Foros de daboweb
SEGURIDAD INFORMATICA, Firewall, parches, vacunas, antivirus, anti troyanos, spyware etc => Seguridad Informatica - Firewall - Virus - Troyanos - Spyware - Ad Aware - Malware => Mensaje iniciado por: Belladonna en 24 de Septiembre de 2008, 10:48:41 pm
-
Hola!! Ante todo, gracias por la atención y por este foro para ayudarnos a los que no sabemos mucho de informática, como es el caso :ciego: jeje!
Mi problema es que una amiga está siendo espiada, (este dato lo sabemos seguro, el espia es confeso, encima xD), la cosa es que no sabemos qué método utiliza para averiguar todas las paginas en que ella se mete: los datos que tiene de ella es su dirección de hotmail y su IP. Sin que ella se lo dijera a nadie, abrió un blog (para lo cual es necesario dar tu direccíón de msn) y en menos de una semana, él lo averiguó y lo leyó. También encontró su fotolog, a pesar de que el nombre no es deducible, es totalmente absurdo... es posible que también pueda acceder igualmente a mi propio blog en el momento en que ella me haga un comentario, cosa que ya ha hecho.. si puede hacerlo lo hará, puesto que también espía por extensión el fotolog de la hermana de mi amiga... con lo cual invade la intimidad de espacios privados a los que no ha sido invitado, condicionandonos también a nosotras todo lo que escribimos porque sabemos que lo leerá.
Este espía estudia un grado superior de informática, y lo único que nos dijo fue que "cualquier cosa que haces en internet deja un rastro, solo hay que saber seguirlo (muahahaha ¬¬)
Nuestra duda es si este rastreo lo hace gracias a la dirección de msn, para cambiarla, o a traves de la IP (esto no sabemos si se puede cambiar...) y hasta donde se puede llegar sabiendo esto... puede entrar en su pc sin que ella se de cuenta? ella no ha aceptado ningun archivo de él.. por lo que no pensamos que pueda ser un virus o algo asi.. vamos, que no tenemos ni idea de cómo lo hace para averiguar el nombre de estas páginas, donde no deja ni su nombre...
Si pudieran contextarme...Muchas gracias nuevamente, un saludo!! :haha:
-
Es posible 'espiar' a alguien siempre y cuando no esté bien protegido. ¿Tu amiga tiene un firewall instalado en su equipo? ¿qué tipo de conexión a Internet tiene? ¿ya revisó por software dañino en su máquina? ¿el 'espía' tiene acceso físico al PC de tu amiga?
-
Hola!! muchisimas gracias por contextar! :haha: Pues tiene el Firewall d Windows activado, la conexión es ADSL (igual digo una tonteria, perdon esque no entiendo mucho jeje) su antivirus es el Trend 2006 y lo pasó el otro dia y no encontro nada... y el espía no tiene acceso fisico a su pc... sólo conoce la IP y la direccion de msn y con eso parece que averigua si abre un blog o un fotolog la direccion.. no sabemos si conoce todas las paginas que visita... espero haber contextado bien, un saludo! graciaas!!
-
Necesitamos, para empezar, que tu amiga saque un log del HijackThis (clic aquí) (http://www.daboweb.com/foros/index.php/topic,13633.0.html)...
