 |
| |||||||
 InfoSpyware sortea una T-Shirts |
| Participa en el sorteo por una
"Camiseta Oficial de InfoSpyware" gracias al amigo
Enjuto Mojamuto |
| Foro Oficial de HijackThis en español Analizamos tu log de HijackThis para eliminar Hijackers, Spyware, Adware, ToolBars, Virus, Troyanos y Malwares en gral. Antes lea las Políticas del Foro de HijackThis. |
 |
| | Herramientas |
 | 
26/12/07, 15:35:37
|  |
| |||
 Xdrive no se deja desinstalar Hola coloco aquí mi log de HijackThis por cuanto leo que no lo puedo pegar en donde esta mi tema en Foros de Virus y Spywares: http://www.forospyware.com/t136632.html#post585617 Espero me puedan ayudar a eliminar todo rastro del Xdrive de mi tablet pc  Muchas gracias, Dios les bendiga, bye.  ================================================== ===== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:32:13, on 26/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Downlo~1\MyWebEx\319\atnthost.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\WINDOWS\Downlo~1\MyWebEx\319\RAAGTAPP.EXE C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\Program Files\STOPzilla!\STOPzilla.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Plaxo\2.13.1.2\PlaxoHelper.exe C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagtx.exe C:\Program Files\AutoHotkey\AutoHotkey.exe C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Key Launch\keylaunch.exe C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe C:\PROGRA~1\ICQCorp\ICQCorp.exe C:\Program Files\AllChars\AllChars.exe C:\Program Files\Strokeit\strokeit.exe C:\Program Files\Purrint\Purrint.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe C:\Program Files\TED Notepad\TedNPad.exe C:\Program Files\IDrive\IDriveETray.exe C:\Program Files\IDrive\IDriveEBackground.exe C:\Program Files\IDrive\IDriveE Service.exe C:\Program Files\CCleaner\ccleaner.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\IDrive\IDriveEClsClient.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: MisspellSearch Toolbar - {a964d547-6f05-4485-94ae-b909a5f1c809} - C:\Program Files\MisspellSearch\tbMis1.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll O2 - BHO: Trailfire Helper Object - {238D3404-0761-4B4D-851C-050A3A0AC40A} - C:\Program Files\Trailfire\trailfireToolbar-1.1.11748.dll O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: MisspellSearch Toolbar - {a964d547-6f05-4485-94ae-b909a5f1c809} - C:\Program Files\MisspellSearch\tbMis1.dll O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll O3 - Toolbar: MisspellSearch Toolbar - {a964d547-6f05-4485-94ae-b909a5f1c809} - C:\Program Files\MisspellSearch\tbMis1.dll O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll O3 - Toolbar: Trailfire Toolbar - {238D3403-0761-4B4D-851C-050A3A0AC40A} - C:\Program Files\Trailfire\trailfireToolbar-1.1.11748.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDrive\IDrvieEStartup.exe" Hide O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.2\PlaxoHelper.exe -a O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [XdriveTray] "C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe" /trayicon (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: AutoHotkey.ahk O4 - Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe O4 - Global Startup: WebEx PCNow.lnk = C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagtx.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Save to &Xdrive - res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll O15 - Trusted Zone: http://listado.mercadolibre.com.ec O15 - Trusted Zone: http://www.mercadolibre.com.ec O16 - DPF: WebLiveTrack - http://www.magaya.com/products/WebLvTk.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\..\{7990F529-1108-4B3F-AF71-99DDC2414434}: NameServer = 200.63.242.110,200.25.144.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{D4ED9B4F-693F-4AAA-9810-729A6A926252}: NameServer = 200.25.144.1,200.63.212.110 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: mnm_7_bta - C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\MNMEventNotify.dll O20 - Winlogon Notify: System Safety Monitor - C:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll O23 - Service: WebEx Remote Access Agent (atnthost) - WebEx Communications, Inc. - C:\WINDOWS\Downlo~1\MyWebEx\319\atnthost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDrive\IDriveE Service.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Streamload Service (StreamloadService) - Streamload - C:\Program Files\Streamload\MediaMax XL\StreamloadService.exe O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E} -- End of file - 13803 bytes ================================================== ====      |
|
29/12/07, 13:52:28
| |
| ||||
| Re: Xdrive no se deja desinstalar Hola, hay algunas entradas por reparar, he visto tu tema en el Foro de Virus y desde ya te digo que con Hijackthis no vamos a poder desinstalar el programa. Sigue estos pasos: - Cierra todos los programas, ejecuta HijackThis y dale "Fix Cheked" a estas entradas: R3 - URLSearchHook: MisspellSearch Toolbar - {a964d547-6f05-4485-94ae-b909a5f1c809} - C:\Program Files\MisspellSearch\tbMis1.dll O2 - BHO: MisspellSearch Toolbar - {a964d547-6f05-4485-94ae-b909a5f1c809} - C:\Program Files\MisspellSearch\tbMis1.dll O3 - Toolbar: MisspellSearch Toolbar - {a964d547-6f05-4485-94ae-b909a5f1c809} - C:\Program Files\MisspellSearch\tbMis1.dll - Reinicia en Modo Seguro - Sin reiniciar, busca y elimina esta carpeta con todo su contenido: C:\Program Files\MisspellSearch\ - Pasa el Ccleaner y siguiendo los pasos de su manual utiliza las opciones Limpiador y Registro. Mi recomendación para que desinstales dicho programa es que lo instales nuevamente, reinicies el sistema y verifiques si aparece en la sección Agregar/Quitar programas. Si aún así no puedes desinstalarlo entonces opta por eliminar la carpeta con todo su contenido, pero en Modo Seguro luego limpias el regiostro con Ccleaner para que no queden rastros del programa. Saludos  Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
| |
|
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| Problemas àra desinstalar Kaspersky | eduardblanco | Foro de Virus y Spywares | 2 | 05/04/07 04:44:15 |
| No me deja desinstalar NOD32 antivirus system (Solucionado) | Dasky | AntiVirus | 3 | 28/02/07 20:05:38 |
| No puedo desinstalar el Spyware Doctor!!!! | LaTati | AntiSpywares | 5 | 25/02/07 20:20:59 |
| Necesito Ayuda No Puedo Desinstalar Panda Titanium 2006 Antivirus + Antispyware | Kraizee | AntiVirus | 1 | 19/02/07 12:15:40 |
| El PANDA no se deja domar | ciudad de tunja | Foro de Software | 2 | 18/04/06 18:56:10 |
Todas las horas son GMT -4. La hora es 00:27:43.
