SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc > Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware
Critical System error (SOLUCIONADO)
171278:
Pega igualmente los reports y un nuevo log, para verificar que estas limpio.
Un Saludo.
Dantter:
:verysad: me he ilusionado bastanta pronto ....
Al parecer esta entrada se quito por un momento con el Ewido ( C:/WINDOWS/system32/syycum.dll ) lo mantiene en cuarentena pero el kerio firewall me reporta una entrada de /??/C:/WINDOWS/system32/winlogon.exe ( no se si tienen relacion los dos con el critical error) :???: me sala cada cierto tiempo :fadao:
Report Ewido:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:30:16 01/10/2006
+ Scan result:
C:\WINDOWS\system32\__delete_on_reboot__s_y_y_c_u_m_._d_l_l_ -> Not-A-Virus.Hoax.Win32.Renos.er : No action taken.
[1864] C:\WINDOWS\system32\syycum.dll -> Not-A-Virus.Hoax.Win32.Renos.er : No action taken.
:mozilla.59:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\r6ajkitm.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.60:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\r6ajkitm.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.61:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\r6ajkitm.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.57:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\r6ajkitm.default\cookies.txt -> TrackingCookie.Popuptraffic : No action taken.
:mozilla.58:C:\Documents and Settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\r6ajkitm.default\cookies.txt -> TrackingCookie.Popuptraffic : No action taken.
::Report end
Report Elistars:
Sun Oct 01 20:51:58 2006
EliStartPage v12.40 (c)2006 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
[WinLogon\Notify\WINUQW32]
Por favor, envienos una muestra del fichero
C:\WinLogon\WINUQW32.DLL
a "[email protected]". Gracias.
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Log Autoruns:
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ ANIWZCS2Service ANIWZCS2 launcher for Windows. (Not verified) Alpha Networks Inc. c:\archivos de programa\ani\aniwzcs2 service\wzcsldr2.exe
+ Conceptronic Conceptronic 54Mbps Wireless Utility Wireless LAN Monitor c:\archivos de programa\conceptronic\conceptronic 54mbps wireless utility\wlanmon.exe
+ NeroFilterCheck NeroCheck (Not verified) Ahead Software Gmbh c:\windows\system32\nerocheck.exe
+ nod32kui NOD32 Control Center GUI (Not verified) Eset c:\archivos de programa\eset\nod32kui.exe
+ nwiz NVIDIA nView Wizard, Version 105.18 (Not verified) NVIDIA Corporation c:\windows\system32\nwiz.exe
+ QuickTime Task QuickTime Task (Not verified) Apple Computer, Inc. c:\archivos de programa\quicktime\qttask.exe
+ SunJavaUpdateSched Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\archivos de programa\java\jre1.5.0_07\bin\jusched.exe
+ TkBellExe RealNetworks Scheduler (Not verified) RealNetworks, Inc. c:\archivos de programa\archivos comunes\real\update_ob\realsched.exe
+ WinampAgent c:\archivos de programa\winamp\winampa.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Classes\Protocols\Filter
+ application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
+ msnim MSN Messenger Protocol Handler (Not verified) Microsoft Corporation c:\archivos de programa\msn messenger\msgrapp.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
+ hemadynamometer File not found: C:\WINDOWS\system32\syycum.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ hemadynamometer File not found: C:\WINDOWS\system32\syycum.dll
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ ewido anti-spyware 4.0 ewido anti-spyware guard (Not verified) Anti-Malware Development a.s. c:\archivos de programa\ewido anti-spyware 4.0\shellexecutehook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Desktop Explorer NVIDIA Desktop Explorer, Version 105.18 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 105.18 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Extensión de paneo de pantalla del Panel de control File not found: deskpan.dll