-
Ok!! esta en ello!! ^^
-
wau ha salido todo esto!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:31:47, on 25/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\archivos de programa\mcafee.com\agent\mcdetect.exe
c:\ARCHIV~1\mcafee.com\agent\mctskshd.exe
C:\ARCHIV~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\ARCHIV~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\ARCHIV~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Trend Micro\Internet Security 2006\pccguide.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\eMule0.47a\emule.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\fany\Escritorio\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TVEngine Helper - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\archivos de programa\hbtools\hbtv\hbtvhelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Barra de Herramientas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar\01.01.2607.0\es\msntb.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\ARCHIV~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\ARCHIV~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Archivos de programa\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Archivos de programa\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-21-1482476501-813497703-725345543-1003\..\Run: [RealPlayer] "C:\Archivos de programa\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot (User 'mati')
O4 - HKUS\S-1-5-21-1482476501-813497703-725345543-1003\..\Run: [ChristmasTree] C:\Documents and Settings\mati\Escritorio\Christmas.exe (User 'mati')
O4 - HKUS\S-1-5-21-1482476501-813497703-725345543-1003\..\Run: [Microsoft©] C:\WINDOWS\system32\dllcache\iexplore.exe (User 'mati')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm414YYES
O8 - Extra context menu item: Download All by FlashGet - C:\ARCHIV~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\ARCHIV~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://britneycrazylovees.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-es.cab
O23 - Service: Boonty Games - BOONTY - C:\Archivos de programa\Archivos comunes\BOONTY Shared\Service\Boonty.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\archivos de programa\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\ARCHIV~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\ARCHIV~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\ARCHIV~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\ARCHIV~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\ARCHIV~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\ARCHIV~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 7206 bytes
Gracias por todo esto... uff que lio mirarlo todo!
-
Estás en buenas manos, el log sería preferible sacarlo arrancando el ordenador en modo seguro en lugar de hacerlo en modo normal.
http://www.windowsfacil.com/manuales/modo-seguro/modo-seguro.htm
-
Como dice Liamngls, que inicie en Modo seguro, ejecute el HijackThis, seleccione la opción [Do a system scan only], marque la casilla a la izquierda de las siguientes entradas y pulse el botón [Fix checked]:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: TVEngine Helper - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\archivos de programa\hbtools\hbtv\hbtvhelper.dll (file missing)
O4 - HKUS\S-1-5-21-1482476501-813497703-725345543-1003\..\Run: [ChristmasTree] C:\Documents and Settings\mati\Escritorio\Christmas.exe (User 'mati')
O4 - HKUS\S-1-5-21-1482476501-813497703-725345543-1003\..\Run: [Microsoft©] C:\WINDOWS\system32\dllcache\iexplore.exe (User 'mati')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm414YYES
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.exe
O23 - Service: Boonty Games - BOONTY - C:\Archivos de programa\Archivos comunes\BOONTY Shared\Service\Boonty.exe
Reiniciar normal, actualizar el antivirus y pasarlo iniciando en Modo seguro... Sacar un nuevo log del HijackThis y otro del Autoruns (clic aquí) (http://www.daboweb.com/foros/index.php/topic,25707.0.html)...
