Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Tenia el pc muy lento y le he pasado el antivirus online ewido, y sorpresa me encontro dos troyanos y dos spyware con peligro alto.
Los he borrado y he hecho una limpieza del reg., me gustaria vieran mi log. por si a quedado algo por ahi.

Saludos

Aqui tienen mi log.

Logfile of HijackThis v1.99.1
Scan saved at 9:43:20, on 15/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIVOS DE PROGRAMA\AVPERSONAL\AVGUARD.EXE
C:\Archivos de programa\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\AVPersonal\AVGNT.EXE
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Terra\Kit Terra ADSL\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Juan\Escritorio\utilidades antivirus\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.es/0SEESES/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serviregalos.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serviregalos.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVGCtrl] "C:\Archivos de programa\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Consola KIT ADSL.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\ARCHIV~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Descargar con &BitSpirit - C:\Archivos de programa\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Archivos de programa\Advanced JPEG Compressor\ajcieex.htm
O12 - Plugin for .mid: C:\Archivos de programa\Internet Explorer\PLUGINS\npvmidi.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093735663697
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender-es.com/scan/Msie/bitdefender.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camaras.costablanca.org/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{18AD5172-D769-4F0A-9F7A-7E36BEF9DD58}: NameServer = 195.235.113.3 195.235.96.90
O17 - HKLM\System\CS1\Services\Tcpip\..\{18AD5172-D769-4F0A-9F7A-7E36BEF9DD58}: NameServer = 195.235.113.3 195.235.96.90
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\ARCHIVOS DE PROGRAMA\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Archivos de programa\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Hola geni

Bienvenido/a al foro de InfoSpyware

Para que te sea mas cómodo seguir los pasos imprímelos

Recuerda pasar por Windows Update regularmente y mantener tu sistema actualizado.

Ahora sigue estos pasos para la reparación.

• ver archivos ocultos en todos los Windows

• Marca restaurar sistema solo en Win ME y XP


Con todos los programas cerrados ejecuta el HijackThis y dale "FIX Cheked" a estas entradas:

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

Ahora instala y ejecuta estas otras aplicaciones:

• SpywareBlaster 3.4

• Ad-Aware 1.0.6

• Disk cleaner

• SpyBoot S.D

• RegSeeker. De este programa deberás usar principalmente la opción de «limpiar el registro»

• Analiza tu ordenador con el Kaspersky Antivirus online y nos pones aqui el informe que genera el Kaspersky



Cuando termines nos pones un nuevo log y nos cuentas los resultados por favor

Hola, he echo todo lo que me digiste, y cuando he pasado el antivirus kapersky me ha encontrado otro virus y me ha dado este log.
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, October 15, 2005 20:14:12
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 15/10/2005
Kaspersky Anti-Virus database records: 144937
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 133645
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 7501 sec

Infected Object Name - Virus Name
C:\WINDOWS\system32\drivers\etc\hosts Infected: Trojan.Win32.Qhost.r

Scan process completed.


No se si el antivirus lo ha borrado, porque no lo dice, ademas deciros que con el reget. me salen siempre 11 carpetas y por mucho que las borro no se van, es decir lo vuelvo a scanear y me vuelven a salir, es como si esas entradas no las pudiera borrar.

Espero vuestra ayuda.

Por favor si es posible me pones el log de hijackthis tambien como te he dicho en el anterior mensaje, pero antes de ponerlo quiero que sigas estos pasos:

Para que te sea mas cómodo seguir los pasos imprímelos

• ver archivos ocultos en todos los Windows

• Marca restaurar sistema solo en Win ME y XP

• Analiza tu sistema con tu antivirus actualizado

• Analiza tu sistema con Ewido online y Panda

• SpyBoot S.D

• Ad-Aware 1.0.6

• Disk cleaner

• RegSeeker. De este programa deberás usar principalmente la opción de «limpiar el registro»


• Analiza tu ordenador con el Kaspersky Antivirus online y nos pones aqui el informe que genera el Kaspersky

Despues de realizar estos pasos me pones tambien el log del hijackthis por favor.

Bueno, he vuelto a hacer todos los pasos como pides, he pasado mi antivirus actualizado, el ewido, el panda sin ninguna deteccion, por ultimo he pasado el kaperski y me sigue detectando uno, ademas, con el reget siguen saliendo 11 carpetas que por mucho que les diga borrar se quedan ahi, o sea se borran, pero si vuelvo a analizar siguen saliendo como errores de registro y no entiendo porque¿¿?
Aqui os dejo log. de todo como me pedis, espero vuestra colaboracion.

