• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Looka

Help me to understeand Hijack This log ... plz

2 posts in this topic

Hijack This has found something but I'm afraid to act bymyself and maybe cancel something useful, can u help me? (I'm an Italian user and my english is not very good... or technical, so please can you use simple words if u can?)

 

Thanks, I count on you to heal my notebook, this is the "Hijack This" log:

 

StartupList report, 11/07/2004, 14.49.49

StartupList version: 1.52.2

Started from : C:\Documents and Settings\Looka\Desktop\New Utilitiez\Hijack This\HijackThis.EXE

Detected: Windows XP SP1 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe

C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Programmi\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Launch Manager\LaunchAp.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\CtrlVol.exe

C:\Program Files\Launch Manager\Wbutton.exe

C:\WINDOWS\LTSMMSG.exe

C:\Programmi\Synaptics\SynTP\SynTPLpr.exe

C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programmi\File comuni\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Programmi\PeerGuardian\PeerGuardian_1.99b_pr14.exe

C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE

C:\WINDOWS\Integrator.exe

C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Documents and Settings\Looka\Desktop\New Utilitiez\Hijack This\HijackThis.exe

C:\Programmi\Messenger\msmsgs.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Looka\Menu Avvio\Programmi\Esecuzione automatica]

AntiCrash.lnk = C:\Programmi\AntiCrash\AntiCrash.exe

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]

hp psc 1000 series.lnk = ?

hpoddt01.exe.lnk = ?

Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE

Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

LaunchAp = C:\Program Files\Launch Manager\LaunchAp.exe

HotkeyApp = C:\Program Files\Launch Manager\HotkeyApp.exe

CtrlVol = C:\Program Files\Launch Manager\CtrlVol.exe

Wbutton = "C:\Program Files\Launch Manager\Wbutton.exe"

LTSMMSG = LTSMMSG.exe

SynTPLpr = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe

SynTPEnh = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

ATIModeChange = Ati2mdxx.exe

ATIPTA = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

CloneCDElbyCDFL = "C:\Programmi\CloneCD\ElbyCheck.exe" /L ElbyCDFL

ccApp = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"

NeroCheck = C:\WINDOWS\System32\\NeroCheck.exe

Overnet = C:\Programmi\Overnet\eDonkey2000.exe -t

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe

MsnMsgr = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background

Skype = "C:\Programmi\Skype\Skype.exe" /nosplash /minimized

PeerGuardian = C:\Programmi\PeerGuardian\PeerGuardian_1.99b_pr14.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

[OptionalComponents]

*No values found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

 

--------------------------------------------------

 

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

 

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

 

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

 

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\System32\ssmypics.scr

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Editor del Registro di sistema'

 

Registry check passed

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - C:\AddOn\AcrobatReader\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

NAV Helper - C:\Programmi\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

FRU Task #Hewlett-Packard#hp psc 1100 series#1088523822.job

Norton AntiVirus - Scansione del computer - Looka.job

Norton AntiVirus - Scansione del computer.job

Symantec NetDetect.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[DirectAnimation Java Classes]

CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab

OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

 

[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx

CODEBASE = http://active.macromedia.com/flash2/cabs/swflash.cab

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

NameSpace #4: C:\WINDOWS\System32\nwprovau.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll

Protocol #19: C:\WINDOWS\system32\mswsock.dll

Protocol #20: C:\WINDOWS\system32\mswsock.dll

Protocol #21: C:\WINDOWS\system32\mswsock.dll

Protocol #22: C:\WINDOWS\system32\mswsock.dll

Protocol #23: C:\WINDOWS\system32\mswsock.dll

Protocol #24: C:\WINDOWS\system32\mswsock.dll

Protocol #25: C:\WINDOWS\system32\mswsock.dll

Protocol #26: C:\WINDOWS\system32\mswsock.dll

Protocol #27: C:\WINDOWS\system32\mswsock.dll

Protocol #28: C:\WINDOWS\system32\mswsock.dll

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)