-
hola, perdon por la tardanza el log que salio de el programa hjackthis es el siguiente:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:13, on 25/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Trend Micro\Internet Security 2006\pccguide.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\archivos de programa\mcafee.com\agent\mcdetect.exe
c:\ARCHIV~1\mcafee.com\agent\mctskshd.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\ARCHIV~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\ARCHIV~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\ARCHIV~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\fany\Escritorio\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Barra de Herramientas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar\01.01.2607.0\es\msntb.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\ARCHIV~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\ARCHIV~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Archivos de programa\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Archivos de programa\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\ARCHIV~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\ARCHIV~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://britneycrazylovees.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-es.cab
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\archivos de programa\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\ARCHIV~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\ARCHIV~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\ARCHIV~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\ARCHIV~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\ARCHIV~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\ARCHIV~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 6112 bytes
Y el de autorun el siguiente:
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ MCAgentExe File not found: c:\ARCHIV~1\mcafee.com\agent\mcagent.exe
+ MCUpdateExe File not found: C:\ARCHIV~1\mcafee.com\agent\mcupdate.exe
+ NeroFilterCheck NeroCheck (Not verified) Ahead Software Gmbh c:\windows\system32\nerocheck.exe
+ pccguide.exe PCCGuide (Not verified) Trend Micro Incorporated. c:\archivos de programa\trend micro\internet security 2006\pccguide.exe
+ QuickTime Task QuickTime Task (Not verified) Apple Inc. c:\archivos de programa\quicktime\qttask.exe
+ SunJavaUpdateSched Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\archivos de programa\java\jre1.5.0\bin\jusched.exe
+ TkBellExe RealNetworks Scheduler (Not verified) RealNetworks, Inc. c:\archivos de programa\archivos comunes\real\update_ob\realsched.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
+ Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher (Not verified) Adobe Systems Incorporated c:\archivos de programa\adobe\acrobat 7.0\reader\reader_sl.exe
C:\Documents and Settings\fany\Menú Inicio\Programas\Inicio
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ RealPlayer RealPlayer (Not verified) RealNetworks, Inc. c:\archivos de programa\real\realplayer\realplay.exe
+ swg File not found: C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown
HKLM\SOFTWARE\Classes\Protocols\Filter
+ application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
+ cdo Microsoft SharePoint Portal Server Object Model (Not verified) Microsoft Corporation c:\archivos de programa\archivos comunes\microsoft shared\web folders\pkmcdo.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ n/a Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft Corporation c:\windows\system32\mscories.dll
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ TMD Shell Extension Tmdshell Module (Not verified) Trend Micro Incorporated. c:\archivos de programa\trend micro\internet security 2006\tmdshell.dll
+ WinRAR c:\archivos de programa\winrar\rarext.dll
HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ WinRAR c:\archivos de programa\winrar\rarext.dll
HKCU\Software\Classes\Directory\Shellex\DragDropHandlers
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
+ WinRAR c:\archivos de programa\winrar\rarext.dll
HKCU\Software\Classes\Directory\Shellex\PropertySheetHandlers
HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers
HKCU\Software\Classes\Directory\Shellex\CopyHookHandlers
HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\archivos de programa\adobe\acrobat 7.0\activex\pdfshell.dll
HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ TMD Shell Extension Tmdshell Module (Not verified) Trend Micro Incorporated. c:\archivos de programa\trend micro\internet security 2006\tmdshell.dll
+ WinRAR c:\archivos de programa\winrar\rarext.dll
HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKCU\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Ctf\LangBarAddin
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Carpetas Web Microsoft Web Folders (Not verified) Microsoft Corporation c:\archivos de programa\archivos comunes\microsoft shared\web folders\msonsext.dll
+ Extensión de paneo de pantalla del Panel de control File not found: deskpan.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. c:\archivos de programa\real\realplayer\rpshell.dll
+ Shell Icon Handler for Application References Application Deployment Support Library (Not verified) Microsoft Corporation c:\windows\system32\dfshim.dll
+ ShellLink for Application References Application Deployment Support Library (Not verified) Microsoft Corporation c:\windows\system32\dfshim.dll
+ TMD Shell Extension Tmdshell Module (Not verified) Trend Micro Incorporated. c:\archivos de programa\trend micro\internet security 2006\tmdshell.dll
+ VBPropSheet VBProp Module (Not verified) Trend Micro Incorporated. c:\archivos de programa\trend micro\internet security 2006\vbprop.dll
+ WinRAR shell extension c:\archivos de programa\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX (Verified) Adobe Systems, Incorporated c:\archivos de programa\adobe\acrobat 7.0\activex\acroiehelper.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ 0 File not found: C:\Archivos de programa\MSN Toolbar\01.01.2607.0\es\msntb.dll
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
Task Scheduler
+ AppleSoftwareUpdate.job Software Application (Verified) Apple Computer, Inc. c:\archivos de programa\apple software update\softwareupdate.exe
+ At1.job File not found: winnc.exe
+ At10.job File not found: winnc.exe
+ At100.job File not found: winnc.exe
+ At101.job File not found: winnc.exe
+ At102.job File not found: winnc.exe
+ At103.job File not found: winnc.exe
+ At104.job File not found: winnc.exe
+ At105.job File not found: winnc.exe
+ At106.job File not found: winnc.exe
+ At107.job File not found: winnc.exe
+ At108.job File not found: winnc.exe
+ At109.job File not found: winnc.exe
+ At11.job File not found: winnc.exe
+ At110.job File not found: winnc.exe
+ At111.job File not found: winnc.exe
+ At112.job File not found: winnc.exe
+ At113.job File not found: winnc.exe
+ At114.job File not found: winnc.exe
+ At115.job File not found: winnc.exe
+ At116.job File not found: winnc.exe
+ At117.job File not found: winnc.exe
+ At118.job File not found: winnc.exe
+ At119.job File not found: winnc.exe
+ At12.job File not found: winnc.exe
+ At120.job File not found: winnc.exe
+ At121.job File not found: winnc.exe
+ At122.job File not found: winnc.exe
+ At123.job File not found: winnc.exe
+ At124.job File not found: winnc.exe
+ At125.job File not found: winnc.exe
+ At126.job File not found: winnc.exe
+ At127.job File not found: winnc.exe
+ At128.job File not found: winnc.exe
+ At129.job File not found: winnc.exe
+ At13.job File not found: winnc.exe
+ At130.job File not found: winnc.exe
+ At131.job File not found: winnc.exe
+ At132.job File not found: winnc.exe
+ At133.job File not found: winnc.exe