+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ iTunes iTunes Mini Player DLL (Not verified) Apple Computer, Inc. c:\archivos de programa\itunes\itunesminiplayer.dll
+ NeroDigitalIconHandler Nero Digital Shell Extension (Not verified) Nero AG c:\archivos de programa\archivos comunes\ahead\lib\nerodigitalext.dll
+ NeroDigitalPropSheetHandler Nero Digital Shell Extension (Not verified) Nero AG c:\archivos de programa\archivos comunes\ahead\lib\nerodigitalext.dll
+ NOD32 Context Menu Shell Extension c:\archivos de programa\eset\nodshex.dll
+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 105.18 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. c:\archivos de programa\real\realplayer\rpshell.dll
+ WinRAR shell extension c:\archivos de programa\winrar\rarext.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ NeroDigitalColumnHandler Class Nero Digital Shell Extension (Not verified) Nero AG c:\archivos de programa\archivos comunes\ahead\lib\nerodigitalext.dll
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\archivos de programa\adobe\acrobat 7.0\activex\pdfshell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX (Verified) Adobe Systems, Incorporated c:\archivos de programa\adobe\acrobat 7.0\activex\acroiehelper.dll
+ IeCatch5 Class jccatch Module (Not verified) FlashGet c:\archivos de programa\flashget\jccatch.dll
+ SSVHelper Class Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\archivos de programa\java\jre1.5.0_07\bin\ssv.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ FlashGet Bar FlashGet IE Bar (Not verified) Amaze Soft c:\archivos de programa\flashget\fgiebar.dll
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ &FlashGet FlashGet (Not verified) FlashGet.com c:\archivos de programa\flashget\flashget.exe
Task Scheduler
HKLM\System\CurrentControlSet\Services
+ ANIWZCSdService ANIWZCS2 Service Launcher (Not verified) Alpha Networks Inc. c:\archivos de programa\ani\aniwzcs2 service\aniwzcsds.exe
+ ewido anti-spyware 4.0 guard ewido anti-spyware guard (Not verified) Anti-Malware Development a.s. c:\archivos de programa\ewido anti-spyware 4.0\guard.exe
+ kavsvc File not found: C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
+ KPF4 Sunbelt Kerio Personal Firewall Engine (Verified) Sunbelt Software c:\archivos de programa\sunbelt software\personal firewall\kpf4ss.exe
+ NOD32krn NOD32 Kernel Service (Not verified) Eset c:\archivos de programa\eset\nod32krn.exe
HKLM\System\CurrentControlSet\Services
+ AMON Amon monitor (Not verified) Eset c:\windows\system32\drivers\amon.sys
+ ANIO ANIO (NT5) Driver (Not verified) Alpha Networks Inc. c:\windows\system32\anio.sys
+ ConRT RT2500 802.11g Wireless Adapter Driver (Not verified) Ralink Technology Inc. c:\windows\system32\drivers\conrt.sys
+ ewido anti-spyware 4.0 driver c:\archivos de programa\ewido anti-spyware 4.0\guard.sys
+ fwdrv Sunbelt Kerio Firewall FWDRV (Verified) Sunbelt Software c:\windows\system32\drivers\fwdrv.sys
+ FXDRV File not found: E:\Fxdrv.sys
+ GEARAspiWDM CDRom Class Filter Driver (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
+ InCDPass File not found: system32\drivers\InCDPass.sys
+ InCDRm File not found: system32\drivers\InCDRm.sys
+ khips Sunbelt Kerio Host Intrusion Prevention Driver (Verified) Sunbelt Software c:\windows\system32\drivers\khips.sys
+ Klmc File not found: System32\drivers\klmc.sys
+ npkcrypt nProtect KeyCrypt Driver (Not verified) INCA Internet Co., Ltd. c:\archivos de programa\lineage ii\system\npkcrypt.sys
+ NPPTNT2 nProtect NPSC Kernel Mode Driver for NT (Not verified) INCA Internet Co., Ltd. c:\windows\system32\npptnt2.sys
+ PCTINDIS5 File not found: C:\WINDOWS\system32\PCTINDIS5.SYS