ESTE ES EL REPORTE DE MI ANTIVIRUS:

Creation date of the report file: domingo, 16 de octubre de 2005 12:38

AntiVir®/XP (2000 + NT) PersonalEdition Classic
Build 1068 of 21.09.2005
Mainprogram 6.32.00.07 of 16.09.2005
VDF file 6.32.0.88 (0) of 16.10.2005


This program is for PERSONAL USE only.
Any other use is PROHIBITED.
Informations regarding commercial versions of AntiVir may be obtained from:
www.hbedv.com.


Scanning for 231606 virus strains and unwanted programs.

Licensed for: AntiVir Personal Edition
Serial number: 0000149991-WURGE-0001

Please enter the workstation and
contact name with phone number in this form:

Name ___________________________________________

Street ___________________________________________

Town ___________________________________________

Phone/Fax ___________________________________________

Email ___________________________________________

Platform: Windows NT Workstation
Windows version: 5.1 Build 2600 (Service Pack 2)
Username: Juan
Processor: Pentium
Working memory: 523760 KB free

Version information:
AVWIN.DLL : 6.32.00.04 561192 13.09.2005 11:19:36
AVEWIN32.DLL : 6.32.0.6 832000 23.09.2005 12:39:22
AVGNT.EXE : 6.32.00.00 168039 13.09.2005 11:19:36
AVGUARD.EXE : 6.32.00.06 207912 13.09.2005 11:19:36
GUARDMSG.DLL : 6.30.00.02 94248 01.02.2005 10:24:10
AVGCMSG.DLL : 6.32.00.00 258165 13.09.2005 11:19:36
AVGNTDW.SYS : 6.31.00.01 32896 07.06.2005 11:34:48
AVPACK32.DLL : 6.31.01.07 327720 13.09.2005 11:19:36
AVGETVER.DLL : 6.30.00.00 24576 28.01.2005 1720
AVSHLEXT.DLL : 6.30.00.01 40960 28.01.2005 1722
AVSched32.EXE : 6.32.00.01 110632 21.09.2005 11:14:42
AVSched32.DLL : 6.30.00.00 122880 01.02.2005 10:24:10
AVREG.DLL : 6.31.00.05 41000 13.09.2005 11:19:36
AVRep.DLL : 6.32.00.80 1421352 13.10.2005 21:21:42
INETUPD.EXE : 6.32.00.05 254011 13.09.2005 11:19:38
INETUPD.DLL : 6.32.00.05 143360 13.09.2005 11:19:38
CTL3D32.DLL : 2.31.000 27136 24.08.2001 18:00:00
MFC42.DLL : 6.02.4131.0 1028096 20.08.2004 00:42:12
MSVCRT.DLL : 7.0.2600.2180 (xpsp_sp2_rtm.0408
MSVCRT.DLL : 7.0.2600.2180 343040 20.08.2004 00:42:18
CTL3DV2.DLL : 2.31.000 27632 09.07.1996 03:32:00

Configuration file:

Name of configuration file: C:\Archivos de programa\AVPersonal\AVWIN.INI
Name of report file: C:\Archivos de programa\AVPersonal\LOGFILES\AVWIN.LOG
Start path: C:\Archivos de programa\AVPersonal
Command line:
Start mode: unknown

Mode of report file:
[ ] Do not create report
[X] Overwrite report
[ ] Append new report

Data in report file:
[X] Infected files
[ ] Infected files with paths
[ ] All scanned files
[ ] Full information

Abridge report file:
[ ] Abridge report file

Warnings in report:
[X] Access denied/file locked
[X] Wrong file size in directory
[X] Wrong creation time in directory
[ ] COM file is too large
[X] Invalid start address
[X] Invalid EXE header
[X] Possibly damaged

Summary report:
[X] Create summary report
Output file: AVWIN.ACT
Maximum number of entries: 100

Where to search:
[X] Memory
[X] Boot record of selected drives
[ ] Report unknown boot sectors
[ ] All files
[X] Program files
Extensions: .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

Response in case of a detection:
[X] Repair with prompt
[ ] Repair without prompt
[ ] Delete with prompt
[ ] Delete without prompt
[ ] Write in report file only
[X] Acoustic alarm