+ At134.job File not found: winnc.exe
+ At135.job File not found: winnc.exe
+ At136.job File not found: winnc.exe
+ At137.job File not found: winnc.exe
+ At138.job File not found: winnc.exe
+ At139.job File not found: winnc.exe
+ At14.job File not found: winnc.exe
+ At140.job File not found: winnc.exe
+ At141.job File not found: winnc.exe
+ At142.job File not found: winnc.exe
+ At143.job File not found: winnc.exe
+ At144.job File not found: winnc.exe
+ At145.job File not found: winnc.exe
+ At146.job File not found: winnc.exe
+ At147.job File not found: winnc.exe
+ At148.job File not found: winnc.exe
+ At149.job File not found: winnc.exe
+ At15.job File not found: winnc.exe
+ At150.job File not found: winnc.exe
+ At151.job File not found: winnc.exe
+ At152.job File not found: winnc.exe
+ At153.job File not found: winnc.exe
+ At154.job File not found: winnc.exe
+ At155.job File not found: winnc.exe
+ At156.job File not found: winnc.exe
+ At157.job File not found: winnc.exe
+ At158.job File not found: winnc.exe
+ At159.job File not found: winnc.exe
+ At16.job File not found: winnc.exe
+ At160.job File not found: winnc.exe
+ At161.job File not found: winnc.exe
+ At162.job File not found: winnc.exe
+ At163.job File not found: winnc.exe
+ At164.job File not found: winnc.exe
+ At165.job File not found: winnc.exe
+ At166.job File not found: winnc.exe
+ At167.job File not found: winnc.exe
+ At168.job File not found: winnc.exe
+ At169.job File not found: winnc.exe
+ At17.job File not found: winnc.exe
+ At170.job File not found: winnc.exe
+ At171.job File not found: winnc.exe
+ At172.job File not found: winnc.exe
+ At173.job File not found: winnc.exe
+ At174.job File not found: winnc.exe
+ At175.job File not found: winnc.exe
+ At176.job File not found: winnc.exe
+ At177.job File not found: winnc.exe
+ At178.job File not found: winnc.exe
+ At18.job File not found: winnc.exe
+ At19.job File not found: winnc.exe
+ At2.job File not found: winnc.exe
+ At20.job File not found: winnc.exe
+ At21.job File not found: winnc.exe
+ At22.job File not found: winnc.exe
+ At23.job File not found: winnc.exe
+ At24.job File not found: winnc.exe
+ At25.job File not found: winnc.exe
+ At26.job File not found: winnc.exe
+ At27.job File not found: winnc.exe
+ At28.job File not found: winnc.exe
+ At29.job File not found: winnc.exe
+ At3.job File not found: winnc.exe
+ At30.job File not found: winnc.exe
+ At31.job File not found: winnc.exe
+ At32.job File not found: winnc.exe
+ At33.job File not found: winnc.exe
+ At34.job File not found: winnc.exe
+ At35.job File not found: winnc.exe
+ At36.job File not found: winnc.exe
+ At37.job File not found: winnc.exe
+ At38.job File not found: winnc.exe
+ At39.job File not found: winnc.exe
+ At4.job File not found: winnc.exe
+ At40.job File not found: winnc.exe
+ At41.job File not found: winnc.exe
+ At42.job File not found: winnc.exe
+ At43.job File not found: winnc.exe
+ At44.job File not found: winnc.exe
+ At45.job File not found: winnc.exe
+ At46.job File not found: winnc.exe
+ At47.job File not found: winnc.exe
+ At48.job File not found: winnc.exe
+ At49.job File not found: winnc.exe
+ At5.job File not found: winnc.exe
+ At50.job File not found: winnc.exe
+ At51.job File not found: winnc.exe
+ At52.job File not found: winnc.exe
+ At53.job File not found: winnc.exe
+ At54.job File not found: winnc.exe
+ At55.job File not found: winnc.exe
+ At56.job File not found: winnc.exe
+ At57.job File not found: winnc.exe
+ At58.job File not found: winnc.exe
+ At59.job File not found: winnc.exe
+ At6.job File not found: winnc.exe
+ At60.job File not found: winnc.exe
+ At61.job File not found: winnc.exe
+ At62.job File not found: winnc.exe
+ At63.job File not found: winnc.exe
+ At64.job File not found: winnc.exe
+ At65.job File not found: winnc.exe
+ At66.job File not found: winnc.exe
+ At67.job File not found: winnc.exe
+ At68.job File not found: winnc.exe
+ At69.job File not found: winnc.exe
