Code:
Alles auswählen Aufklappen ATTFilter
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]
"avgnt" = ""C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Software\Adobe\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte"
-> {HKLM...CLSID} = "Universelle Plug & Play-Geräte"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "C:\Programme\Ahead\InCD\incdshx.dll" ["Nero AG"]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{1AC145F8-E05B-4a04-AFDC-697BD70832B1}" = "Gigabank"
-> {HKLM...CLSID} = "Gigabank"
\InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d66-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
-> {HKLM...CLSID} = "FotoBank"
\InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d67-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
-> {HKLM...CLSID} = "FotoBank"
\InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d68-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
-> {HKLM...CLSID} = "FotoBank"
\InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d6A-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
-> {HKLM...CLSID} = "FotoBank"
\InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d6B-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
-> {HKLM...CLSID} = "FotoBank"
\InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d6C-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
-> {HKLM...CLSID} = "FotoBank"
\InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d6D-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
-> {HKLM...CLSID} = "FotoBank"
\InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d6E-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
-> {HKLM...CLSID} = "FotoBank"
\InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d69-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
-> {HKLM...CLSID} = "FotoBank"
\InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\
<<!>> ("msapsspc.dllschannel.dlldigest.dllmsnsspc.dll" [file not found]) "SecurityProviders" = "msapsspc.dllschannel.dlldigest.dllmsnsspc.dll"
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"| [file not found]|"??*??" (unwritable string) [file not found]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]
23.08.2008, 11:45
Baum-Darstellung