Servizio installazione driver audio Intel® 82801 (WDM): system32\drivers\ac97intc.sys (manual start)

Driver ACPI Microsoft: System32\DRIVERS\ACPI.sys (system)

Driver del controller integrato Microsoft: System32\DRIVERS\ACPIEC.sys (system)

adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)

Eliminatore di eco acustico del kernel Microsoft: system32\drivers\aec.sys (manual start)

Ambiente supporto di rete AFD: \SystemRoot\System32\drivers\afd.sys (autostart)

Filtro bus Intel AGP: \SystemRoot\System32\DRIVERS\agp440.sys (disabled)

Filtro bus Compaq AGP: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)

Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)

aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)

aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)

Avvisi: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Servizio Gateway di livello applicazione: %SystemRoot%\System32\alg.exe (manual start)

AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)

Filtro bus ALI AGP: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)

Driver filtro bus AMD AGP: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)

amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)

Gestione applicazione: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Protocollo client ARP 1394: System32\DRIVERS\arp1394.sys (manual start)

asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)

asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)

asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)

Driver per supporti asincroni RAS: System32\DRIVERS\asyncmac.sys (manual start)

Controller disco rigido IDE/ESDI standard: System32\DRIVERS\atapi.sys (system)

Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)

ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)

Protocollo client ARP ATM: System32\DRIVERS\atmarpc.sys (manual start)

Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver stub audio: System32\DRIVERS\audstub.sys (manual start)

Servizio trasferimento intelligente in background: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Bridge MAC: System32\DRIVERS\bridge.sys (manual start)

Miniport del ponte MAC: System32\DRIVERS\bridge.sys (manual start)

Browser di computer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Bluetooth Audio: System32\DRIVERS\btaudio.sys (manual start)

Bluetooth Virtual Communications Driver: System32\DRIVERS\btport.sys (manual start)

Bluetooth LAN Access Server: System32\DRIVERS\btwdndis.sys (manual start)

WIDCOMM USB Bluetooth Driver: System32\Drivers\btwusb.sys (manual start)

cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)

Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)

Symantec Event Manager: "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe" (autostart)

Symantec Password Validation: "C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe" (manual start)

Symantec Settings Manager: "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe" (autostart)

cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)

Driver del CD-ROM: System32\DRIVERS\cdrom.sys (system)

Servizio di indicizzazione: %SystemRoot%\system32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)

Driver scheda AC Microsoft: System32\DRIVERS\CmBatt.sys (manual start)

CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)

Conexant USB Network Adapter Driver: System32\DRIVERS\CnxTrLan.sys (manual start)

Conexant USB Network Interface Device Driver: System32\DRIVERS\CnxTrUsb.sys (manual start)

Driver della batteria composita Microsoft: System32\DRIVERS\compbatt.sys (system)

Applicazione di sistema COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)

Servizi di crittografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)

dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)

Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver del disco: System32\DRIVERS\disk.sys (system)

Servizio amministrativo di Gestione disco logico: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

dmio: System32\drivers\dmio.sys (disabled)

dmload: System32\drivers\dmload.sys (disabled)

Gestione dischi logici: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Sintetizzatore DLS Microsoft Kernel: system32\drivers\DMusic.sys (manual start)

Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)

Decodificatore audio DRM del kernel Microsoft: system32\drivers\drmkaud.sys (manual start)

ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start)

ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)

ElbyVCD: System32\DRIVERS\ElbyVCD.sys (system)

Servizio di segnalazione errori: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Registro eventi: %SystemRoot%\system32\services.exe (autostart)

Sistema di eventi COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)

Compatibilità di Cambio rapido utente: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Fax: %systemroot%\system32\fxssvc.exe (autostart)

Driver controller disco floppy: System32\DRIVERS\fdc.sys (manual start)

Driver disco floppy: System32\DRIVERS\flpydisk.sys (manual start)

