Werbung
AutoRuns Windows
Die Option "Hide Signed Microsoft Entries" von Autoruns, ermöglicht eine gezielte Separation
aller von Drittanbietern angelegten Autostart-Einträgen auf einem System, indem alle Microsoft
bezogenen Komponenten ausgeblendet werden.
Außerdem bietet es Unterstüzung bei der Suche
nach Autostart-Eintragungen aller vorhandenen
Benutzerkonten. Zusätzlich im Download-Paket enthalten, ist
"Autorunsc" als Emulation eines Kommandozeileninterpreters,
da dieser nur eine Ausgabe in CSV-Format unterstützt.
Lade das Tool
Autoruns und
entpacke im abgesicherten Modus von Windows unter dem Benutzernamen angemeldet die Zip-Datei
führe
autoruns.exe aus
mach bei "Options" bei "Verify Code Signatures" - "Hide Signed Microsoft Entries" jeweils Häckchen und überprüfe , dass bei "Include Empty Locations" kein Häckchen ist.
Autoruns Anleitung:
Dann drücke die "F5"-Taste und anschließend die Tastenkombination "Strg" + "a".
Speichere die Datei Autoruns.txt an einem Ort ab, wo man leicht wiederfindet! Dann öffne die Datei - kopiere sie in den Beitrag in einem Sicherheitsforum, falls verlangt.
falls in einem Sicherheitsforum ein Log gefordert wird, kann man es so abkopieren:
File - Save As
eine Bezeichnung geben und
als txt-Datei abspeichern - > speichern (unter Desktop)
die txt doppel klicken
Beispiel:
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
+ rdpclip RDP Clip Monitor (Verified) Microsoft Windows XP Publisher c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application (Verified) Microsoft Windows XP Publisher c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
+ Explorer.exe Windows Explorer (Verified) Microsoft Windows XP Publisher c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ avgnt Antivirus System Tray Tool (Not verified) Avira GmbH c:\program files\antivir personaledition classic\avgnt.exe
+ SYTDI Network Dispatch Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symtdi.sys
+ TIACXLN 22M Wireless LAN Driver (Not verified) c:\windows\system32\drivers\tiacxln.sys
+ TRIXX c:\ati\trixx\trixxdriver.sys
+ Video3D File not found: System32\Drivers\Video3D.sys
+ XPROTECTOR c:\windows\system32\drivers\xprotector.sys
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
+ rdpclip RDP Clip Monitor (Verified) Microsoft Windows XP Publisher c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ C:\WINDOWS\System32\Userinit.exe Userinit Logon Application (Verified) Microsoft Windows XP Publisher c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
+ explorer.exe Windows Explorer (Verified) Microsoft Windows XP Publisher c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ avast! avast! service GUI component (Verified) ALWIL Software c:\program files\alwil software\avast4\ashdisp.exe
+ SmcService Sygate Agent Firewall (Verified) Sygate Technologies, Inc. c:\program files\sygate\spf\smc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ ctfmon.exe CTF Loader (Verified) Microsoft Windows XP Publisher c:\windows\system32\ctfmon.exe
+ Yahoo! Pager c:\program files\yahoo!\messenger\ypager.exe
HKLM\SOFTWARE\Classes\Protocols\Filter
+ application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ Class Install Handler OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll
+ deflate OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll
+ gzip OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll
+ lzdhtml OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll
+ text/webviewhtml Windows Shell Common Dll (Verified) Microsoft Windows XP Publisher c:\windows\system32\shell32.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
+ about Microsoft (R) HTML Viewer (Verified) Microsoft Windows Component Publisher c:\windows\system32\mshtml.dll
+ cdl OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll
+ dvd ActiveX control for streaming video (Verified) Microsoft Windows XP Publisher c:\windows\system32\msvidctl.dll
+ file OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll
+ ftp OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ Address Book 5 Outlook Express Setup Library (Verified) Microsoft Windows Component Publisher c:\program files\outlook express\setup50.exe
+ Browser Customizations Microsoft Internet Explorer Customization DLL (Verified) Microsoft Windows Component Publisher c:\windows\system32\iedkcs32.dll
+ CRLUpdate UPDCRL (Not verified) Microsoft Corporation c:\windows\system32\updcrl.exe