+ At7.job File not found: winnc.exe
+ At70.job File not found: winnc.exe
+ At71.job File not found: winnc.exe
+ At72.job File not found: winnc.exe
+ At73.job File not found: winnc.exe
+ At74.job File not found: winnc.exe
+ At75.job File not found: winnc.exe
+ At76.job File not found: winnc.exe
+ At77.job File not found: winnc.exe
+ At78.job File not found: winnc.exe
+ At79.job File not found: winnc.exe
+ At8.job File not found: winnc.exe
+ At80.job File not found: winnc.exe
+ At81.job File not found: winnc.exe
+ At82.job File not found: winnc.exe
+ At83.job File not found: winnc.exe
+ At84.job File not found: winnc.exe
+ At85.job File not found: winnc.exe
+ At86.job File not found: winnc.exe
+ At87.job File not found: winnc.exe
+ At88.job File not found: winnc.exe
+ At89.job File not found: winnc.exe
+ At9.job File not found: winnc.exe
+ At90.job File not found: winnc.exe
+ At91.job File not found: winnc.exe
+ At92.job File not found: winnc.exe
+ At93.job File not found: winnc.exe
+ At94.job File not found: winnc.exe
+ At95.job File not found: winnc.exe
+ At96.job File not found: winnc.exe
+ At97.job File not found: winnc.exe
+ At98.job File not found: winnc.exe
+ At99.job File not found: winnc.exe
HKLM\System\CurrentControlSet\Services
+ McDetect.exe McAfee WSC Integration Service (Not verified) McAfee, Inc c:\archivos de programa\mcafee.com\agent\mcdetect.exe
+ McTskshd.exe McAfee Task Scheduler (Not verified) McAfee, Inc c:\archivos de programa\mcafee.com\agent\mctskshd.exe
+ PcCtlCom Manages the Trend Micro PC-cillin components. (Not verified) Trend Micro Incorporated. c:\archivos de programa\trend micro\internet security 2006\pcctlcom.exe
+ Tmntsrv Enables scanning in real time. (Not verified) Trend Micro Incorporated. c:\archivos de programa\trend micro\internet security 2006\tmntsrv.exe
+ TmPfw Manages the Trend Micro Personal Firewall. (Not verified) Trend Micro Inc. c:\archivos de programa\trend micro\internet security 2006\tmpfw.exe
+ tmproxy Manages the Trend Micro Proxy. (Not verified) Trend Micro Inc. c:\archivos de programa\trend micro\internet security 2006\tmproxy.exe
HKLM\System\CurrentControlSet\Services
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ nsysaudm c:\documents and settings\mati\configuración local\temp\nsysaudm.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ prodrv06 StarForce Protection Environment Driver (Not verified) Protection Technology c:\windows\system32\drivers\prodrv06.sys
+ prohlp02 StarForce Protection Helper Driver (Not verified) Protection Technology c:\windows\system32\drivers\prohlp02.sys
+ prosync1 StarForce Protection Synchronization Driver (Not verified) Protection Technology c:\windows\system32\drivers\prosync1.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Not verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ sfhlp01 StarForce Protection Helper Driver (Not verified) Protection Technology c:\windows\system32\drivers\sfhlp01.sys
+ tm_cfw Trend Micro Common Firewall Module 2.5 (Not verified) Trend Micro Inc. c:\windows\system32\drivers\tm_cfw.sys
+ Tmfilter Post Filter For XP (Verified) Trend Micro, Inc. c:\windows\system32\drivers\tmxpflt.sys
+ Tmpreflt Pre-Filter For XP (Verified) Trend Micro, Inc. c:\windows\system32\drivers\tmpreflt.sys
+ tmtdi Trend Micro TDI Driver (i386-fre) (Not verified) Trend Micro Inc. c:\windows\system32\drivers\tmtdi.sys
+ Vsapint VsapiNT (Verified) Trend Micro, Inc. c:\windows\system32\drivers\vsapint.sys
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
De nuevo muchas gracias por atendernos, también querríamos saber si es normal que desde que se instaló el programa de hjackthis salga en todas las carpetas del pc el icono de thums y desktop y no puedan ser seleccionados.
-
ahiii que se me olvidooo, los archivos del codigo que me diste con el numero 04 delante no estaban cuando se hizo el analisis, no se si eso es significativo pero por si acaso lo comento,