Driver archiviazione volumi: System32\DRIVERS\ftdisk.sys (system)

Utilità di classificazione pacchetti generica: System32\DRIVERS\msgpc.sys (manual start)

Guida in linea e supporto tecnico: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Accesso periferica Human Interface: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Driver di classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start)

hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)

IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start)

Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start)

USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start)

i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)

Driver di porta mouse PS/2 e tastiera i8042: System32\DRIVERS\i8042prt.sys (system)

Driver filtro masterizzazione CD: System32\DRIVERS\imapi.sys (system)

Servizio COM di masterizzazione CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start)

ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)

IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)

Driver firewall IPv6: System32\DRIVERS\Ip6Fw.sys (manual start)

Firewall connessione Internet IPv6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver filtro traffico IP: System32\DRIVERS\ipfltdrv.sys (manual start)

Driver tunnel IP in IP: System32\DRIVERS\ipinip.sys (manual start)

Traduttore indirizzi di rete IP: System32\DRIVERS\ipnat.sys (manual start)

Driver IPSEC: System32\DRIVERS\ipsec.sys (system)

Servizio enumeratore infrarossi: System32\DRIVERS\irenum.sys (manual start)

Driver bus PnP ISA/EISA: System32\DRIVERS\isapnp.sys (system)

Driver classe tastiera: System32\DRIVERS\kbdclass.sys (system)

Mixer wave audio del kernel Microsoft: system32\drivers\kmixer.sys (manual start)

Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Helper NetBIOS di TCP/IP: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Lucent Technologies Soft Modem: System32\DRIVERS\LTSM.sys (manual start)

Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Condivisione desktop remoto di NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start)

Driver classe mouse: System32\DRIVERS\mouclass.sys (system)

Driver di mouse HID: System32\DRIVERS\mouhid.sys (manual start)

mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)

Redirector del client WebDav: System32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: System32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)

Proxy di servizio di flusso Microsoft: system32\drivers\MSKSSRV.sys (manual start)

Proxy clock di flusso Microsoft: system32\drivers\MSPCLOCK.sys (manual start)

Proxy di gestione qualità di flusso Microsoft: system32\drivers\MSPQM.sys (manual start)

Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)

NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)

Servizio Norton AntiVirus Auto-Protect: "C:\Programmi\Norton AntiVirus\navapsvc.exe" (autostart)

NAVENG: \??\C:\PROGRA~1\FILECO~1\SYMANT~1\VIRUSD~1\20040707.008\NAVENG.Sys (manual start)

NAVEX15: \??\C:\PROGRA~1\FILECO~1\SYMANT~1\VIRUSD~1\20040707.008\NavEx15.Sys (manual start)

Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)

Driver TAPI NDIS di accesso remoto: System32\DRIVERS\ndistapi.sys (manual start)

Protocollo I/O modalità utente su NDIS: System32\DRIVERS\ndisuio.sys (manual start)

Driver WAN NDIS di accesso remoto: System32\DRIVERS\ndiswan.sys (manual start)

Interfaccia NetBIOS: System32\DRIVERS\netbios.sys (system)

NetBT: System32\DRIVERS\netbt.sys (system)

DDE di rete: %SystemRoot%\system32\netdde.exe (manual start)

DDE DSDM di rete: %SystemRoot%\system32\netdde.exe (manual start)

Accesso rete: %SystemRoot%\System32\lsass.exe (manual start)

Connessioni di rete: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)

NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver di Network Monitor: System32\DRIVERS\NMnt.sys (manual start)

NPPTNT: \??\C:\WINDOWS\System32\npptNT.sys (system)

Driver periferica infrarossi NSC: System32\DRIVERS\nscirda.sys (manual start)

nsysaudm: \??\C:\DOCUME~1\Looka\IMPOST~1\Temp\nsysaudm.sys (manual start)