Response in case of destroyed files:
[X] Delete with prompt
[ ] Delete without prompt
[ ] Ignore

Response in case of destroyed files:
[X] No change
[ ] Current system time
[ ] Correct date

Drag&drop settings:
[X] Scan subdirectories

Profile settings:
[X] Scan subdirectories

Archive options
[X] Search archive
[X] All archive types

Miscellaneous options:
Temporary path: %TEMP% -> C:\DOCUME~1\Juan\CONFIG~1\Temp
[X] Overwrite infected files
[ ] Detect idle time
[X] Allow interruptions of scan
[X] Load AVWin®/NT Guard on System start

General settings:
[X] Save options on exiting AntiVir
Priority: medium

Drives:
A: Floppy drive
C: Hard disk
D: CD-ROM
E: CD-ROM
F: CD-ROM
G: CD-ROM
H: CD-ROM
I: CD-ROM
J: CD-ROM
K: CD-ROM

Start of scan: domingo, 16 de octubre de 2005 12:38

Memory test OK
Master boot record of hard disk HD0 OK
Boot record of drive C: OK


C:\
hiberfil.sys
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
pagefile.sys
Access denied! Error during file opening!
This is a Windows swap file. This file is locked by Windows.
Error code: 0x000D
WARNING! Access error/file locked!
C:\Archivos de programa\ReflexiveArcade\Arcade
Arcade.dat
ArchiveType: ZIP
NOTE! No files to extract.
C:\Archivos de programa\ReflexiveArcade\Channels\4381
Channel.dat
ArchiveType: ZIP
NOTE! No files to extract.
C:\Archivos de programa\Turtle Odyssey\ReflexiveArcade
Application.dat
ArchiveType: ZIP
NOTE! No files to extract.
Arcade.dat
ArchiveType: ZIP
NOTE! No files to extract.
Channel.dat
ArchiveType: ZIP
NOTE! No files to extract.
C:\Archivos de programa\Turtle Odyssey\ReflexiveArcade\Backup
Arcade.dat
ArchiveType: ZIP
NOTE! No files to extract.
Channel.dat
ArchiveType: ZIP
NOTE! No files to extract.
C:\Archivos de programa\WinRAR
rarnew.dat
ArchiveType: RAR
NOTE! The archive is created by multiple volumes
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery
Advertisingcom.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Advertisingcom1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AlexaRelated.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AlexaRelated1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Archivodeinicioinexistente.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Archivodeinicioinexistente1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DoubleClick.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Evileye.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
GAINDashBar.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
GAINGator.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
GAINGator1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
GAINGator2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
GAINGator3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Gator.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Gator1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Gator2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
HotKeysHook.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Lainformacindedesinstalacindelprogramaeserrnea.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Lainformacindedesinstalacindelprogramaeserrnea1.zi p
ArchiveType: ZIP
NOTE! The whole archive is password protected
Lainformacindedesinstalacindelprogramaeserrnea2.zi p
ArchiveType: ZIP
NOTE! The whole archive is password protected
Lainformacindedesinstalacindelprogramaeserrnea3.zi p
ArchiveType: ZIP
NOTE! The whole archive is password protected
Larutadelaaplicacineserrnea.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Larutadelaaplicacineserrnea1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Larutadelaaplicacineserrnea2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Larutadelaaplicacineserrnea3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Larutadelaaplicacineserrnea4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Larutadelaaplicacineserrnea5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Larutadelaaplicacineserrnea6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Nosehaencontradoelarchivodeayuda.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Nosehaencontradoelarchivodeayuda1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Nosehaencontradoelarchivodeayuda2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Nosehaencontradoelarchivodeayuda3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Nosehaencontradoelarchivodeayuda4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Nosehaencontradoelarchivodeayuda5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Nosehaencontradoelarchivodeayuda6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida11.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida12.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida13.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida14.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida15.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida16.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida17.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida18.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida19.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida20.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida21.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida22.