Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

PC slow to be so clean......


  • This topic is locked This topic is locked
No replies to this topic

#1 mauropitta

mauropitta

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 14 November 2007 - 12:06 PM

Dear Friends,
thanks in advance for the consideration.
After a scan with HJ and after have "depurated the list of the secure items, I remain with this last 5 who seems to be of Norton AV but lack the company name and this for me is suspicious because the others have this.
My pc is upated and clean from junk files and also I keep the registers clean by using Uniblue registry cleaner.
I enclose here the log generate and also the startup list for your eventual info.
Thanks in advance for the help.

Logfile of HijackThis v1.99.1
Scan saved at 18.18.11, on 14/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\WINDOWS\vVX3000.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Password Agent\PwAgent.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\Pantone\huey\hueyTray.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\HJT\HijackThis.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmi\File

comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -

C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner -

C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner -

C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec

Shared\CCPD-LC\symlcsvc.exe


and herebelow tha startuo list:

StartupList report, 14/11/2007, 18.19.37
StartupList version: 1.52.2
Started from : C:\HJT\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16544)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\WINDOWS\vVX3000.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Password Agent\PwAgent.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmi\Pantone\huey\hueyTray.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\HJT\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Mauro\Menu Avvio\Programmi\Esecuzione automatica]
Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe
hueyTray.lnk = C:\Programmi\Pantone\huey\hueyTray.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

zBrowser Launcher = C:\Programmi\Logitech\iTouch\iTouch.exe
VX3000 = C:\WINDOWS\vVX3000.exe
SoundMAXPnP = C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
SoundMAX = "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
PinnacleDriverCheck = C:\WINDOWS\system32\PSDrvCheck.exe
LifeCam = "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
ccApp = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
osCheck = "C:\Programmi\Norton AntiVirus\osCheck.exe"
Symantec PIF AlertEng = "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
SunJavaUpdateSched = "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
Windows Defender = "C:\Programmi\Windows Defender\MSASCui.exe" -hide
Logitech Utility = Logi_MwX.Exe
NeroFilterCheck = C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
Adobe Reader Speed Launcher = "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
StartCCC = "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
EEventManager = C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
QuickTime Task = "C:\Programmi\QuickTime\QTTask.exe" -atboottime
TkBellExe = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PasswordAgent = C:\Programmi\Password Agent\PwAgent.exe /minimize
Update Service = "C:\Programmi\File comuni\Teknum Systems\update.exe" /startup
swg = C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
WMPNSCFG = C:\Programmi\Windows Media Player\WMPNSCFG.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADLTScriptFile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE "%1"

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{10880D85-AAD9-4558-ABDC-2AB1552D831F}] *
StubPath = "C:\Programmi\File comuni\LightScribe\LSRunOnce.exe"

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Programmi\Yahoo!\Companion\Installs\cpn1\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - c:\programmi\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
MP Scheduled Scan.job
Norton AntiVirus - Run Full System Scan - Mauro.job
Uniblue SpeedUpMyPC Nag.job
Uniblue SpeedUpMyPC.job

--------------------------------------------------

Enumerating Download Program Files:

[InstaFred]
InProcServer32 = C:\WINDOWS\DOWNLO~1\InstFred.ocx
CODEBASE = file:///C:/Programmi/AutoCAD%20LT%202002%20Ita/InstFred.ocx

[YInstStarter Class]
InProcServer32 = C:\Programmi\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Programmi\Yahoo!\Common\yinsthelper.dll

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://by117fd.bay11...es/MsnPUpld.cab

[SysVerChk Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SYSVER~1.OCX
CODEBASE = file:///C:/Programmi/AutoCAD%20LT%202002%20Ita/SysVerChk.ocx

[Controllo AcDc oggi]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ACDCTO~1.OCX
CODEBASE = file:///C:/Programmi/AutoCAD%20LT%202002%20Ita/AcDcToday.ocx

[NOXLATE-BANR]
InProcServer32 = C:\WINDOWS\DOWNLO~1\InstBanr.ocx
CODEBASE = file:///C:/Programmi/AutoCAD%20LT%202002%20Ita/InstBanr.ocx

[Driver Agent ActiveX Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\driveragent.ocx
CODEBASE = http://driveragent.c...driveragent.cab

[Controllo AcPreview]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ACPREV~1.OCX
CODEBASE = file:///C:/Programmi/AutoCAD%20LT%202002%20Ita/AcPreview.ocx

--------------------------------------------------

Enumerating Windows NT/2000/XP services

ASUS Virtual Video Capture Device Driver: system32\drivers\asusgsb.sys (autostart)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic LiveUpdate Scheduler: "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart)
BlueSoleil Hid Service: C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe (autostart)
Browser di computer: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Symantec Event Manager: "C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
Symantec Settings Manager: "C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
Symantec Lic NetConnect service: "C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h cltCommon (autostart)
Servizi di crittografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Utilità di avvio processo server DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Gestione dischi logici: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
EIO: \??\C:\WINDOWS\system32\drivers\EIO.sys (autostart)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
Servizio di segnalazione errori: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Registro eventi: %SystemRoot%\system32\services.exe (autostart)
Guida in linea e supporto tecnico: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LightScribeService Direct Disc Labeling Service: "C:\Programmi\File comuni\LightScribe\LSSrvc.exe" (autostart)
LiveUpdate Notice Service Ex: "C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
Helper NetBIOS di TCP/IP: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Machine Debug Manager: "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
MSCamSvc: "C:\Programmi\Microsoft LifeCam\MSCamS32.exe" (autostart)
Accesso rete: %SystemRoot%\system32\lsass.exe (autostart)
OMSCAN: \SystemRoot\system32\drivers\webc3sti.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Servizi IPSEC: %SystemRoot%\system32\lsass.exe (autostart)
Archiviazione protetta: %SystemRoot%\system32\lsass.exe (autostart)
Registro di sistema remoto: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
RPC (Remote Procedure Call): %SystemRoot%\system32\svchost -k rpcss (autostart)
Gestione account di protezione (SAM): %SystemRoot%\system32\lsass.exe (autostart)
sbbotdi: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys (autostart)
Utilità di pianificazione: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Accesso secondario: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Notifica eventi di sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall / Condivisione connessione Internet (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Rilevamento hardware shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SoundMAX Agent Service: C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe (autostart)
Spooler di stampa: %SystemRoot%\system32\spoolsv.exe (autostart)
Servizio Ripristino configurazione di sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Acquisizione di immagini di Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Symantec AppCore Service: "C:\Programmi\File comuni\Symantec Shared\AppCore\AppSvc32.exe" (autostart)
Temi: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Manutenzione collegamenti distribuiti client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
User Profile Hive Cleanup: C:\Programmi\UPHClean\uphclean.exe (autostart)
Utilità di pianificazione di LiveUpdate automatico: "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart)
Ora di Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Defender: "C:\Programmi\Windows Defender\MsMpEng.exe" (autostart)
Strumentazione gestione Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Servizio di condivisione in rete Windows Media Player: "C:\Programmi\Windows Media Player\WMPNetwk.exe" (autostart)
Aggiornamenti automatici: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Zero Configuration reti senza fili: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Mauro\IMPOST~1\Temp\symlcsv1.exe


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 16 887 bytes
Report generated in 0.140 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Mauropitta

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users