Provider supporto protezione LM NT: %SystemRoot%\System32\lsass.exe (manual start)

Archivi rimovibili: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Driver filtro traffico IPX: System32\DRIVERS\nwlnkflt.sys (manual start)

Driver inoltratore traffico IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)

Protocollo di trasporto compatibile NWLink IPX/SPX/NetBIOS: System32\DRIVERS\nwlnkipx.sys (autostart)

NWLink NetBIOS: System32\DRIVERS\nwlnknb.sys (autostart)

Protocollo NWLink SPX/SPXII: System32\DRIVERS\nwlnkspx.sys (autostart)

Agente SAP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Controller host OHCI compatibile IEEE 1394: System32\DRIVERS\ohci1394.sys (system)

Driver della porta parallela: System32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: System32\DRIVERS\pci.sys (system)

PciBus: \??\C:\Programmi\MadOnion.com\3DMark2001 SE\PciBus.sys (manual start)

PCIIde: System32\DRIVERS\pciide.sys (system)

Pcmcia: System32\DRIVERS\pcmcia.sys (system)

perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)

perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start)

Servizi IPSEC: %SystemRoot%\System32\lsass.exe (autostart)

WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Driver processore: System32\DRIVERS\processr.sys (system)

Star Force copy protection driver v4: \SystemRoot\System32\drivers\prodrv04.sys (system)

StarForce Protection Environment Driver v6: \SystemRoot\System32\drivers\prodrv06.sys (system)

StarForce Protection Helper Driver v2: System32\drivers\prohlp02.sys (system)

Archiviazione protetta: %SystemRoot%\system32\lsass.exe (autostart)

Utilità di pianificazione pacchetti QoS: System32\DRIVERS\psched.sys (manual start)

Driver Direct Parallel Link: System32\DRIVERS\ptilink.sys (manual start)

Logitech QuickCam Express(PID_0840): System32\DRIVERS\LVCD.sys (manual start)

ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)

Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)

ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)

ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)

ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)

Radeon Probe Driver: System32\DRIVERS\RadProbe.sys (manual start)

Driver connessione automatica Accesso remoto: System32\DRIVERS\rasacd.sys (system)

Auto Connection Manager di Accesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WAN Miniport (IrDA): System32\DRIVERS\rasirda.sys (manual start)

WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Connection Manager di Accesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver PPPOE di accesso remoto: System32\DRIVERS\raspppoe.sys (manual start)

Direct Parallel: System32\DRIVERS\raspti.sys (manual start)

Rdbss: System32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Driver redirector periferica Terminal Server: System32\DRIVERS\rdpdr.sys (manual start)

Gestione sessione di assistenza mediante desktop remoto: C:\WINDOWS\system32\sessmgr.exe (manual start)

Driver filtro riproduzione CD-ROM audio digitale: System32\DRIVERS\redbook.sys (system)

Routing e Accesso remoto: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)

RPC Locator: %SystemRoot%\System32\locator.exe (manual start)

RPC (Remote Procedure Call): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)

Driver NT scheda Fast Ethernet PCI Realtek basata su RTL8139: System32\DRIVERS\RTL8139.SYS (manual start)

Gestione account di protezione (SAM): %SystemRoot%\system32\lsass.exe (autostart)

SAVRT: \??\C:\Programmi\Norton AntiVirus\SAVRT.SYS (system)

SAVRTPEL: \??\C:\Programmi\Norton AntiVirus\SAVRTPEL.SYS (system)

SAVScan: C:\Programmi\Norton AntiVirus\SAVScan.exe (manual start)

ScriptBlocking Service: C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)

Helper smart card: %SystemRoot%\System32\SCardSvr.exe (manual start)

smart card: %SystemRoot%\System32\SCardSvr.exe (manual start)

Utilità di pianificazione: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: System32\DRIVERS\secdrv.sys (autostart)

Accesso secondario: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Notifica eventi di sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Driver filtro Serenum: System32\DRIVERS\serenum.sys (manual start)

