Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Start Up List

    Hochgeladen von

    mohamad burhan
    78 Ansichten3 Seiten
    asuggdggegrge

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    TXT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    asuggdggegrge

    Copyright:

    © All Rights Reserved
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    78 Ansichten3 Seiten

    Start Up List

    Hochgeladen von

    mohamad burhan
    asuggdggegrge

    Copyright:

    © All Rights Reserved
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 3

    StartupList report, 08/11/2019, 21.05.

    11
    StartupList version: 1.52.2
    Started from : C:\Users\Administrator\Documents\HijackThis.EXE
    Detected: Unknown Windows (WinNT 6.02.1008)
    Detected: Internet Explorer v11.0 (11.00.10586.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\Program Files (x86)\GBillingClient\gbClientService.exe


    C:\ProgramData\GarenaCIG\GarenaCIG.exe
    C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    C:\Program Files (x86)\GBillingClient\gbClientApp.exe
    C:\Program Files (x86)\GBillingClient\gbClientLocker.exe
    C:\Program Files (x86)\GBillingClient\winvnc.exe
    D:\Game menu\_PLAYNITE\Playnite.DesktopApp.exe
    C:\Program Files (x86)\GBillingClient\cpm.exe
    C:\ProgramData\GarenaCIG\GarenaCIG.exe
    C:\ProgramData\GarenaCIG\GarenaCIG.exe
    D:\Messenger\Garena\Garena\2.0.1909.2618\gxxsvc.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Users\Administrator\Documents\HijackThis.exe
    C:\Windows\SysWOW64\notepad.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:


    [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start
    Menu\Programs\Startup]
    MENU.lnk = D:\Game menu\MENU.exe
    Playnite.lnk = D:\Game menu\_PLAYNITE\Playnite.DesktopApp.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\Program Files (x86)\GBillingClient\gbClientLocker.exe,C:\Program
    Files (x86)\GBillingClient\gbClientApp.exe,C:\Program Files
    (x86)\GBillingClient\gInitTool.exe,

    --------------------------------------------------

    Autorun entries from Registry:


    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java


    Update\jusched.exe"
    gbClientApp = C:\Program Files (x86)\GBillingClient\gbClientApp.exe
    GarenaCIG = "C:\ProgramData\GarenaCIG\GarenaCIG.exe" --tray

    --------------------------------------------------

    Autorun entries from Registry:


    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Discord = C:\Users\Administrator\AppData\Local\Discord\app-0.0.301\Discord.exe

    --------------------------------------------------

    File association entry for .HTA:


    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-


    4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

    --------------------------------------------------

    Shell & screensaver key from C:\Windows\SYSTEM.INI:

    Shell=*INI section not found*


    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*


    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    Lync Click to Call BHO - C:\Program Files (x86)\Microsoft


    Office\Office15\OCHelper.dll - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
    URLRedirectionBHO - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL - {B4F3A835-0E21-
    4959-BA22-42B3008E02FF}
    (no name) - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL - {D0498E0A-45B7-42AE-A9AA-
    ABA463DBD3BF}

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #1: C:\Windows\system32\napinsp.dll


    NameSpace #2: C:\Windows\system32\pnrpnsp.dll
    NameSpace #3: C:\Windows\system32\pnrpnsp.dll
    NameSpace #4: C:\Windows\system32\NLAapi.dll

    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: C:\Program Files (x86)\Google\Update\1.3.33.23||
    C:\Program Files
    (x86)\Google\Chrome\Temp\scoped_dir10568_756296537\old_chrome.exe||C:\Program Files
    (x86)\Google\Chrome\Temp\scoped_dir10568_756296537||C:\Program Files
    (x86)\Google\Chrome\Temp||C:\Users\ADMINI~1\AppData\Local\Temp\is-
    LTNC7.tmp\OCSetupHlp.dll||C:\Users\ADMINI~1\AppData\Local\Temp\is-LTNC7.tmp|||d

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: *Registry key not found*

    --------------------------------------------------
    End of report, 5.109 bytes
    Report generated in 0,015 seconds

    Command line options:


    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

    Das könnte Ihnen auch gefallen