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Not verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ sptd c:\windows\system32\drivers\sptd.sys
+ tap0801 TAP-Win32 Virtual Network Driver (Not verified) The OpenVPN Project c:\windows\system32\drivers\tap0801.sys
+ TVICHW32 TVicHW32 Driver for Windows NT/2000/XP (Not verified) EnTech Taiwan c:\windows\system32\drivers\tvichw32.sys
+ usbsermpt USB Modem Driver (Not verified) Microsoft Corporation c:\windows\system32\drivers\usbsermpt.sys
+ vaxscsi SCSI miniport (Verified) DAEMON Tools Code Signing Services c:\windows\system32\drivers\vaxscsi.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ winuqw32 c:\windows\system32\winuqw32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ NOD32 NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll
+ NOD32 protected [MSAFD Tcpip [RAW/IP]] NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll
+ NOD32 protected [MSAFD Tcpip [TCP/IP]] NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll
+ NOD32 protected [MSAFD Tcpip [UDP/IP]] NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll
+ NOD32 protected [RSVP TCP Service Provider] NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll
+ NOD32 protected [RSVP UDP Service Provider] NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ Microsoft Document Imaging Writer Monitor Microsoft® Document Imaging (Not verified) Microsoft Corporation c:\windows\system32\mdimon.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
Log Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 21:04:55, on 01/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
C:\Archivos de programa\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
C:\Archivos de programa\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Archivos de programa\Winamp\winampa.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Java\jre1.5.0_07\bin\jusched.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Archivos de programa\ewido anti-spyware 4.0\ewido.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\Notepad.exe
C:\Archivos de programa\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARCHIV~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Archivos de programa\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Archivos de programa\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O8 - Extra context menu item: Descargar con Fl&ashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149276133581
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winuqw32 - C:\WINDOWS\SYSTEM32\winuqw32.dll
O21 - SSODL: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - C:\WINDOWS\system32\syycum.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Archivos de programa\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Unknown owner - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Archivos de programa\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Eso es todo lo que me pides....
Muchas gracias por mirar todo esto :destroyer:
Mr_X:
Haz una copia de seguridad del registro (te recomiendo el ERUNT), deshabilita el "Restaurar el sistema", reinicia en MODO SEGURO, ejecuta el Autoruns, selecciona las siguientes entradas con el botón derecho y dale a "Delete":
--- Código: ---HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
+ hemadynamometer File not found: C:\WINDOWS\system32\syycum.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ hemadynamometer File not found: C:\WINDOWS\system32\syycum.dll
HKLM\System\CurrentControlSet\Services
+ kavsvc File not found: C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
HKLM\System\CurrentControlSet\Services
+ FXDRV File not found: E:\Fxdrv.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ winuqw32 c:\windows\system32\winuqw32.dll
--- Fin del código ---
Reinicia normal, actualiza el NOD32 y pásalo reiniciando en Modo seguro... Saca nuevos logs...