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida23.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida24.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida25.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida26.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida27.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida28.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida29.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida30.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida31.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida32.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida33.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida34.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida35.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida36.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida37.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida38.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida39.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida40.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida41.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida42.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida43.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida44.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida45.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida46.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida47.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida48.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida49.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida50.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida51.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida52.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida53.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida54.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida55.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida56.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida57.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida58.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida59.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida60.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida61.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida62.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida63.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida64.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida65.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida66.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida67.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida68.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida69.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida70.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida71.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida72.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida73.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida74.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida75.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida76.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida77.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida78.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida79.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida80.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida81.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida82.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida83.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida84.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida85.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida86.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida87.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida88.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida89.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida90.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida91.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
NosehapodidoencontrarlaDLLcompartida92.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Vnculoroto.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
WhenUSearch.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
WindowsSecurityCenterAntiVirusOverride.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
WindowsSecurityCenterAntiVirusOverride1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
WindowsSecurityCenterAntiVirusOverride2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
WindowsSecurityCenterFirewallOverride.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
WindowsSecurityCenterFirewallOverride1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Winpup.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Winpup1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Winpup2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Winpup3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
C:\Documents and Settings\Juan\Escritorio\Mis programas
para poner un buscador en la web.rar
ArchiveType: RAR
--> zfws35r1.zip
ArchiveType: ZIP
--> zwt.part1.rar
ArchiveType: RAR
