Emsisoft HiJackFree

Support

Über uns

Auszeichnung


ZDNet.de - Download des Tages

ZDNet.de - Download des Tages


NBC Giga - Tool of the Day

NBC Giga - Tool of the Day


Tipp der Redaktion

Tipp der Redaktion



Autorun-Liste

Erklärung:

Y Normalerweise ungefährlicher Autorun.
N Nicht erforderlich, kann aber gestartet werden.
U Benutzerabhängig. Kann bei Bedarf gestartet werden.
X Definitiv nicht erforderlich. Normalerweise Malware.
? Unbekannt

Filter:





Zeige: All # A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Alle

757 Autoruns gefunden. Autorun 1 bis 100:

StatusAutorun nameAufruf Beschreibung
X Services.dllsmss.exeAdded by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\system and note the space at the beginning of the "Startup Item" field
X WinCheckservices.exeAdded by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft and note the space at the beginning of the "Startup Item" field
X WinDataservices.exeAdded by the SOBER-AD WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\PoolData and note the space at the beginning of the "Startup Item" field
X Windowsservices.exeAdded by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity and note the space at the beginning of the "Startup Item" field
X WinINetservices.exeAdded by the SOBER.R WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus and note the space at the beginning of the "Startup Item" field
X WinStartservices.exeAdded by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status and note the space at the beginning of the "Startup Item" field
X winsystem.syssmss.exeAdded by the SOBER.K WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\win32 and note the space at the beginning of the "Startup Item" field
Y!!!AntiHookAntiHook.exeAntiHook - the "ultimate Host Intrusion Prevention System (HIPS) for protection against Malicious Software"
Y!1_pgaccountpgaccount.exeDiamondCS ProcessGuard "is a powerful new type of security system that secures Windows at the lowest (kernel) level, allowing it to provide the maximum possible security" stopping malware from being executed silently in the background, as well as a variety of other attacks. You will see one instance of pgaccount.exe for every active account on your system, and this is essential for PG to work properly
Y!1_ProcessGuard_Startupprocguard.exeDiamondCS ProcessGuard "is a powerful new type of security system that secures Windows at the lowest (kernel) level, allowing it to provide the maximum possible security" stopping malware from being executed silently in the background, as well as a variety of other attacks
Y!AVG Anti-Spywareavgas.exeSystem Tray access to and notifications for AVG Anti-Spyware 7.5. This has now been superseded by AVG Anti-Virus which includes Anti-Spyware
Y!ewidoewido.exeSystem Tray access to and notifications for Ewido Anti-Spyware 4.0. Ewido is now part of AVG Technologies so this has been superseded by AVG Anti-Virus which includes Anti-Spyware
N!NoLoadwinrecon.exeWinRecon keystroke logger/monitoring program - remove unless you installed it yourself!
U$EnterNetEnternet.exeConnection manager for the EnterNet ISP. You can also use RASPPOE
X$sys$cmp$sys$xp.exeAdded by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
X$sys$crash$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!
X$sys$crash$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!
X$sys$crash$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!
X$sys$drv$sys$drv.exeAdded by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
X$sys$momomomochin$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!
X$sys$momomomochin$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!
X$sys$momomomochin$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!
X$sys$umaiyo$sys$sonyTimer.exeAdded by the WELOMOCH TROJAN!
X$sys$umaiyo$sys$sos$sys$.exeAdded by the WELOMOCH TROJAN!
X$sys$umaiyo$sys$WeLoveMcCOL.exeAdded by the WELOMOCH TROJAN!
U$Volumouse$volumouse.exeVolumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"
X$WindowsRegKey%updateIEXPLORE.EXEAdded by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%
?%cmpmixtitle%%cmpmixstr%Possibly related to C-Media Mixer Control panel?
N%FP%012-L2TP fts.exefts.exe012.Net.il Israeli ISP software front-end
U%FP%012-L2TP FWPortal.exeFWPortal.exe012.Net.il Israeli ISP dial-up software
N%FP%1776 Internet fts.exefts.exe1776 Internet US ISP software ISP software front-end
U%FP%1776 Internet FWPortal.exeFWPortal.exe1776 Internet US ISP dial-up software
N%FP%AIRTEL fts.exefts.exeBharti Airtel Broadband - Indian ISP software front-end
N%FP%Barak013 fts.exefts.exeBarak013 Israeli ISP software front-end
U%FP%Barak013 FWPortal.exeFWPortal.exeBarak013 Israeli ISP dial-up software
N%FP%Friendly fts.exefts.exeFriendly ISP software front-end
X%Temp%%Temp%\delwdef2008.batWinDefender 2008 rogue privacy program - not recommended, removal instructions here
X%Windir%\winnl.exewinnl.exeAdded by the KIDKITI TROJAN!
X%Windir%\winnm.exewinnm.exeAdded by the KIDKITI TROJAN!
UΣυντόμευση σελίδας ιδιοτήτων του High Definition AudioHDAudPropShortcut.exeRealtek audio card related. Probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required. Greek version
X'AdwarePro''AdwarePro'.exeAdWarePro rogue security software - not recommended
Y'Ashampoo AntiSpyWare 2 Guard'AntiSpyWare2Guard.exePart of Ashampoo® AntiSpyWare 2 from Ashampoo GmbH & Co. KG. This part is the realtime monitor that looks for changes on the users system such as BHO, Winsock LSPs, Windows Hosts file, Autostart entries, etc
X(*)API MachinewinSOCKS.exeHomepage hijacker, see here (* = any digit)
X(*)Runwin32API.exeHomepage hijacker, see here (* = any digit)