Driver della porta seriale: System32\DRIVERS\serial.sys (system)

Driver del mouse seriale: System32\DRIVERS\sermouse.sys (manual start)

StarForce Protection Helper Driver: System32\drivers\sfhlp01.sys (system)

Firewall della connessione Internet (ICF) / Condivisione connessione Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Rilevamento hardware shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Service for AC'97 Sample Driver (WDM): system32\drivers\sis7012.sys (manual start)

SiS AGP Filter: System32\DRIVERS\sisagp.sys (system)

SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)

BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)

Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)

Frazionatore audio del kernel Microsoft: system32\drivers\splitter.sys (manual start)

Spooler di stampa: %SystemRoot%\system32\spoolsv.exe (autostart)

Driver filtro Ripristino configurazione di sistema: System32\DRIVERS\sr.sys (system)

Servizio Ripristino configurazione di sistema: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

Servizio di rilevamento SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Acquisizione di immagini di Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)

BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)

Driver bus software: System32\DRIVERS\swenum.sys (manual start)

Sintetizzatore Wavetable GS kernel Microsoft: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{EB32DEE0-99F5-4F30-8697-F1DDE06FBC99} (manual start)

symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)

symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)

SymEvent: \??\C:\Programmi\Symantec\SYMEVENT.SYS (manual start)

SYMREDRV: \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (manual start)

SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (autostart)

sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)

sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)

Synaptics TouchPad Driver: System32\DRIVERS\SynTP.sys (manual start)

Periferica audio di sistema Microsoft Kernel: system32\drivers\sysaudio.sys (manual start)

Avvisi e registri di prestazioni: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telefonia: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Driver protocollo TCP/IP: System32\DRIVERS\tcpip.sys (system)

Driver della periferica terminale: System32\DRIVERS\termdd.sys (system)

Servizi terminal: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Temi: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)

Manutenzione collegamenti distribuiti client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)

Driver aggiornamento microcodice: System32\DRIVERS\update.sys (manual start)

Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Host di periferiche Plug and Play universali: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Gruppo di continuità: %SystemRoot%\System32\ups.exe (manual start)

Driver principale generico USB Microsoft: System32\DRIVERS\usbccgp.sys (manual start)

Driver Miniport controller enhanced host USB 2.0 Microsoft: System32\DRIVERS\usbehci.sys (manual start)

USB Root Hub (usbport): System32\DRIVERS\usbhub.sys (manual start)

Driver miniport per controller open host USB Microsoft: System32\DRIVERS\usbohci.sys (manual start)

Classe stampanti USB Microsoft: System32\DRIVERS\usbprint.sys (manual start)

Driver scanner USB: System32\DRIVERS\usbscan.sys (manual start)

Driver archiviazione di massa USB: System32\DRIVERS\USBSTOR.SYS (manual start)

Driver Miniport Controller Universal Host USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start)

User Privilege Service: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)

VgaSave: \SystemRoot\System32\drivers\vga.sys (system)

Filtro bus VIA AGP: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)

ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)

Copia replicata del volume: %SystemRoot%\System32\vssvc.exe (manual start)

Ora di Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Driver ARP IP di accesso remoto: System32\DRIVERS\wanarp.sys (manual start)

Wbutton: \SystemRoot\system32\drivers\Wbutton.sys (system)

USB Bridge Cable Driver: System32\Drivers\usbbc.sys (manual start)

Microsoft WDM Virtual Wave Driver (WDM): system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Strumentazione gestione Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Servizio Numero di serie per dispositivi multimediali portatili: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Scheda WMI Performance: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)

World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)

Aggiornamenti automatici: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Zero Configuration reti senza fili: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

 

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute = autocheck autochk *

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

 

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*Registry key not found*

 

--------------------------------------------------

 

End of report, 39.750 bytes

Report generated in 0,380 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

 

 

 

Thanks.

 

Looka.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0