NOTE! The archive is created by multiple volumes
--> zfws35r2.zip
ArchiveType: ZIP
--> zwt.part2.rar
ArchiveType: RAR
NOTE! The archive is created by multiple volumes
C:\Documents and Settings\Juan\Escritorio\Mis programas\Advanced_RAR_Repair-v1.53
????.htm
Access denied! Error during file opening!
Error code: 0x0016
WARNING! Access error/file locked!
C:\Documents and Settings\Juan\Escritorio\Mis programas\editores de imagenes\para pasar fotos a dvd\Photo2DVD_Studio_3_v3.5.0.19-DIGERATI\Photo2DVD_Studio_3_v3.5.0.19-DIGERATI
dpds335a.zip
ArchiveType: ZIP
--> Setup.rar
ArchiveType: RAR
NOTE! The archive is created by multiple volumes
Setup.rar
ArchiveType: RAR
NOTE! The archive is created by multiple volumes
C:\Documents and Settings\Juan\Escritorio\Mis programas\para crear un foro en la web\Ipb-v2.1
????.htm
Access denied! Error during file opening!
Error code: 0x0016
WARNING! Access error/file locked!
C:\Documents and Settings\Juan\Escritorio\Mis programas\para poner un buscador en la web
zfws35r1.zip
ArchiveType: ZIP
--> zwt.part1.rar
ArchiveType: RAR
NOTE! The archive is created by multiple volumes
zfws35r2.zip
ArchiveType: ZIP
--> zwt.part2.rar
ArchiveType: RAR
NOTE! The archive is created by multiple volumes
C:\Documents and Settings\Juan\Escritorio\Mis programas\para poner un buscador en la web\zfws35r1
zwt.part1.rar
ArchiveType: RAR
NOTE! The archive is created by multiple volumes
zwt.part2.rar
ArchiveType: RAR
NOTE! The archive is created by multiple volumes
C:\Documents and Settings\Juan\Escritorio\Mis programas\Photo2DVD_Studio_3_v3[1].5.0.19-DIGERATI
Photo2DVD_Studio_3_v3[1].5.0.19-DIGERATI.ZIP
ArchiveType: ZIP
NOTE! No files to extract.
C:\Documents and Settings\Juan\Mis documentos\Mis archivos recibidos
[Crack] [Multilanguage] Die Sims 2 NoCD.rar
ArchiveType: RAR
--> Die Sims 2 NoCD Crack german\Die Sims 2 NoCD Crack.rar
ArchiveType: RAR
NOTE! The whole archive is password protected
C:\Documents and Settings\Juan\Mis documentos\Mis archivos recibidos\antihackers kapersky con crack\Kaspersky Anti-Hacker v1.7 Build 130\Kaspersky Anti-Hacker v1.7 Build 130 Final
????.htm
Access denied! Error during file opening!
Error code: 0x0016
WARNING! Access error/file locked!
C:\Documents and Settings\Juan\Mis documentos\Mis archivos recibidos\clone cd 5045 con key
snd-clonecd5.0.4.5.cracked.exe.zip
ArchiveType: ZIP
NOTE! No files to extract.
C:\Documents and Settings\Juan\Mis documentos\Mis archivos recibidos\clone dvd
CloneDVDSetup-v3.0-Full.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
C:\Documents and Settings\Juan\Mis documentos\Mis archivos recibidos\programas adober
Adobe.Acrobat.v7.0.Professional.contraseña.www.gol desel.6x.to.rar
ArchiveType: RAR
NOTE! The whole archive is password protected
C:\Documents and Settings\Juan\Mis documentos\Mis juegos\[Crack] [Multilanguage] Die Sims 2 NoCD\Die Sims 2 NoCD Crack german
Die Sims 2 NoCD Crack.rar
ArchiveType: RAR
NOTE! The whole archive is password protected
C:\Documents and Settings\Juan\Mis documentos\Mis programas\bannermakerflash-v1.0
????.htm
Access denied! Error during file opening!
Error code: 0x0016
WARNING! Access error/file locked!
C:\Documents and Settings\Juan\Mis documentos\Mis Webs\add web promoter
AddWeb.Website.Promoter.Pro.v6.0.1.0.Incl.Keygen.a nd.Patch-ORiON.rar
ArchiveType: RAR
--> AddWeb.Website.Promoter.Pro.v6.0.1.0.Incl.Keygen.a nd.Patch-ORiON\o-aw601a.zip
ArchiveType: ZIP
--> ORiON.rar
ArchiveType: RAR
NOTE! The archive is created by multiple volumes
C:\Documents and Settings\Juan\Mis documentos\via\crear foros herramientas y scripts
Intechnic.In-bulletin.v1.0.6.PHP.NULL-WDYL.rar
ArchiveType: RAR
--> Intechnic.In-bulletin.v1.0.6.PHP.NULL-WDYL\file_id.diz
NOTE! The file is password protected
--> Intechnic.In-bulletin.v1.0.6.PHP.NULL-WDYL\wdyl.nfo
NOTE! The file is password protected
--> Intechnic.In-bulletin.v1.0.6.PHP.NULL-WDYL\ww-ib106.rar
NOTE! The file is password protected
Intechnic.In-link.v3.0.6.PHP.NULL-WDYL.rar
ArchiveType: RAR
--> Intechnic.In-link.v3.0.6.PHP.NULL-WDYL\file_id.diz
NOTE! The file is password protected
--> Intechnic.In-link.v3.0.6.PHP.NULL-WDYL\wdyl.nfo
NOTE! The file is password protected
--> Intechnic.In-link.v3.0.6.PHP.NULL-WDYL\ww-il306.rar
NOTE! The file is password protected
Intechnic.In-news.v1.0.6.PHP.NULL-WDYL.rar
ArchiveType: RAR
--> Intechnic.In-news.v1.0.6.PHP.NULL-WDYL\file_id.diz
NOTE! The file is password protected
--> Intechnic.In-news.v1.0.6.PHP.NULL-WDYL\wdyl.nfo
NOTE! The file is password protected
--> Intechnic.In-news.v1.0.6.PHP.NULL-WDYL\ww-in106.rar
NOTE! The file is password protected
Intechnic.In-portal.platform.v1.0.7.PHP.NULL-WDYL.rar
ArchiveType: RAR
--> Intechnic.In-portal.platform.v1.0.7.PHP.NULL-WDYL\file_id.diz
NOTE! The file is password protected
--> Intechnic.In-portal.platform.v1.0.7.PHP.NULL-WDYL\wdyl.nfo
NOTE! The file is password protected
--> Intechnic.In-portal.platform.v1.0.7.PHP.NULL-WDYL\ww-ip107.rar
NOTE! The file is password protected
Error! Could not change directory: System Volume Information
C:\WINDOWS\system32\config
default
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
software
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
system
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!