+ Internet Explorer 6 IE 5.0 Per-User Install Utility (Verified) Microsoft Windows Component Publisher c:\windows\system32\ie4uinit.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
+ Component Categories cache daemon Shell Browser UI Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\browseui.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CDBurn Windows Shell Common Dll (Verified) Microsoft Windows XP Publisher c:\windows\system32\shell32.dll
+ PostBootReminder Windows Shell Common Dll (Verified) Microsoft Windows XP Publisher c:\windows\system32\shell32.dll
+ SysTray Systray shell service object (Verified) Microsoft Windows XP Publisher c:\windows\system32\stobject.dll
+ WebCheck Web Site Monitor (Verified) Microsoft Windows Component Publisher c:\windows\system32\webcheck.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ DiamondCS WormGuard Hook DiamondCS WormGuard Core Module (Not verified) Diamond Computer Systems Pty. Ltd. c:\wormguard\wguard.dll
+ shell32.dll Windows Shell Common Dll (Verified) Microsoft Windows XP Publisher c:\windows\system32\shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ %DESC_PublishDropTarget% Photo Printing Wizard (Verified) Microsoft Windows XP Publisher c:\windows\system32\photowiz.dll
+ Address Shell Browser UI Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\browseui.dll
+ .CAB file viewer Cabinet File Viewer Shell Extension (Verified) Microsoft Windows XP Publisher c:\windows\system32\cabview.dll
+ Accessible Shell Browser UI Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\browseui.dll
+ ActiveX Cache Folder Object Control Viewer (Verified) Microsoft Windows Component Publisher c:\windows\system32\occache.dll
+ Address Bar Parser Shell Browser UI Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\browseui.dll
+ Yahoo! Mail YMMAPI Module (Verified) Yahoo! Inc. c:\program files\yahoo!\common\ymmapi.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871} Windows Shell Common Dll (Verified) Microsoft Windows XP Publisher c:\windows\system32\shell32.dll
+ {24F14F01-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll (Verified) Microsoft Windows XP Publisher c:\windows\system32\shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ HelperObject Class SnagIt Browser Helper Object for Internet Explorer (Not verified) TechSmith Corporation c:\program files\techsmith\snagit 6\snagitbho.dll
+ WsftpBrowserHelper Class wsbho2k0 Module c:\program files\ws_ftp pro\wsbho2k0.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ shdocvw.dll Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ msdxm.ocx Windows Media Player 2 ActiveX Control (Verified) Microsoft Windows Component Publisher c:\windows\system32\msdxm.ocx
+ snagitieaddin.dll SnagIt Add-in for Internet Explorer (Not verified) TechSmith Corporation c:\program files\techsmith\snagit 6\snagitieaddin.dll
+ WINSWEEP Toolbar WINSWEEP Toolbar (Not verified) Software-Entwicklung Frank-Oliver Dzewas c:\program files\winsweep\surfbar.dll
+ yt.dll Yahoo! Toolbar (Verified) Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ @shdoclc.dll,-864 (Verified) Microsoft Windows XP Publisher c:\windows\web\related.htm
HKLM\System\CurrentControlSet\Services
+ aswUpdSv Bietet das automatische Update für avast! Antivirus. (Verified) ALWIL Software c:\program files\alwil software\avast4\aswupdsv.exe
+ AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows XP Publisher c:\windows\system32\svchost.exe
+ avast! Antivirus Verwaltet und implementiert avast! Antivirus Dienste für diesen Computer. Dies beinhaltet den residenten Schutz, den Virus-Container und den Timer. (Verified) ALWIL Software c:\program files\alwil software\avast4\ashserv.exe
+ Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows XP Publisher c:\windows\system32\svchost.exe
+ CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows XP Publisher c:\windows\system32\svchost.exe
+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows XP Publisher c:\windows\system32\svchost.exe
+ winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows XP Publisher c:\windows\system32\svchost.exe
HKLM\System\CurrentControlSet\Services
+ ACPI ACPI Driver for NT (Verified) Microsoft Windows XP Publisher c:\windows\system32\drivers\acpi.sys
+ aec Microsoft Acoustic Echo Canceller (Verified) Microsoft Windows XP Publisher c:\windows\system32\drivers\aec.sys