X(Default)media_driver.exeAdded by the TUPEG VIRUS! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)Shania.vbsAdded by the SHANIA BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)NOTEPAD.exeAdded by the RUSTY WORM! Note - not to be confused with the valid Windows "NOTEPAD" text editor! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)[random filename].exeAdded by the BLACKMAL WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)twunk_32.exeAdded by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)winhelp.exeAdded by the BLACKMAL.C WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)spolsvr2.exeAdded by the EVILSOCK.10 TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)winbas12.exeAdware, CoolWebSearch parasite related - detected by Kaspersky as the VB.DU TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)Systrsy.exeAdded by the CDTRAY TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)llsass.exeAdded by the PROXY-GG TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)syspol.exeAdded by the DREMN-B TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(default)winlog.exeAdded by the RBOT-CVY WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(default)rundll32.exe [path to DLL file],Do98WorkAdded by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)winligom.exeAdded by the RBOT-GAI WORM! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)5640.exeAdded by the DOWNLD-ABF TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKCU\Run, HKLM\Run and HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)ajsha5.exeAdded by the SPYBOT-NX WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run, HKLM\RunServices and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)QQUpdate.exeAdded by the QUADRULE.A WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)Mcafee.exeAdded by the AGENT.AY TROJAN! Note - this is not a valid McAfee program and is located in %System%. This malware actually changes the value data of the "(Default)" key in HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)fada.exeAdded by the VB.HEI TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run, HKLM\RunServices and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)Default.exeAdded by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\RunOnce & HKCU\RunOnce in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)KEYBOARD.exeAdded by the AUTORUN.BUK WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)msarti.comAdded by the SILLYFDC.CJ WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\..\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)gbpm.exeAdded by the DLOADR.ZZD WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)msnupdate.exeAdded by the RBOT-GWT BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run & HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)regedit.exe /s appboost.regAdded by the APPIX.D WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run and HKCU\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank. The Windows registry editor (regedit.exe) is a legitimate Microsoft file located in %Windir% and shouldn't be deleted. The file "appboost.reg" is located in %Windir%
X(Default)xtreme.exeAdded by the DROPR-CZ TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(default)WINLOGON.EXEAdded by the DELF-LP TROJAN! Note - this malware actually changes the value data of the "(default)" key in HKCU\Policies\Explorer\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)diagcfg.exeAdded by the GWGIRL BACKDOOR! Note - this malware actually changes the value data of the "(Default)" key in HKLM\RunServices in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)asdfsd343f.exeAdded by the AUTORUN-BBB WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(default)svchost.exeAdded by the AUTORUN-CN WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a %ProgramFiles%\Common Files\Services. Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)avg.exeAdded by the BANKER-ETV TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)axeWen.exeAdded by the SCAR-AL WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)ifconfig.exeAdded by the RBOT-GFW WORM! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run, HKLM\RunServices and HKCU\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)winweng.exeAdded by the AGENT-SB MALWARE! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(Default)ctmon.exeAdded by the BANCOS.AAN TROJAN! Note - this malware actually changes the value data of the "(Default)" key in HKLM\Run in order to force Windows to launch it at boot. The name field in MSConfig may be blank
X(L4r1$$4) (4nt1) (V1ruz)SP00Lsv32.pifAdded by the ASSIRAL.B WORM!
X*Bandookmsdll.exeAdded by an unidentified TROJAN - see here
X*Intelli Mouse Pro Version 2.0B*ncsjapi32.exeAdded by the BUZUS-O WORM!
X*JanisRuckenbrodIIjanis.comAdded by the POPS WORM!
X*loadfaxloadfax.exeAdded by the WINFLUX-C BACKDOOR!
X*Microsoft Updatectxma.exeAdded by the STMU TROJAN!
X*Microsoft Updatecxma.exeAdded by the STMU TROJAN!
X*Microsoft Updatewstcl.exeAdded by the STMU TROJAN!
X*Microsoft Updatewucxt.exeAdded by the STMU TROJAN!
X*Microsoft Updatewuytc.exeAdded by the STMU TROJAN!
X*MS Setup[random filename]Virtumondo adware, also known as the VUNDO TROJAN!
X*MSConfig32aecache.exeDetected by F-Secure as the OBFUSCATED.GP TROJAN!
Y*Restorerstrui.exePart of Windows System Restore and added as a RunOnce registry entry. Leave alone
X*Security Centersecctr.exeAdded by the SDBOT.BRO WORM!
Y*StateMgrstatemgr.exeWindows ME default for System Restore. Do NOT disable!
N*WerKernelReportingWerFault.exePart of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here
X*Windows [filename] Checker[filename]Added by the KEDEBE-B WORM!
X*windows updatewrauclt.exeAdded by the RBOT-QU WORM!
X*windows updatewuanclt.exeAdded by the RBOT-PG WORM!
X*windows updatewuaucrlt.exeAdded by the SPYBOT.HUR WORM!
X*windows updatewuraclt.exeAdded by the RBOT-PO WORM!
Seite: 1 2 3 4 5 6 7 8

Diese Autorun Daten werden Ihnen präsentiert in Zusammenarbeit mit Sysinfo.org

Tipp: Emsisoft Anti-Malware - Testsieger!

Testsieg für Emsisoft Anti-Malware beim Antiviren-Vergleichstest von MRG - Malware Research Group - Juni 2009
Mehr über den Testsieger erfahren