Ya pude instalar el Startuplist y aqui el log:
StartupList report, 25/11/05, 07:06:45 p.m.
StartupList version: 1.52
Started from : D:\MIS DOCUMENTOS\DESCARGAS\SEGURIDAD\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
D:\ARCHIVOS DE PROGRAMA\MESSENGERPLUS! 3\MSGPLUS.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\SYSTEM\CLIPFTPMON.PIF
D:\CALCHECK.EXE
C:\WINDOWS.000\SOUNDMAN.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\WINDOWS.000\SYSTEM\STIMON.EXE
C:\WINDOWS.000\SYSTEM\LVCOMS.EXE
C:\WINDOWS.000\SM56HLPR.EXE
C:\WINDOWS.000\LOADQM.EXE
D:\ARCHIVOS DE PROGRAMA\SOUND CLIPS FOR MSN MESSENGER\SOUNDCLIPS.EXE
C:\WINDOWS.000\SYSTEM\ASDCLNMON.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\WINDOWS.000\SYSTEM\SPOOL32.EXE
C:\WINDOWS.000\SYSTEM\ACCCOMMANDMAP.COM
C:\WINDOWS.000\SYSTEM\E_S10IC2.EXE
C:\WINDOWS.000\SYSTEM\KILLUSA.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS.000\SYSTEM\DDHELP.EXE
D:\MIS DOCUMENTOS\DESCARGAS\SEGURIDAD\STARTUPLIST.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS.000\Menú Inicio\Programas\Inicio]
Microsoft Office.lnk = D:\Office10\OSA.EXE
EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS.000\SYSTEM\E_SRCV02.EXE
PER Antivirus.lnk = C:\WINDOWS.000\SYSTEM\MACROMED\Shockwave 10\Download.exe
Ulead Photo Express 3.0 SE Calendar Checker.lnk = D:\CalCheck.exe
Actualización de PER Antivirus.lnk = D:\Mis documentos\solo dcmtos de roger\Perav\PERUPD.EXE
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ScanRegistry = C:\WINDOWS.000\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS.000\taskmon.exe
SystemTray = SysTray.Exe
SoundMan = soundman.exe
Ink Monitor = C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
DXM6Patch_981116 = C:\WINDOWS.000\p_981116.exe /Q:A
LVComs = C:\WINDOWS.000\SYSTEM\LVComS.exe
StillImageMonitor = C:\WINDOWS.000\SYSTEM\STIMON.EXE
SMSERIAL = sm56hlpr.exe
LoadQM = loadqm.exe
SoundClips = D:\ARCHIVOS DE PROGRAMA\SOUND CLIPS FOR MSN MESSENGER\SOUNDCLIPS.EXE
TkBellExe = "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
MessengerPlus3 = "D:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
PAV.EXE = D:\MISDOC~1\SOLODC~1\PERAV\PAV.EXE
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MessengerPlus3 = "D:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe" /WinStart
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = C:\WINDOWS.000\SYSTEM\CLIPFTPMON.PIF "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = C:\WINDOWS.000\SYSTEM\CLIPFTPMON.PIF "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = C:\WINDOWS.000\SYSTEM\CLIPFTPMON.PIF "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = C:\WINDOWS.000\SYSTEM\CLIPFTPMON.PIF "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = C:\WINDOWS.000\SYSTEM\CLIPFTPMON.PIF "%1" /S
--------------------------------------------------
Load/Run keys from C:\WINDOWS.000\WIN.INI:
load=
run=C:\WINDOWS.000\SYSTEM\CLIPFTPMON.PIF
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS.000\SYSTEM.INI:
Shell=Explorer.exe C:\WINDOWS.000\SYSTEM\CLIPFTPMON.PIF
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv
--------------------------------------------------
C:\WINDOWS.000\WININIT.BAK listing:
(Created 23/11/2005, 15:35:8)
[Rename]
NUL=C:\WINDOWS.000\TEMP\_iu14D2N.tmp
NUL=C:\WINDOWS.000\TEMP\~NSU.TMP\AU_.EXE
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
C:\WINDOWS.000\SYSTEM\\SHARE.EXE /L:500 /F:100
mode con codepage prepare=((850) C:\WINDOWS.000\COMMAND\ega.cpi)
mode con codepage select=850
keyb la,,C:\WINDOWS.000\COMMAND\keyboard.sys
win \WINDOWS.000\SYSTEM\FREEPLAYERDRV.BAT
win \WINDOWS.000\SYSTEM\CLIPFTPMON.PIF
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Archivos de programa\NewDotNet\newdotnet6_98.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Optimización del inicio de aplicaciones.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS.000\SYSTEM\MACROMED\FLASH\FLASH8.OCX
CODEBASE =
http://download.macromedia.com/pub/shockwa...ash/swflash.cab[YInstStarter Class]
InProcServer32 = C:\ARCHIVOS DE PROGRAMA\YAHOO!\COMMON\YINSTHELPER.DLL
CODEBASE = C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll
[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS.000\DOWNLOADED PROGRAM FILES\MESSENGERSTATSCLIENT.DLL
CODEBASE =
http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab[Checkers Class]
InProcServer32 = C:\WINDOWS.000\DOWNLOADED PROGRAM FILES\MSGRCHKR.DLL
CODEBASE =
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS.000\DOWNLOADED PROGRAM FILES\MINESWEEPER.DLL
CODEBASE =
http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab[Solitaire Showdown Class]
InProcServer32 = C:\WINDOWS.000\DOWNLOADED PROGRAM FILES\SOLITAIRESHOWDOWN.DLL
CODEBASE =
http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS.000\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE =
http://download.macromedia.com/pub/shockwa...director/sw.cab[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS.000\SYSTEM\LEGITCHECKCONTROL.DLL
CODEBASE =
http://go.microsoft.com/fwlink/?linkid=39204[Cult3D ActiveX Player]
InProcServer32 = C:\WINDOWS.000\SYSTEM\CULT3D\IECULT.DLL
CODEBASE =
http://www.cult3d.com/download/cult.cab--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #2: C:\Archivos de programa\NewDotNet\newdotnet6_98.dll
Protocol #1: C:\Archivos de programa\NewDotNet\newdotnet6_98.dll
Protocol #2: C:\Archivos de programa\NewDotNet\newdotnet6_98.dll
Protocol #9: C:\Archivos de programa\NewDotNet\newdotnet6_98.dll
Protocol #10: C:\Archivos de programa\NewDotNet\newdotnet6_98.dll
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\WINDOWS.000\SYSTEM\WEBCHECK.DLL
--------------------------------------------------
End of report, 8,529 bytes
Report generated in 0.358 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
no puedo instalar el hijackthis
Nov 7 2005, 07:34 PM
