Programas que se abren solos y perdida de la memoria del disco Duro

SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc > Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware

<< < (2/3) > >>

Mr_X:
Ahora, reiniciando en Modo seguro, saca un log del Autoruns (clic aquí)...

kashanty:
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ AVG7_CC   AVG Control Center   (Not verified) GRISOFT, s.r.o.   c:\program files\grisoft\avg7\avgcc.exe
+ DPService   HP DVDPlay Resident Program   (Not verified) CyberLink Corp.   c:\program files\hp\dvdplay\dpservice.exe
+ HP Software Update   Hewlett-Packard Product Assistant   (Not verified) Hewlett-Packard Co.   c:\program files\hp\hp software update\hpwuschd2.exe
+ hpsysdrv   hpsysdrv   (Not verified) Hewlett-Packard Company   c:\hp\support\hpsysdrv.exe
+ KBD         c:\hp\kbd\kbdstub.exe
+ OsdMaestro   OsdMaestro main program   (Not verified) OsdMaestro   c:\program files\hewlett-packard\on-screen osd indicator\osd.exe
+ QuickTime Task   QuickTime Task   (Not verified) Apple Inc.   c:\program files\quicktime\qttask.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
+ Launcher   Launcher   (Not verified) soft thinks   c:\windows\sminst\launcher.exe
+ PCDrProfiler   Hardware Diagnostic Tools Profiler   (Not verified) PC-Doctor, Inc.   c:\program files\pc-doctor 5 for windows\runprofiler.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
+ WinZip Quick Pick.lnk   WinZip Executable   (Verified) WinZip Computing   c:\program files\winzip\wzqkpick.exe
C:\Users\Gaby-Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ eMuleAutoStart   eMule   (Not verified) http://www.emule-project.net   c:\program files\emule\emule.exe
+ SpybotSD TeaTimer   System settings protector   (Verified) Safer Networking Ltd.   c:\program files\spybot - search & destroy\teatimer.exe
+ Yahoo! Pager   Yahoo! Messenger   (Verified) Yahoo! Inc.   c:\program files\yahoo!\messenger\yahoomessenger.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\SOFTWARE\Classes\Protocols\Filter
HKLM\SOFTWARE\Classes\Protocols\Handler
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ AVG7 Shell Extension   AVG Shell Extension   (Not verified) GRISOFT, s.r.o.   c:\program files\grisoft\avg7\avgse.dll
+ WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing LP   c:\program files\winzip\wzshlstb.dll
+ Yahoo! Mail   YMMAPI Module   (Verified) Yahoo! Inc.   c:\program files\yahoo!\common\ymmapi.dll
HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ AVG7 Shell Extension   AVG Shell Extension   (Not verified) GRISOFT, s.r.o.   c:\program files\grisoft\avg7\avgse.dll
+ WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing LP   c:\program files\winzip\wzshlstb.dll
HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing LP   c:\program files\winzip\wzshlstb.dll
HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension   PDF Shell Extension   (Not verified) Adobe Systems, Inc.   c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKCU\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Ctf\LangBarAddin
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ AVG7 Find Extension   AVG Shell Extension   (Not verified) GRISOFT, s.r.o.   c:\program files\grisoft\avg7\avgse.dll
+ AVG7 Shell Extension   AVG Shell Extension   (Not verified) GRISOFT, s.r.o.   c:\program files\grisoft\avg7\avgse.dll
+ Nokia Phone Browser   Phone Browser   (Not verified) Nokia   c:\program files\nokia\nokia pc suite 6\phonebrowser.dll
+ Shell Extensions for RealOne Player   RealPlayer Shell Extensions   (Verified) RealNetworks, Inc.   c:\program files\real\realplayer\rpshell.dll
+ ShellViewRTF   ShellvRTF   (Not verified) XSS   c:\windows\system32\shellvrtf.dll
+ WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing LP   c:\program files\winzip\wzshlstb.dll
+ WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing LP   c:\program files\winzip\wzshlstb.dll
+ WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing LP   c:\program files\winzip\wzshlstb.dll
+ WinZip   WinZip Shell Extension DLL   (Not verified) WinZip Computing LP   c:\program files\winzip\wzshlstb.dll
+ Yahoo! Mail   YMMAPI Module   (Verified) Yahoo! Inc.   c:\program files\yahoo!\common\ymmapi.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Aplicación auxiliar de vínculos de Adobe PDF Reader   Adobe PDF Helper for Internet Explorer   (Verified) Adobe Systems, Incorporated   c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
+ Spybot-S&D IE Protection   SBSD IE Protection   (Verified) Safer Networking Ltd.   c:\program files\spybot - search & destroy\sdhelper.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
Task Scheduler
+ \Apple\AppleSoftwareUpdate   Apple Software Update   (Verified) Apple Computer, Inc.   c:\program files\apple software update\softwareupdate.exe
HKLM\System\CurrentControlSet\Services
+ Avg7Alrt   AVG Alert Manager   (Not verified) GRISOFT, s.r.o.   c:\program files\grisoft\avg7\avgamsvr.exe
+ Avg7UpdSvc   AVG Update Service   (Not verified) GRISOFT, s.r.o.   c:\program files\grisoft\avg7\avgupsvc.exe
+ AvgCoreSvc   AVG Resident Shield Service   (Not verified) GRISOFT, s.r.o.   c:\program files\grisoft\avg7\avgrssvc.exe
+ AVGEMS   AVG E-Mail Scanner   (Not verified) GRISOFT, s.r.o.   c:\program files\grisoft\avg7\avgemc.exe
+ LightScribeService   Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work.   (Not verified) Hewlett-Packard Company   c:\program files\common files\lightscribe\lssrvc.exe
+ SBSDWSCService   Spybot-S&D Security Center integration   (Verified) Safer Networking Ltd.   c:\program files\spybot - search & destroy\sdwinsec.exe
HKLM\System\CurrentControlSet\Services
+ AvgClean   AVG7 Clean Driver   (Verified) GRISOFT, s.r.o.   c:\windows\system32\drivers\avgclean.sys
+ AvgMfx86   AVG MiniFilter Resident Anti-Virus Shield   (Verified) GRISOFT, s.r.o.   c:\windows\system32\drivers\avgmfx86.sys
+ AvgWFP   AVG Windows Filtering Platform Driver   (Verified) GRISOFT, s.r.o.   c:\windows\system32\drivers\avgwfp.sys
+ IpInIp   IP in IP Tunnel Driver      File not found: system32\DRIVERS\ipinip.sys
+ NwlnkFlt   IPX Traffic Filter Driver      File not found: system32\DRIVERS\nwlnkflt.sys
+ NwlnkFwd   IPX Traffic Forwarder Driver      File not found: system32\DRIVERS\nwlnkfwd.sys
+ PxHelp20   Px Engine Device Driver for Windows 2000/XP   (Verified) Sonic Solutions   c:\windows\system32\drivers\pxhelp20.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ avgwlntf   AVG Winlogon Notify Library   (Not verified) GRISOFT, s.r.o.   c:\windows\system32\avgwlntf.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
C:\Users\Gaby-Alex\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
+ Diccionario de la Real Academia Española   Este gadget busca el significado de una palabra o palabras en el diccionario de la Real Academia Española   (Not verified) Miguel Muñoz Serafin   C:\Users\Gaby-Alex\AppData\Local\Microsoft\Windows Sidebar\Gadgets\RAE.gadget\Gadget.xml

