StartupList report, 20/03/2008, 18:47:30
StartupList version: 1.52.2
Started from : D:\Windows Vista\Programas instalados\HijackThis.EXE
Detected: Windows Vista SP1 (WinNT 6.00.1905)
Detected: Internet Explorer v7.00 (7.00.6001.18000)
* Using default options
==================================================
Running processes:
L:\Windows\system32\taskeng.exe
L:\Windows\Explorer.EXE
L:\Windows\system32\taskeng.exe
L:\Program Files\Windows Defender\MSASCui.exe
L:\Program Files\Microsoft IntelliType Pro\itype.exe
L:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Windows Vista\Programas instalados\Java\bin\jusched.exe
L:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
L:\Windows\ehome\ehtray.exe
L:\Program Files\Windows Media Player\wmpnscfg.exe
L:\Users\Paco\AppData\Local\oghop.exe
L:\Windows\ehome\ehmsas.exe
L:\Program Files\Eset\nod32kui.exe
L:\Windows\system32\wbem\unsecapp.exe
D:\Windows Vista\Programas instalados\HijackThis.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = L:\Windows\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
nod32kui = "L:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
itype = "L:\Program Files\Microsoft IntelliType Pro\itype.exe"
IntelliPoint = "L:\Program Files\Microsoft IntelliPoint\ipoint.exe"
SunJavaUpdateSched = "D:\Windows Vista\Programas instalados\Java\bin\jusched.exe"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SpybotSD TeaTimer = L:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
ehTray.exe = L:\Windows\ehome\ehTray.exe
WMPNSCFG = L:\Program Files\Windows Media Player\WMPNSCFG.exe
oghop = l:\users\paco\appdata\local\oghop.exe oghop
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
=
--------------------------------------------------
Shell & screensaver key from L:\Windows\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=explorer.exe
SCRNSAVE.EXE=L:\Windows\system32\Bubbles.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - L:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - D:\Windows Vista\Programas instalados\Microsoft Office\Office12\GrooveShellExtensions.dll - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
(no name) - D:\Windows Vista\Programas instalados\Java\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - L:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - L:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Comprobar actualizaciones de Windows Live Toolbar.job
Mantenimiento con 1 clic.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave ActiveX Control]
InProcServer32 = L:\Windows\system32\macromed\Director\SwDir.dll
CODEBASE =
[Windows Live OneCare safety scanner control]
InProcServer32 = %ProgramFiles%\Windows Live Safety Center\wlscCtrl2.dll
CODEBASE =
[Shockwave Flash Object]
InProcServer32 = L:\Windows\system32\Macromed\Flash\Flash9e.ocx
CODEBASE =
[Virtools WebPlayer Class]
InProcServer32 = L:\Program Files\Virtools\3D Life Player\WebPlayer.ocx
CODEBASE =
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: L:\Windows\system32\NLAapi.dll
NameSpace #2: L:\Windows\system32\napinsp.dll
NameSpace #3: L:\Windows\system32\pnrpnsp.dll
NameSpace #4: L:\Windows\system32\pnrpnsp.dll
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: L:\Windows\system32\webcheck.dll
--------------------------------------------------
End of report, 5.607 bytes
Report generated in 0,032 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
msc hotline sat Virus Research Engineer