muchas gracias
-
Crea una copia de seguridad del registro de Windows con el ERUNT (clic aquí) (http://www.daboweb.com/foros/index.php/topic,27469.0.html); deshabilita el Restaurar el sistema (clic aquí) (http://www.windowsfacil.com/manuales1/desactivar-restaurar-sistema/desactivar-restaurar-sistema.htm); reinicia en Modo seguro (clic aquí) (http://www.windowsfacil.com/manuales/modo-seguro/modo-seguro.htm), ejecuta el Autoruns, da clic derecho a las siguientes entradas y pulsa 'Delete':
+ At1.job File not found: winnc.exe
+ At10.job File not found: winnc.exe
+ At100.job File not found: winnc.exe
+ At101.job File not found: winnc.exe
+ At102.job File not found: winnc.exe
+ At103.job File not found: winnc.exe
+ At104.job File not found: winnc.exe
+ At105.job File not found: winnc.exe
+ At106.job File not found: winnc.exe
+ At107.job File not found: winnc.exe
+ At108.job File not found: winnc.exe
+ At109.job File not found: winnc.exe
+ At11.job File not found: winnc.exe
+ At110.job File not found: winnc.exe
+ At111.job File not found: winnc.exe
+ At112.job File not found: winnc.exe
+ At113.job File not found: winnc.exe
+ At114.job File not found: winnc.exe
+ At115.job File not found: winnc.exe
+ At116.job File not found: winnc.exe
+ At117.job File not found: winnc.exe
+ At118.job File not found: winnc.exe
+ At119.job File not found: winnc.exe
+ At12.job File not found: winnc.exe
+ At120.job File not found: winnc.exe
+ At121.job File not found: winnc.exe
+ At122.job File not found: winnc.exe
+ At123.job File not found: winnc.exe
+ At124.job File not found: winnc.exe
+ At125.job File not found: winnc.exe
+ At126.job File not found: winnc.exe
+ At127.job File not found: winnc.exe
+ At128.job File not found: winnc.exe
+ At129.job File not found: winnc.exe
+ At13.job File not found: winnc.exe
+ At130.job File not found: winnc.exe
+ At131.job File not found: winnc.exe
+ At132.job File not found: winnc.exe
+ At133.job File not found: winnc.exe
+ At134.job File not found: winnc.exe
+ At135.job File not found: winnc.exe
+ At136.job File not found: winnc.exe
+ At137.job File not found: winnc.exe
+ At138.job File not found: winnc.exe
+ At139.job File not found: winnc.exe
+ At14.job File not found: winnc.exe
+ At140.job File not found: winnc.exe
+ At141.job File not found: winnc.exe
+ At142.job File not found: winnc.exe
+ At143.job File not found: winnc.exe
+ At144.job File not found: winnc.exe
+ At145.job File not found: winnc.exe
+ At146.job File not found: winnc.exe
+ At147.job File not found: winnc.exe
+ At148.job File not found: winnc.exe
+ At149.job File not found: winnc.exe
+ At15.job File not found: winnc.exe
+ At150.job File not found: winnc.exe
+ At151.job File not found: winnc.exe
+ At152.job File not found: winnc.exe
+ At153.job File not found: winnc.exe
+ At154.job File not found: winnc.exe
+ At155.job File not found: winnc.exe
+ At156.job File not found: winnc.exe
+ At157.job File not found: winnc.exe
+ At158.job File not found: winnc.exe
+ At159.job File not found: winnc.exe
+ At16.job File not found: winnc.exe
+ At160.job File not found: winnc.exe
+ At161.job File not found: winnc.exe
+ At162.job File not found: winnc.exe
+ At163.job File not found: winnc.exe
+ At164.job File not found: winnc.exe
+ At165.job File not found: winnc.exe
+ At166.job File not found: winnc.exe
+ At167.job File not found: winnc.exe
+ At168.job File not found: winnc.exe
+ At169.job File not found: winnc.exe
+ At17.job File not found: winnc.exe
+ At170.job File not found: winnc.exe
+ At171.job File not found: winnc.exe
+ At172.job File not found: winnc.exe
+ At173.job File not found: winnc.exe
+ At174.job File not found: winnc.exe
+ At175.job File not found: winnc.exe
+ At176.job File not found: winnc.exe
+ At177.job File not found: winnc.exe
+ At178.job File not found: winnc.exe
+ At18.job File not found: winnc.exe
+ At19.job File not found: winnc.exe
+ At2.job File not found: winnc.exe
+ At20.job File not found: winnc.exe
