} = WLIDCredentialProvider
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = {dd230880-495a-11d1-b064-008048ec2fc5}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\shellex.dll [Kaspersky Lab ZAO]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = {dd230880-495a-11d1-b064-008048ec2fc5}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\shellex.dll [Kaspersky Lab ZAO]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
-> {HKLM…CLSID} = GraphicsShellExt Class
\InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Kaspersky Anti-Virus\(Default) = {dd230880-495a-11d1-b064-008048ec2fc5}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\shellex.dll [Kaspersky Lab ZAO]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\emily\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

Media+Player10PlayDVDMovieOnArrival\
Provider = Media+ Player 10
InvokeProgID = DVD
InvokeVerb = PlayWithMedia+Player10
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithMedia+Player10\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10.exe" "%L" [CyberLink Corp.]

MShowDVFilesArrival\
Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe" video dv
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM…CLSID} = Shell Execute Hardware Event Handler
\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

MShowPictureFilesArrival\
Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104
InvokeProgID = Picture
InvokeVerb = PlayWithMediaShow
HKLM\SOFTWARE\Classes\Picture\shell\PlayWithMediaShow\Command\(Default) = "C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe" photo import "%L" [CyberLink Corp.]

MShowVideoFilesArrival\
Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104
InvokeProgID = VideoFiles
InvokeVerb = PlayWithMediaShow
HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithMediaShow\Command\(Default) = "C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe" video import "%L" [CyberLink Corp.]

MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /deviceVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

P2GCDBurningOnArrival\
Provider = Power2Go
InvokeProgID = BlankCD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.]

P2GDVDBurningOnArrival\
Provider = Power2Go
InvokeProgID = BlankDVD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.]

PDirDVArrival\
Provider = PowerDirector
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.exe" /DV
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM…CLSID} = Shell Execute Hardware Event Handler
\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

Power2GoPlayCDAudioOnArrival\
Provider = Power2Go
InvokeProgID = AudioCD
InvokeVerb = PlayWithPower2Go
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L" [CyberLink Corp.]

PStarterBlankCDArrival\
Provider = Media Suite
InvokeProgID = BlankCD
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]

PStarterDVDBurningOnArrival\
Provider = Media Suite
InvokeProgID = BlankDVD
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]

PStarterMixedCDArrival\
Provider = Media Suite
InvokeProgID = MixedContent
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]

PStarterMusicFilesArrival\
Provider = Media Suite
InvokeProgID = MusicFiles
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]

PStarterPicturesArrival\
Provider = Media Suite
InvokeProgID = Picture
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]

PStarterVideoFilesArrival\
Provider = Media Suite
InvokeProgID = VideoFiles
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]

WIA_WPDArrival\
Provider = @C:\Program Files (x86)\CyberLink\MediaShow5\MUITransfer\MDSMUIRes.dll,-104
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\CyberLink\MediaShow5\MediaShow.exe photo import wpd %1 %2;
-> {HKLM…CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

Zitat:

logfiles auswertung von silent runners

Sry aber gehts noch?!
Statt einer Problembeschreibung knalls du hier einfach ein Log von einem Tool rein, welches schon seit Jahren hier nicht mehr verwendet wird!