End of scan: domingo, 16 de octubre de 2005 13:42
Time taken: 64:07 min


8843 directories were scanned
148851 files were scanned
11 warning messages were issued
0 files were deleted
0 files were repaired
0 detections


EN EL SIGUIENTE MENSAJE PONDRE EL REPORTE DEL EWIDO Y EL DEL KAPERSKI ADEMAS DEL HIJACKIS YA QUE AQUI NO ME DEJA POR SER DEMASIADO LARGO EL MENSAJE

SIGUE DEL ANTERIOR:

_ESTE ES EL REPORTE QUE ME DIO EL EWIDO:



__________________________________________________
ewido security suite online scanner
http://www.ewido.net
__________________________________________________


Name: Spyware.Cookie.Statcounter
Path: C:\Documents and Settings\Juan\Cookies\juan@statcounter[1].txt
Risk: Medium

ESTE ES EL REPORTE DEL KAPERSKY:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, October 17, 2005 17:41:45
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 17/10/2005
Kaspersky Anti-Virus database records: 145213
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 133315
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 7876 sec

Infected Object Name - Virus Name
C:\!Submit\hosts Infected: Trojan.Win32.Qhost.r

Scan process completed.


Y ESTE ES MI Hijackthis, ahora.:

Logfile of HijackThis v1.99.1
Scan saved at 17:52:16, on 17/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\AVPersonal\AVGNT.EXE
C:\Archivos de programa\Terra\Kit Terra ADSL\dslmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\ARCHIVOS DE PROGRAMA\AVPERSONAL\AVGUARD.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\AVPersonal\INETUPD.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Juan\Escritorio\utilidades antivirus\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.es/0SEESES/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serviregalos.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serviregalos.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVGCtrl] "C:\Archivos de programa\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Consola KIT ADSL.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\ARCHIV~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Descargar con &BitSpirit - C:\Archivos de programa\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Archivos de programa\Advanced JPEG Compressor\ajcieex.htm
O12 - Plugin for .mid: C:\Archivos de programa\Internet Explorer\PLUGINS\npvmidi.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093735663697
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender-es.com/scan/Msie/bitdefender.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camaras.costablanca.org/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{18AD5172-D769-4F0A-9F7A-7E36BEF9DD58}: NameServer = 195.235.113.3 195.235.96.90
O17 - HKLM\System\CS1\Services\Tcpip\..\{18AD5172-D769-4F0A-9F7A-7E36BEF9DD58}: NameServer = 195.235.113.3 195.235.96.90
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\ARCHIVOS DE PROGRAMA\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Archivos de programa\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Bien, ahora elimina esta entrada que te detecta el kaspersky:

C:\!Submit\hosts

Luego limpia el registro de windows con el RegSeeker y nos pones un nuevo log del kasperky por favor.

bueno pues he borrado esa carpeta y vuelto a pasar el regseker y sigen saliendo las mismas 11 carpetas de siempre que por lo que se ve son inborrables, por lo demas el antivirus kapersky esta vez no ha encontrado nada. Pongo el hijackis tambien.


-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, October 18, 2005 12:48:45
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/10/2005
Kaspersky Anti-Virus database records: 145391
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 133767
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 6827 sec
No malware has been detected. The sections that have been scanned are CLEAN.

Scan process completed.


esto da el hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 12:53:44, on 18/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIVOS DE PROGRAMA\AVPERSONAL\AVGUARD.EXE
C:\Archivos de programa\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\AVPersonal\AVGNT.EXE
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Terra\Kit Terra ADSL\dslmon.exe
C:\Archivos de programa\eMule\emule.exe
C:\ARCHIV~1\INCRED~1\bin\IMApp.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Juan\Escritorio\utilidades antivirus\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.es/0SEESES/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serviregalos.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serviregalos.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVGCtrl] "C:\Archivos de programa\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Consola KIT ADSL.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\ARCHIV~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Descargar con &BitSpirit - C:\Archivos de programa\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Archivos de programa\Advanced JPEG Compressor\ajcieex.htm
O12 - Plugin for .mid: C:\Archivos de programa\Internet Explorer\PLUGINS\npvmidi.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093735663697
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender-es.com/scan/Msie/bitdefender.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camaras.costablanca.org/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{18AD5172-D769-4F0A-9F7A-7E36BEF9DD58}: NameServer = 195.235.113.3 195.235.96.90
O17 - HKLM\System\CS1\Services\Tcpip\..\{18AD5172-D769-4F0A-9F7A-7E36BEF9DD58}: NameServer = 195.235.113.3 195.235.96.90
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\ARCHIVOS DE PROGRAMA\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Archivos de programa\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Espero vuestros consejos.

¿A qué carpetas te refieres?

El log está limpio.

Las carpetas que no se eliminan son estas:

HKEY_CLASSES_ROOT
.bpdx
.deu
.fra
.idc
.jdf
.joboptions
.mjd
.ps
.sequ
en todas estas pone extension inutilizada.
luego estan estas dos
Complus metadata.Ms Corhost
Complus metadata.Ms Corhost2
en estas dos pone invalid activex/com entry cclsid

en total 11que no se borran nunca del registro.
?igual es que no se deben borrar o no se pueden¿?

No se....espero consejo.