+ At21.job File not found: winnc.exe
+ At22.job File not found: winnc.exe
+ At23.job File not found: winnc.exe
+ At24.job File not found: winnc.exe
+ At25.job File not found: winnc.exe
+ At26.job File not found: winnc.exe
+ At27.job File not found: winnc.exe
+ At28.job File not found: winnc.exe
+ At29.job File not found: winnc.exe
+ At3.job File not found: winnc.exe
+ At30.job File not found: winnc.exe
+ At31.job File not found: winnc.exe
+ At32.job File not found: winnc.exe
+ At33.job File not found: winnc.exe
+ At34.job File not found: winnc.exe
+ At35.job File not found: winnc.exe
+ At36.job File not found: winnc.exe
+ At37.job File not found: winnc.exe
+ At38.job File not found: winnc.exe
+ At39.job File not found: winnc.exe
+ At4.job File not found: winnc.exe
+ At40.job File not found: winnc.exe
+ At41.job File not found: winnc.exe
+ At42.job File not found: winnc.exe
+ At43.job File not found: winnc.exe
+ At44.job File not found: winnc.exe
+ At45.job File not found: winnc.exe
+ At46.job File not found: winnc.exe
+ At47.job File not found: winnc.exe
+ At48.job File not found: winnc.exe
+ At49.job File not found: winnc.exe
+ At5.job File not found: winnc.exe
+ At50.job File not found: winnc.exe
+ At51.job File not found: winnc.exe
+ At52.job File not found: winnc.exe
+ At53.job File not found: winnc.exe
+ At54.job File not found: winnc.exe
+ At55.job File not found: winnc.exe
+ At56.job File not found: winnc.exe
+ At57.job File not found: winnc.exe
+ At58.job File not found: winnc.exe
+ At59.job File not found: winnc.exe
+ At6.job File not found: winnc.exe
+ At60.job File not found: winnc.exe
+ At61.job File not found: winnc.exe
+ At62.job File not found: winnc.exe
+ At63.job File not found: winnc.exe
+ At64.job File not found: winnc.exe
+ At65.job File not found: winnc.exe
+ At66.job File not found: winnc.exe
+ At67.job File not found: winnc.exe
+ At68.job File not found: winnc.exe
+ At69.job File not found: winnc.exe
+ At7.job File not found: winnc.exe
+ At70.job File not found: winnc.exe
+ At71.job File not found: winnc.exe
+ At72.job File not found: winnc.exe
+ At73.job File not found: winnc.exe
+ At74.job File not found: winnc.exe
+ At75.job File not found: winnc.exe
+ At76.job File not found: winnc.exe
+ At77.job File not found: winnc.exe
+ At78.job File not found: winnc.exe
+ At79.job File not found: winnc.exe
+ At8.job File not found: winnc.exe
+ At80.job File not found: winnc.exe
+ At81.job File not found: winnc.exe
+ At82.job File not found: winnc.exe
+ At83.job File not found: winnc.exe
+ At84.job File not found: winnc.exe
+ At85.job File not found: winnc.exe
+ At86.job File not found: winnc.exe
+ At87.job File not found: winnc.exe
+ At88.job File not found: winnc.exe
+ At89.job File not found: winnc.exe
+ At9.job File not found: winnc.exe
+ At90.job File not found: winnc.exe
+ At91.job File not found: winnc.exe
+ At92.job File not found: winnc.exe
+ At93.job File not found: winnc.exe
+ At94.job File not found: winnc.exe
+ At95.job File not found: winnc.exe
+ At96.job File not found: winnc.exe
+ At97.job File not found: winnc.exe
+ At98.job File not found: winnc.exe
+ At99.job File not found: winnc.exe
+ nsysaudm c:\documents and settings\mati\configuración local\temp\nsysaudm.sys
Reinicia en Modo seguro y vuelve a pasar el antivirus actualizado... Nuevos logs...
Si ya no usa McAfee, que lo desinstale, si ya no está instalado habrá que remover los 'restos'...
-
hola!!!
es que hay un problema con el antivirus y no lo puede actualizar y aun no encontro uno para instalarlo, pasa algo si se salta ese paso?
el mcaffee no lo usa pero falta la opcion de desinstalar, solo tiene aun en el pc lo que no puede eliminar que no ocupa casi nada.
Y entonces es normal que salga desktop y thumbs ahora en todas las carpetas? es que es raro!!
muchas gracias por aguantarnos!! :-d
-
¿Borraron lo que aparece en el Autoruns?
-
hola!
no aun no lo borraron, ¿porque? :)