Dantter:
Gracias por tu ayuda.. :-d
Aqui tienes los Log
Log Autoruns:
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ ANIWZCS2Service ANIWZCS2 launcher for Windows. (Not verified) Alpha Networks Inc. c:\archivos de programa\ani\aniwzcs2 service\wzcsldr2.exe
+ Conceptronic Conceptronic 54Mbps Wireless Utility Wireless LAN Monitor c:\archivos de programa\conceptronic\conceptronic 54mbps wireless utility\wlanmon.exe
+ NeroFilterCheck NeroCheck (Not verified) Ahead Software Gmbh c:\windows\system32\nerocheck.exe
+ nod32kui NOD32 Control Center GUI (Not verified) Eset c:\archivos de programa\eset\nod32kui.exe
+ nwiz NVIDIA nView Wizard, Version 105.18 (Not verified) NVIDIA Corporation c:\windows\system32\nwiz.exe
+ SunJavaUpdateSched Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\archivos de programa\java\jre1.5.0_07\bin\jusched.exe
+ TkBellExe RealNetworks Scheduler (Not verified) RealNetworks, Inc. c:\archivos de programa\archivos comunes\real\update_ob\realsched.exe
+ WinampAgent c:\archivos de programa\winamp\winampa.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Classes\Protocols\Filter
+ application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
+ msnim MSN Messenger Protocol Handler (Not verified) Microsoft Corporation c:\archivos de programa\msn messenger\msgrapp.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ ewido anti-spyware 4.0 ewido anti-spyware guard (Not verified) Anti-Malware Development a.s. c:\archivos de programa\ewido anti-spyware 4.0\shellexecutehook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Desktop Explorer NVIDIA Desktop Explorer, Version 105.18 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 105.18 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Extensión de paneo de pantalla del Panel de control File not found: deskpan.dll
+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ iTunes iTunes Mini Player DLL (Not verified) Apple Computer, Inc. c:\archivos de programa\itunes\itunesminiplayer.dll
+ NeroDigitalIconHandler Nero Digital Shell Extension (Not verified) Nero AG c:\archivos de programa\archivos comunes\ahead\lib\nerodigitalext.dll
+ NeroDigitalPropSheetHandler Nero Digital Shell Extension (Not verified) Nero AG c:\archivos de programa\archivos comunes\ahead\lib\nerodigitalext.dll
+ NOD32 Context Menu Shell Extension c:\archivos de programa\eset\nodshex.dll
+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 105.18 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. c:\archivos de programa\real\realplayer\rpshell.dll
+ WinRAR shell extension c:\archivos de programa\winrar\rarext.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ NeroDigitalColumnHandler Class Nero Digital Shell Extension (Not verified) Nero AG c:\archivos de programa\archivos comunes\ahead\lib\nerodigitalext.dll
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\archivos de programa\adobe\acrobat 7.0\activex\pdfshell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX (Verified) Adobe Systems, Incorporated c:\archivos de programa\adobe\acrobat 7.0\activex\acroiehelper.dll
+ IeCatch5 Class jccatch Module (Not verified) FlashGet c:\archivos de programa\flashget\jccatch.dll
+ SSVHelper Class Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\archivos de programa\java\jre1.5.0_07\bin\ssv.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ FlashGet Bar FlashGet IE Bar (Not verified) Amaze Soft c:\archivos de programa\flashget\fgiebar.dll
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ &FlashGet FlashGet (Not verified) FlashGet.com c:\archivos de programa\flashget\flashget.exe
Task Scheduler
HKLM\System\CurrentControlSet\Services
+ ANIWZCSdService ANIWZCS2 Service Launcher (Not verified) Alpha Networks Inc. c:\archivos de programa\ani\aniwzcs2 service\aniwzcsds.exe
+ ewido anti-spyware 4.0 guard ewido anti-spyware guard (Not verified) Anti-Malware Development a.s. c:\archivos de programa\ewido anti-spyware 4.0\guard.exe
+ KPF4 Sunbelt Kerio Personal Firewall Engine (Verified) Sunbelt Software c:\archivos de programa\sunbelt software\personal firewall\kpf4ss.exe
+ NOD32krn NOD32 Kernel Service (Not verified) Eset c:\archivos de programa\eset\nod32krn.exe
HKLM\System\CurrentControlSet\Services
+ AMON Amon monitor (Not verified) Eset c:\windows\system32\drivers\amon.sys
+ ANIO ANIO (NT5) Driver (Not verified) Alpha Networks Inc. c:\windows\system32\anio.sys