kashanty:
Buenas acabo de colocar en suspender el sistema y me fui a comer en un momento dado regrese y cual fue mi sorpresa encontre el messenger abierto, pór favor que han encontrado en los log de hijackThis y del autorun, que estara pasando con la computadora, tengo informacion valiosa que no quiero arriegar a la vulnerabilidad. Que me aconsejan. Ademas la computadora es nueva acabo de adquirila eso hace unas dos semanas maximas.
Agradesco su colaboracion y posibles soluciones gracias de verdad estoy muy preocupado.

kashanty:
Buenas amigos del foro de daboweb, por favor agradeceria que me ayudaran en esta situacion ya he hecho lo que han recomendado quisiera que me dieran su apoyo.
Agradecido de antemano.

MClaud:
Prueba eliminar estas entradas

+ Launcher Launcher (Not verified) soft thinks c:\windows\sminst\launcher.exe
C:\Users\Gaby-Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
+ Yahoo! Pager Yahoo! Messenger (Verified) Yahoo! Inc. c:\program files\yahoo!\messenger\yahoomessenger.exe
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP c:\program files\winzip\wzshlstb.dll
+ Yahoo! Mail YMMAPI Module (Verified) Yahoo! Inc. c:\program files\yahoo!\common\ymmapi.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP c:\program files\winzip\wzshlstb.dll
+ Yahoo! Mail YMMAPI Module (Verified) Yahoo! Inc. c:\program files\yahoo!\common\ymmapi.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Ejecuta MSCONFIG y en la pestaña inicio quita el check de todos los programas que no sean los impresindibles que corran permanentemente en la pc, esto incluye office, winzip programas de musica etc, solo deja antivirus, acepta y reinicia

Usa el menu buscar *.dll deben aparecer un millar poco mas o menos
Ordenalos por fecha y elimina los dell que tengan fecha posterior a tus problemas
Debe haber uno o dos que no permitan ser eliminados, toma nota de ellos para eliminarlos desde modo DOS

Navegación

[0] Índice de Mensajes

[#] Página Siguiente

[*] Página Anterior

Ir a la versión completa