+ AFD Ancillary Function Driver for WinSock (Verified) Microsoft Windows XP Publisher c:\windows\system32\drivers\afd.sys
+ AN983 ADMtek AN983 NDIS5 Driver (Verified) Microsoft Windows XP Publisher c:\windows\system32\drivers\an983.sys
+ AsyncMac RAS Asynchronous Media Driver (Verified) Microsoft Windows XP Publisher c:\windows\system32\drivers\asyncmac.sys
+ atapi IDE/ATAPI Port Driver (Verified) Microsoft Windows XP Publisher c:\windows\system32\drivers\atapi.sys
+ SASDIFSV File not found: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
+ SASENUM File not found: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
+ SASKUTIL File not found: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
+ advapi32 Advanced Windows 32 Base API (Not verified) Microsoft Corporation c:\windows\system32\advapi32.dll
+ comdlg32 Common Dialogs DLL (Not verified) Microsoft Corporation c:\windows\system32\comdlg32.dll
+ gdi32 GDI Client DLL (Verified) Microsoft Windows XP Publisher c:\windows\system32\gdi32.dll
+ imagehlp Windows NT Image Helper (Verified) Microsoft Windows XP Publisher c:\windows\system32\imagehlp.dll
+ kernel32 Windows NT BASE API Client DLL (Verified) Microsoft Windows XP Publisher c:\windows\system32\kernel32.dll
+ lz32 LZ Expand/Compress API DLL (Verified) Microsoft Windows XP Publisher c:\windows\system32\lz32.dll
+ ole32 Microsoft OLE for Windows (Verified) Microsoft Windows XP Publisher c:\windows\system32\ole32.dll
+ oleaut32 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems (Verified) Microsoft Windows XP Publisher c:\windows\system32\oleaut32.dll
+ olecli32 Object Linking and Embedding Client Library (Verified) Microsoft Windows XP Publisher c:\windows\system32\olecli32.dll
+ olecnv32 Microsoft OLE for Windows (Verified) Microsoft Windows XP Publisher c:\windows\system32\olecnv32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
+ logonui.exe Windows Logon UI (Verified) Microsoft Windows XP Publisher c:\windows\system32\logonui.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ crypt32chain Crypto API32 (Verified) Microsoft Windows XP Publisher c:\windows\system32\crypt32.dll
+ cryptnet Crypto Network Related API (Verified) Microsoft Windows XP Publisher c:\windows\system32\cryptnet.dll
+ cscdll Offline Network Agent (Verified) Microsoft Windows XP Publisher c:\windows\system32\cscdll.dll
+ SASWinLogon File not found: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\WINDOWS\System32\ssmyst.scr Mystify Screen Saver (Verified) Microsoft Windows XP Publisher c:\windows\system32\ssmyst.scr
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{031D9172-6403-477E-B05E-35CC5500398F}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider (Verified) Microsoft Windows XP Publisher c:\windows\system32\mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ BJ Language Monitor Langage Monitor for Canon Bubble-Jet Printer (Verified) Microsoft Windows XP Publisher c:\windows\system32\cnbjmon.dll
+ Local Port Local Spooler DLL (Verified) Microsoft Windows XP Publisher c:\windows\system32\localspl.dll
+ PJL Language Monitor PJL Language monitor (Verified) Microsoft Windows XP Publisher c:\windows\system32\pjlmon.dll
+ Standard TCP/IP Port Standard TCP/IP Port Monitor DLL (Verified) Microsoft Windows XP Publisher c:\windows\system32\tcpmon.dll
+ USB Monitor Standard Dynamic Printing Port Monitor DLL (Verified) Microsoft Windows XP Publisher c:\windows\system32\usbmon.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
+ msv1_0 Microsoft Authentication Package v1.0 (Verified) Microsoft Windows XP Publisher c:\windows\system32\msv1_0.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
+ scecli Windows Security Configuration Editor Client Engine (Verified) Microsoft Windows XP Publisher c:\windows\system32\scecli.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
+ kerberos Kerberos Security Package (Verified) Microsoft Windows XP Publisher c:\windows\system32\kerberos.dll
+ msv1_0 Microsoft Authentication Package v1.0 (Verified) Microsoft Windows XP Publisher c:\windows\system32\msv1_0.dll
+ schannel TLS / SSL Security Provider (Verified) Microsoft Windows XP Publisher c:\windows\system32\schannel.dll
+ wdigest Microsoft Digest Access (Verified) Microsoft Windows XP Publisher c:\windows\system32\wdigest.dll
komplette Sysinternals Suite
(enthält Autoruns u.a.) -
Sysinternals Suite