+ ConRT RT2500 802.11g Wireless Adapter Driver (Not verified) Ralink Technology Inc. c:\windows\system32\drivers\conrt.sys
+ ewido anti-spyware 4.0 driver c:\archivos de programa\ewido anti-spyware 4.0\guard.sys
+ fwdrv Sunbelt Kerio Firewall FWDRV (Verified) Sunbelt Software c:\windows\system32\drivers\fwdrv.sys
+ GEARAspiWDM CDRom Class Filter Driver (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
+ InCDPass File not found: system32\drivers\InCDPass.sys
+ InCDRm File not found: system32\drivers\InCDRm.sys
+ khips Sunbelt Kerio Host Intrusion Prevention Driver (Verified) Sunbelt Software c:\windows\system32\drivers\khips.sys
+ Klmc File not found: System32\drivers\klmc.sys
+ npkcrypt nProtect KeyCrypt Driver (Not verified) INCA Internet Co., Ltd. c:\archivos de programa\lineage ii\system\npkcrypt.sys
+ NPPTNT2 nProtect NPSC Kernel Mode Driver for NT (Not verified) INCA Internet Co., Ltd. c:\windows\system32\npptnt2.sys
+ PCTINDIS5 File not found: C:\WINDOWS\system32\PCTINDIS5.SYS
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Not verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ sptd c:\windows\system32\drivers\sptd.sys
+ tap0801 TAP-Win32 Virtual Network Driver (Not verified) The OpenVPN Project c:\windows\system32\drivers\tap0801.sys
+ TVICHW32 TVicHW32 Driver for Windows NT/2000/XP (Not verified) EnTech Taiwan c:\windows\system32\drivers\tvichw32.sys
+ usbsermpt USB Modem Driver (Not verified) Microsoft Corporation c:\windows\system32\drivers\usbsermpt.sys
+ vaxscsi SCSI miniport (Verified) DAEMON Tools Code Signing Services c:\windows\system32\drivers\vaxscsi.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ winuqw32 c:\windows\system32\winuqw32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ NOD32 NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll
+ NOD32 protected [MSAFD Tcpip [RAW/IP]] NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll
+ NOD32 protected [MSAFD Tcpip [TCP/IP]] NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll
+ NOD32 protected [MSAFD Tcpip [UDP/IP]] NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll
+ NOD32 protected [RSVP TCP Service Provider] NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll
+ NOD32 protected [RSVP UDP Service Provider] NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ Microsoft Document Imaging Writer Monitor Microsoft® Document Imaging (Not verified) Microsoft Corporation c:\windows\system32\mdimon.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
Log Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 18:47:30, on 02/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\ARCHIV~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Archivos de programa\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Archivos de programa\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O8 - Extra context menu item: Descargar con Fl&ashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149276133581
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winuqw32 - C:\WINDOWS\SYSTEM32\winuqw32.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Archivos de programa\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Archivos de programa\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Si necesitas otro pidemelo :mrgreen:
Vamos a ver como esta :(
171278:
Baja Killbox:
http://www.downloads.subratam.org/KillBox.exe (No lo ejecutes)
Desactiva la opcion de Restaurar sistema
Asegura que tu sistema Muestre los Archivos y Carpetas ocultos
Reinicia en Modo Seguro (Desconectate fisicamente de internet)
Ejecuta el HijackThis y da click en el boton "Do a system scan only"
Selecciona las casillas de las siguientes entradas y presiona el boton "Fix Checked":
O20 - Winlogon Notify: winuqw32 - C:\WINDOWS\SYSTEM32\winuqw32.dll
Cierra el hijackthis,y sin reiniciar abre KillBox busca estos archivos o carpetas y eliminalos:
Abre Kill Box sin reiniciar
Doble clic para que arranque ,marca “Standard File Kill.”
En” Full Path of File to Delete” pones la ruta del archivo...
EJEMPLO: C:\WINDOWS\system32\issearch.exe
Y pulsa el botón que parece un circulo rojo con una X :blanca en él. Cuando te pregunte si deseas reiniciar ahora ("Reboot now"), dile que NO hasta eliminar todas estas:
C:\WINDOWS\SYSTEM32\winuqw32.dll
Pega un nuevo log de HijackThis y otro de Autoruns.
PD: Desinstala Fl&ashGet si es la version gratuita
Navegación
[#] Página Siguiente
[*] Página Anterior
Ir a la versión completa