Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- StartupList report, 8/2/2011, 1:49:58 PM
- StartupList version: 1.52.2
- Started from : C:\Program Files\Trend Micro\HiJackThis\HiJackThis.EXE
- Detected: Windows XP SP3 (WinNT 5.01.2600)
- Detected: Internet Explorer v8.00 (8.00.6001.18702)
- * Using default options
- ==================================================
- Running processes:
- C:\WINDOWS\System32\smss.exe
- C:\WINDOWS\system32\winlogon.exe
- C:\WINDOWS\system32\services.exe
- C:\WINDOWS\system32\lsass.exe
- C:\WINDOWS\system32\Ati2evxx.exe
- C:\WINDOWS\system32\svchost.exe
- C:\WINDOWS\System32\svchost.exe
- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
- C:\WINDOWS\system32\spoolsv.exe
- C:\WINDOWS\system32\EloSrvce.exe
- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
- C:\Program Files\RealVNC\VNC4\WinVNC4.exe
- C:\WINDOWS\Explorer.EXE
- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
- C:\Program Files\Analog Devices\Core\smax4pnp.exe
- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
- C:\WINDOWS\system32\ctfmon.exe
- C:\WINDOWS\system32\EloDkMon.exe
- C:\WINDOWS\system32\EloTTray.exe
- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
- C:\WINDOWS\system32\NOTEPAD.EXE
- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
- --------------------------------------------------
- Listing of startup folders:
- Shell folders Common Startup:
- [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
- info.lnk = C:\planet\bginfo\info.bat
- --------------------------------------------------
- Checking Windows NT UserInit:
- [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- UserInit = C:\WINDOWS\system32\userinit.exe
- --------------------------------------------------
- Autorun entries from Registry:
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run
- SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe
- ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
- ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
- Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
- Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
- --------------------------------------------------
- Autorun entries from Registry:
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
- --------------------------------------------------
- Autorun entries in Registry subkeys of:
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run
- [OptionalComponents]
- =
- --------------------------------------------------
- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
- Shell=*INI section not found*
- SCRNSAVE.EXE=*INI section not found*
- drivers=*INI section not found*
- Shell & screensaver key from Registry:
- Shell=Explorer.exe
- SCRNSAVE.EXE=*Registry value not found*
- drivers=*Registry value not found*
- Policies Shell key:
- HKCU\..\Policies: Shell=*Registry value not found*
- HKLM\..\Policies: Shell=*Registry value not found*
- --------------------------------------------------
- Enumerating Browser Helper Objects:
- AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
- --------------------------------------------------
- Enumerating Task Scheduler jobs:
- Ad-Aware Update (Weekly).job
- --------------------------------------------------
- Enumerating Download Program Files:
- [WUWebControl Class]
- InProcServer32 = C:\WINDOWS\system32\wuweb.dll
- CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282855032343
- [MUWebControl Class]
- InProcServer32 = C:\WINDOWS\system32\muweb.dll
- CODEBASE = http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1296840871372
- [{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
- CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
- --------------------------------------------------
- Enumerating ShellServiceObjectDelayLoad items:
- WebCheck: C:\WINDOWS\system32\webcheck.dll
- PostBootReminder: C:\WINDOWS\system32\shell32.dll
- CDBurn: C:\WINDOWS\system32\SHELL32.dll
- SysTray: C:\WINDOWS\system32\stobject.dll
- --------------------------------------------------
- End of report, 5,263 bytes
- Report generated in 0.015 seconds
- Command line options:
- /verbose - to add additional info on each section
- /complete - to include empty sections and unsuspicious data
- /full - to include several rarely-important sections
- /force9x - to include Win9x-only startups even if running on WinNT
- /forcent - to include WinNT-only startups even if running on Win9x
- /forceall - to include all Win9x and WinNT startups, regardless of platform
- /history - to list version history only
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement