Blog Registrarse Manuales Programas Glosario

Regresar   Foro de Spyware » Informática en General » Foro de Hardware
Actualizar Problema con Restauración del Sistema (Solucionado)
 

Para evitar Virus, Spyware y otros Malwares, te recomendamos mantenerte informado en: InfoSpyware Blog


Foro de Hardware Dudas y consultas sobre Hardware. Procesadores, Memorias, T. de video, Refrigeración, etc..

Tema Cerrado
Página 1 de 2 1 2
 
Enviar a: Herramientas
  post #1  
Antiguo 18/03/08, 06:01:35
Usuario
  
Registrado: jun 2007
Ubicación: ibiza
Mensajes: 82
Problema con Restauración del Sistema (Solucionado)
hola chicos tengo un problemilla con la restauracion del sistema, tengo windows xp home edition. He visitado ayuda y soporte tecnico de microsoft pero no he encontrado mi solucion aunque si algunas pistas. El problema en concreto es el sistema de restauracion se me desconecta y me desaparecen los puntos de restauracion asi que lo tengo chungo para poder trabajar con mi portatil, he ido a event viewer/system/sr y dice error asi: the system restore filter encountered the unexpected error 0x000000D while processing the file BOOT.INI on the volume HarddiskVolume3. it has stopped monitoring the volume. busque en la google y nada de nada, esta claro que esa particion me esta parando el sistema de restauracion pero en microsoft no me hablan nada de un volumen 3 en mi disco duro , cuando voy a las particiones en inicio ejecutar me salen tres particiones la c la d que es el hp recovery y otra desconocida que esta al 37% las otras estan al 50%.Tambien he intentado con el disco de recuperacion del pc que copie con el servicio hp recovery para ya que no puedo encontrar un punto de restauracion anterior a ver si con el cd de recuperacion puedo volver al estado de mi pc cuando lo compre, pero me dice esto otro:systemroot/system32/config/SAM, error stop:C0000218 el disco esta corrupto o bloqueado o algo asi, asi que tampoco puedo hacerlo, estoy desesperada y no se que hacer. Alquien seria tan amable de ayudarme????? no me gustaria formatear porque no se si se lo solucionare con el formateo, ademas no tengo el cd de windows ya que la tienda no me lo dio asi que no puedo reiniciar el sistema operativo. ayudaaaaaaaaaaaaaa
Última edición por susaniitq fecha: 18/03/08 a las 06:29:50.
InfoSpyware

  post #2  
Antiguo 18/03/08, 06:44:27
Avatar de Alyana
Moderadora Gral.
  
Registrado: abr 2007
Ubicación: España
Mensajes: 8.931
Re: estoy super agobiaaaaaadaaaaaa
El volumen 3 se está refiriendo a esta partición que tu dices que es desconocida para ti, puede que esta partición esté creada para guardar los puntos de restauración y esa parte del disco duro esté dañada por alguna causa o algún virus esté impidiendo que accedas a la misma o a los puntos de restauración.

Hazle un escandisk a todo el disco duro

Haz todos estos pasos
Qué son los Spywares, cómo funcionan y cómo eliminarlos

Si tienes la partición de Recovery puedes volver a tu disco duro al estado como cuando lo compraste por este medio, justo al arrancar tu pc verás una primera pantalla con la opción de entrar al Recovery (creo que en HP es F10), al igual que con el cd que creaste con el recovery debes arrancar tu pc con el dentro y con la secuencia de inicio o boot en la bios para el cdrom ya que desde el sistema no lo vas a poder hacer.



Saludos
Linux user #467378

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
  post #3  
Antiguo 18/03/08, 06:57:03
Usuario
  
Registrado: jun 2007
Ubicación: ibiza
Mensajes: 82
Re: Problema con Restauración del Sistema
alyana muchisimas gracias por tu pronta respuesta hare lo que dices, pero la segunda opcion con mi disco de recuperacion de hp no me deja se me pone la pantalla en azul y me dice error corrupto o bloqueado por lo que el disco que cree no me lo carga, gracias e intentare hacer lo que dices, tambien estoy intentando meter el kaspersky ya en el escaneo online me dice que tengo 6 virus y en el escaneo de mi antivirus(avast)no me pone nada, muchisimas gracias y porfi no te vayas muy lejos
  post #4  
Antiguo 18/03/08, 15:30:52
Usuario
  
Registrado: jun 2007
Ubicación: ibiza
Mensajes: 82
Re: Problema con Restauración del Sistema
Alyana ya hice todo lo que dijistes paso por paso y aqui te mando el reporte:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:02, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Telefonica\bin\sprtcmd.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [DeleteLog] c:\windows\system32\oobe\DeleteLog.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Telefonica] "C:\Program Files\Telefonica\bin\sprtcmd.exe" /P Telefonica
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC AE.EXE /FU "C:\WINDOWS\TEMP\E_SC4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Security Service] NTSecurity.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (WficaCtl Object) - http://download2.citrix.com/FILES/en/products/client/ale/current/wfica.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149762579609
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13846 bytes

y bueno saque muchos virus y spywares y todo eso gracias pero sigo teniendo el problema de no crear puntos de restauracion y se me desconecta el servicio de restauracion solo ademas de tener problemas tambien con las actualizaciones de windows a pesar de que mi windows es original, y tengo una carpeta en el disco c con muchos numeros y letras en la que entrando encuentro un spmsg.dll y spuninst.exe y dos carpetas sp2qfe y update que dicen que estan vacias pero que no pudo ni borrar ni entrar incluco con el fileassassin, creo que deberia restaurar el windows xp home edition pero no tengo el cd aunque es original la tienda no me lo dio, y como antes comentaba al intentar acceder a la recuperacion del pc mediante la particion de recuperacion de la unidad del disco duro no me deja y me pone la pantalla en azul, y si la intento mediante los cd de recuperacion me sale lo mismo:stop c0000218 asi que al final la unica solucion ha ser formatear y no quiero si es que antes no me dais una solucion.muchas gracias
  post #5  
Antiguo 18/03/08, 20:33:08
Avatar de GuillermoTell
Moderador Gral.
  
Registrado: abr 2006
Ubicación: Colombia
Mensajes: 7.912
Articulo Re: Problema con Restauración del Sistema
Hola susaniitq por favor realiza los siguientes pasos para comenzar con la desinfección de tu PC.


-Apaga el "Restaurar Sistema" (solo en Win Me y XP) y activa ver archivos ocultos.

- Descarga, Instala y/o actualiza estos programas, (pero no las ejecutes aun).
  • Malwarebytes' Anti-Malware <---instalalo y actualizalo pero no lo ejecutes todavia.
    NOTA: Si despues de instalarlo el lenguaje esta en Ingles ve a la pestaña "Settings" y lo cambias a Español.

  • SDFix.exe <---instalalo pero no le ejecutes todavia. Por defecto este programa se instalara en la carpeta C:\SDFix.

-Reinicia en Modo Seguro (a prueba de fallos)
  • Ejecuta Hijackthis con todos los programas cerrados y dale a las siguientes entradas:

O4 - HKLM\..\Run: [DeleteLog] c:\windows\system32\oobe\DeleteLog.exe

O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe

O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe

O4 - HKCU\..\Policies\Explorer\Run: [NT Security Service] NTSecurity.exe


-Ejecuta estos programas (de a uno).
  • Malwarebytes' Anti-Malware
  • Ve a la pestaña "Herramientas" y ejecuta el Fileassassin para eliminar los archivos que te pongo a continuación en rojo:
    C:\Windows\System32\WinSecure.exe
    C:\Windows\System32\NTSecurity.exe

  • A continuación realiza un escaneo completo del PC y elimina las infecciones que este detecte.
    NOTA: Esto es fundamental, mandalas a cuarentena y eliminalas desde alli y pegas el reporte generado despues de la eliminación.

    El reporte queda guardado en la pestaña "Logs" o "Registros" en español, abres el reporte y copias el contenido para pegarlo en este tema.
  • Ejecuta SDFix siguiendo los pasos indicados en su Manual.

Cita:
Entra en la carpeta C:\SDFix ubicada en el escritorio y haz doble clic sobre el archivo "Runthis.bat" luego, presiona la tecla "Y" para que comience el chequeo, al terminar, se creará un archivo dentro de la carpeta C:\SDFix llamado Report.txt, copia y pega lo que indique ese reporte acá.
- Reinicia en modo normal y usa el CCleaner para limpiar el sistema.
Primero utiliza la opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
Luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

-Pega los reportes generados por SDFix y Malwarebytes' Anti-Malwarepara revisarlos junto a un nuevo Log de Hijackthis.

NOTA:
-Para mayor comodidad imprime los pasos.
-Al terminar los pasos esconde los archivos ocultos y activa restaurar sistema.
-Recuerda volver y contarnos los resultados.
ForoSpyware lo mantenemos voluntarios que tenemos nuestros trabajos y obligaciones fuera, por lo que no estamos 24/7, a lo que te pedimos paciencia en el análisis y respuesta de tu caso.


Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
  post #6  
Antiguo 19/03/08, 10:51:38
Usuario
  
Registrado: jun 2007
Ubicación: ibiza
Mensajes: 82
Bien Re: Problema con Restauración del Sistema
He encontrado problemillas:
1.Cuando entre en modo seguro entre en la cuenta de administrador ya que tengo 3 cuentas pero todas con beneficios de administrador y cuando hice el escaneo con el hijackthis SOLO ME SALIO UN REPORTE de los que me dijistes a arreglar con el mismo programa y lo arregle.

2.Cuando corri el malwarebytes SOLO ENCONTRE UNO de los dos entradas que me distes a borrar con el fileassassin y la borre.

3.Ha continuacion hice todo lo que me dijistes despues y corri el sdfix y se me restauro, cuando volvi a estado normal de windows este programa siguio arreglando el registro y termino.

4.Entonces en modo normal corri otra vez el hijackthis y entonces si encontre los reportes que me dejastes para arreglarlos desde el mismo programa, asi que lo hice pero en modo normal con mi cuenta.
Hay preguntas que hacerte:
a) Tendria que hacer todo lo que me dices con todas las cuentas de usuario?
b) Porque el sdfix siguio terminando el chequeo en estado normal?
c) Desde que utilice el spybot cuando enciendo el ordenador me sale automaticamente el escaneo y no veo la opcion de desactivar este servicio, tendria que desistalarlo?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:40:13, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Telefonica\bin\sprtcmd.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Telefonica] "C:\Program Files\Telefonica\bin\sprtcmd.exe" /P Telefonica
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeleteLog] c:\windows\system32\oobe\DeleteLog.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC AE.EXE /FU "C:\WINDOWS\TEMP\E_SC4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (WficaCtl Object) - http://download2.citrix.com/FILES/en/products/client/ale/current/wfica.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149762579609
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13359 bytes

YA SABES QUE ESTE ESCANEO ESTA HECHO DESDE EL MODO NORMAL PUES COMO TE DIJE ANTES DESDE EL MODO SEGURO SOLO ME APARECIO UNO DE LOS REPORTES LO CHEQUEE Y LO ARREGLE.


SDFix: Version 1.159

Run by Administrator on 19/03/2008 at 14:49

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Service asc3550p - Deleted after Reboot

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\NTSpool.exe - Deleted
C:\WINDOWS\system32\drivers\asc3550p.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 14:56:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\System\AmdK8]
"EventMessageFile"=str(2):"%SystemRoot%\System32\I oLogMsg.dll;%SystemRoot%\System32\drivers\AmdK8.sy s"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\System\NtServicePack]
"EventMessageFile"=str(2):"%SystemRoot%\System32\s pmsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\System\SynTP]
"EventMessageFile"=str(2):"%SystemRoot%\System32\I oLogMsg.dll;%SystemRoot%\System32\drivers\SynTP.sy s"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\System\Windows Installer 3.1]
"EventMessageFile"=str(2):"%SystemRoot%\System32\s pmsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:21,e2,ff,21,3d,dc,b9,de,f3,fa,5b,f7,72 ,10,29,b9,aa,71,e8,c9,92,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\E ventlog\System\AmdK8]
"EventMessageFile"=str(2):"%SystemRoot%\System32\I oLogMsg.dll;%SystemRoot%\System32\drivers\AmdK8.sy s"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\E ventlog\System\NtServicePack]
"EventMessageFile"=str(2):"%SystemRoot%\System32\s pmsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\E ventlog\System\SynTP]
"EventMessageFile"=str(2):"%SystemRoot%\System32\I oLogMsg.dll;%SystemRoot%\System32\drivers\SynTP.sy s"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\E ventlog\System\Windows Installer 3.1]
"EventMessageFile"=str(2):"%SystemRoot%\System32\s pmsg.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:77,51,2f,f2,7d,55,c6,eb,79,8c,3e,a9,de ,5d,fd,38,2d,f7,42,a6,54,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Setup\OptionalComponents\SwFlash]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Shell Extensions\Approved\{A103CA63-C5AA-8C92-F225-FF2BB90A0BEA}]
"ableichcddgahommfphbiaepbgdflebekk"=hex:61,61,00, 00
"bbleichcddgahommfpmadnpdmpmeeljifmef"=hex:61,61,0 0,00
scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 44

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Enabled:WinD VD"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Messenger"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\ \system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPSÖ›¶‡æ‡Ò à"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\H elpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\ system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\SEGA\\Virtua Tennis\\VIRTUA_TENNIS_PC.exe"="C:\\Program Files\\SEGA\\Virtua Tennis\\VIRTUA_TENNIS_PC.exe:*:Enabled:VIRTUA_TENN IS_PC"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\SEGA\\Virtua Tennis 3\\VT3.EXE"="C:\\Program Files\\SEGA\\Virtua Tennis 3\\VT3.EXE:*:Enabled:Virtua Tennis 3"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\network diagnostic\\xpnetdiag.exe:*:Enabled:Network Diagnostic for Windows XP"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCas t Adver"
"C:\\Documents and Settings\\Justin\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Justin\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\viviplay\\viviplay.exe"="C:\\Program Files\\viviplay\\viviplay.exe:*:Enabled:ViViMediaP lay"
"C:\\Program Files\\viviplay.exe"="C:\\Program Files\\viviplay.exe:*:Enabled:ViViMediaPlay"
"C:\\Documents and Settings\\Justin\\Desktop\\viviplay.exe"="C:\\Docu ments and Settings\\Justin\\Desktop\\viviplay.exe:*:Enabled: ViViMediaPlay"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\SEGA\\Virtua Tennis 3\\Config.exe"="C:\\Program Files\\SEGA\\Virtua Tennis 3\\Config.exe:*:Enabled:Configuraci¢n"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\PPMate\\ppmnet.exe"="C:\\Program Files\\PPMate\\ppmnet.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS Ö›¶‡¬àÓë’ö"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Progra m Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:Re alPlayer"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\uusee\\UUSeePlayer.exe"="C:\\Program Files\\uusee\\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\viviplay.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\viviplay.exe:*:Enabled:ViViMediaPl ay"
"C:\\Documents and Settings\\Justin\\Local Settings\\Temporary Internet Files\\Content.IE5\\041QKKKN\\viviplay[1].exe"="C:\\Documents and Settings\\Justin\\Local Settings\\Temporary Internet Files\\Content.IE5\\041QKKKN\\viviplay[1].exe:*:Enabled:ViViMediaPlay"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Progra m Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:Qu ickTime Player"
"C:\\Documents and Settings\\Justin\\Local Settings\\Temporary Internet Files\\Content.IE5\\T2OOQGFR\\viviplay[1].exe"="C:\\Documents and Settings\\Justin\\Local Settings\\Temporary Internet Files\\Content.IE5\\T2OOQGFR\\viviplay[1].exe:*:Enabled:ViViMediaPlay"
"C:\\Documents and Settings\\Justin\\Local Settings\\Temporary Internet Files\\Content.IE5\\UZGGWD17\\viviplay[1].exe"="C:\\Documents and Settings\\Justin\\Local Settings\\Temporary Internet Files\\Content.IE5\\UZGGWD17\\viviplay[1].exe:*:Enabled:ViViMediaPlay"
"C:\\Documents and Settings\\Justin\\My Documents\\subtitulos\\viviplay.exe"="C:\\Document s and Settings\\Justin\\My Documents\\subtitulos\\viviplay.exe:*:Enabled:ViVi MediaPlay"
"C:\\Documents and Settings\\Justin\\Local Settings\\Temp\\5exmdnk28.exe"="C:\\Documents and Settings\\Justin\\Local Settings\\Temp\\5exmdnk28.exe:*:Disabled:5exmdnk28 "
"C:\\Documents and Settings\\Justin\\My Documents\\seriales\\viviplay.exe"="C:\\Documents and Settings\\Justin\\My Documents\\seriales\\viviplay.exe:*:Enabled:ViViMe diaPlay"
"C:\\Documents and Settings\\Justin\\Local Settings\\Temp\\56exmdnk30.exe"="C:\\Documents and Settings\\Justin\\Local Settings\\Temp\\56exmdnk30.exe:*:Disabled:56exmdnk 30"
"C:\\Documents and Settings\\Justin\\Local Settings\\Temp\\71exmdnk33.exe"="C:\\Documents and Settings\\Justin\\Local Settings\\Temp\\71exmdnk33.exe:*:Disabled:71exmdnk 33"
"C:\\Documents and Settings\\Justin\\Local Settings\\Temp\\2exmdnk34.exe"="C:\\Documents and Settings\\Justin\\Local Settings\\Temp\\2exmdnk34.exe:*:Disabled:2exmdnk34 "
"C:\\Program Files\\tmp63109.exe"="C:\\Program Files\\tmp63109.exe:*:Disabled:tmp63109"
"C:\\Documents and Settings\\Justin\\Local Settings\\Temp\\19exmdnk35.exe"="C:\\Documents and Settings\\Justin\\Local Settings\\Temp\\19exmdnk35.exe:*:Enabled:19exmdnk3 5"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp100109.exe"
Sat 10 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp101250.exe"
Wed 14 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp101812.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp101984.exe"
Mon 12 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp105562.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp106218.exe"
Tue 13 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp10715515.exe"
Tue 13 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp10721156.exe"
Sat 10 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp109562.exe"
Wed 14 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp109890.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp113328.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp117875.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp118796.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp123531.exe"
Thu 15 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp134328.exe"
Thu 15 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp139671.exe"
Sun 18 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp144578.exe"
Sun 18 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp146296.exe"
Sun 18 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp149718.exe"
Mon 12 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp15382375.exe"
Mon 12 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp15388171.exe"
Sun 18 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp157187.exe"
Sat 10 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp1626656.exe"
Sat 10 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp1632375.exe"
Wed 14 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp1717765.exe"
Wed 14 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp1725656.exe"
Sun 11 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp18813875.exe"
Sun 11 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp18819843.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp189812.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp196640.exe"
Sun 11 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp213421.exe"
Sun 11 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp219468.exe"
Sun 11 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp2363453.exe"
Sun 11 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp2370703.exe"
Sun 11 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp2484531.exe"
Sun 11 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp2491156.exe"
Thu 15 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp253296.exe"
Thu 15 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp258484.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp272875.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp278671.exe"
Tue 13 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp2793000.exe"
Tue 13 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp2798703.exe"
Tue 13 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp3391531.exe"
Tue 13 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp3397937.exe"
Sat 17 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp43303796.exe"
Fri 9 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp4999187.exe"
Fri 9 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp5004921.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp63109.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp64015.exe"
Sun 11 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp66890.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp69296.exe"
Tue 13 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp69515.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp70500.exe"
Wed 16 Mar 2005 16,528 ..SHR --- "C:\Program Files\tmp71328.exe"
Sun 11 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp72187.exe"
Sun 18 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp73593.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp73890.exe"
Sun 18 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp75593.exe"
Thu 15 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp75671.exe"
Sun 18 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp75718.exe"
Wed 14 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp76437.exe"
Tue 13 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp76703.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp77296.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp77781.exe"
Sun 18 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp79093.exe"
Thu 16 Mar 2006 16,528 ..SHR --- "C:\Program Files\tmp80000.exe"
Mon 12 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp80406.exe"
Sun 18 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp80796.exe"
Thu 15 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp80968.exe"
Tue 13 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp81000.exe"
Fri 9 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp81718.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp82218.exe"
Fri 9 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp83062.exe"
Wed 14 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp83171.exe"
Tue 13 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp83484.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp84093.exe"
Fri 9 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp84125.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp84203.exe"
Fri 18 Mar 2005 16,528 ..SHR --- "C:\Program Files\tmp84609.exe"
Sat 10 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp85203.exe"
Mon 12 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp85671.exe"
Tue 13 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp85718.exe"
Thu 15 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp86062.exe"
Sun 11 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp86078.exe"
Sun 11 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp86406.exe"
Tue 13 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp86437.exe"
Sun 18 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp86509109.exe"
Fri 9 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp87671.exe"
Thu 15 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp87718.exe"
Fri 9 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp88484.exe"
Fri 9 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp89312.exe"
Sat 17 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp89906.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp90140.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp90171.exe"
Sat 10 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp90453.exe"
Thu 15 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp91359.exe"
Sun 11 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp91796.exe"
Tue 13 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp91968.exe"
Sun 11 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp92125.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp93031.exe"
Thu 15 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp93906.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp95546.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp95609.exe"
Fri 17 Mar 2006 16,528 ..SHR --- "C:\Program Files\tmp97296.exe"
Fri 16 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp98296.exe"
Mon 12 Mar 2007 16,528 ..SHR --- "C:\Program Files\tmp98609.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 8 Jun 2006 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Tue 23 Jan 2007 952 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Finished!
YA SABES LO QUE OCURRIO CON ESTE, ESTA HECHO PERO SIN ARREGLAR LAS ENTRADAS QUE ME DISTES PARA EL HIJACKTHIS, PUES EN LE.
Malwarebytes' Anti-Malware 1.08
Versión de la Base de Datos: 503
Tipo de examen : Examen Rápido
Objetos examinados: 33913
Tiempo transcurrido: 20 minute(s), 49 second(s)
Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 1
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 110
Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Claves del Registro Infectadas:
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
Valores del Registro Infectados:
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)
Carpetas Infectadas:
(No se han detectado elementos maliciosos)
Ficheros Infectados:
C:\Program Files\tmp1626656.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\tmp1632375.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\tmp1717765.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\tmp1725656.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\tmp2363453.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\tmp2370703.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\tmp2484531.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\tmp2491156.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\tmp2793000.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\tmp2798703.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\tmp3391531.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\tmp3397937.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\tmp4999187.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\tmp5004921.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\tmp100109.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp101250.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp101812.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp101984.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp105562.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp106218.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp10715515.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp10721156.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp109562.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp109890.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp113328.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp117875.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp118796.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp123531.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp134328.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp139671.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp144578.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp146296.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp149718.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp15382375.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp15388171.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp157187.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp18813875.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp18819843.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp189812.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp196640.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp213421.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp219468.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp253296.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp258484.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp272875.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp278671.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp43303796.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp63109.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp64015.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp66890.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp69296.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp69515.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp70500.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp71328.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp72187.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp73593.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp73890.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp75593.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp75671.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp75718.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp76437.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp76703.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp77296.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp77781.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp79093.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp80000.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp80406.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp80796.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp80968.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp81000.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp81718.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp82218.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp83062.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp83171.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp83484.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp84093.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp84125.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp84203.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp84609.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp85203.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp85671.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp85718.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp86062.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp86078.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp86406.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp86437.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp86509109.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp87671.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp87718.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp88484.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp89312.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp89906.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp90140.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp90171.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp90453.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp91359.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp91796.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp91968.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp92125.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp93031.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp93906.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp95546.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp95609.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp97296.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp98296.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\tmp98609.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dywtifcyvs_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mmllkjaxww_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dywtifcyvs_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mmllkjaxww_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
Última edición por susaniitq fecha: 19/03/08 a las 12:25:28.
  post #7  
Antiguo 20/03/08, 05:27:19
Usuario
  
Registrado: jun 2007
Ubicación: ibiza
Mensajes: 82
Re: Problema con Restauración del Sistema
A ver si alquien ojea mis reportes y me dice algo.

LA BUENA NOTICIA ES QUE YA NO SE BLOQUEA EL SISTEMA DE RESTAURACION POR LO QUE PODRIAMOS DAR EL TEMA POR RESUELTO
AUNQUE ME QUEDARON ALGUNAS DUDAS QUE YA HE EXPUESTO
  post #8  
Antiguo 20/03/08, 18:01:21
Avatar de GuillermoTell
Moderador Gral.
  
Registrado: abr 2006
Ubicación: Colombia
Mensajes: 7.912
Articulo Re: Problema con Restauración del Sistema
Hola, por favor realiza los siguientes pasos para terminar de Limpiar tu PC.


NOTA
Antes de prodeder con los pasos para la desinfección desinstale estos programas si los tuviera instalados:


MessengerSkinner
InternetGameBox
Instant Access
HotTVPlayer
MailSkinner
GoRecord
Go-Astro
sudoku


-Descargue, instale y/o actualice los siguientes programas (pero no los ejecute aun).

SuperAntiSpyware.

NAVILOG1 (por IL-MAFIOSO).


-Reinicia en Modo Seguro(a prueba de fallos) y activa ver archivos ocultos.


-Ejecutar estos programas (de a uno).
  • Superantispyware. <-----Eliminar las infecciones que este encuentre.
  • NAVILOG1 <----- Siga las instrucciones de ejecución de su Manual.
NOTA:Recuerda seleccionar la opcion "2" - "Automatic Cleaning" (limpieza automatica)
-Reinicia en modo normal y usa el CCleaner para limpiar el sistema.
Primero utiliza la opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
Luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


-Saca un nuevo Log de Hijackthis para revisarlo junto al reporte generado por NAVILOG1 que se encuentra en C:\fixnavi.txt.


NOTA:
  • Para mayor comodidad imprime los pasos.
  • Al terminar los pasos esconde los archivos ocultos.
  • Al terminar el proceso de desinfección desinstala NAVILOG1.
ForoSpyware lo mantenemos voluntarios que tenemos nuestros trabajos y obligaciones fuera, por lo que no estamos 24/7, a lo que te pedimos paciencia en el análisis y respuesta de tu caso.


Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
  post #9  
Antiguo 22/03/08, 01:19:12
Usuario
  
Registrado: jun 2007
Ubicación: ibiza
Mensajes: 82
Re: Problema con Restauración del Sistema
Antetodo muchisimas gracias por tu tiempo y consejo.
Aqui ten envio los reportes de los ultimos pasos que me aconsejastes:Search Navipromo version 3.5.0 began on 21/03/2008 at 22:05:03.75

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Updated on 04.03.2008 at 17h00 by IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 7.0.5730.11
Filesystem type : NTFS

Done in safe mode

*** Searching for installed Software ***




*** Search folders in C:\WINDOWS ***



*** Search folders in C:\Program Files ***



*** Search folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Search folders in "C:\Documents and Settings\Justin\applic~1" ***



*** Search folders in "C:\Documents and Settings\Justin\locals~1\applic~1" ***



*** Search folders in "C:\Documents and Settings\Justin\startm~1\programs" ***


*** Search folders in C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

No file found



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in C:\WINDOWS\system32 *

* Scan in "C:\Documents and Settings\Justin\locals~1\applic~1" *



*** Search files ***


C:\WINDOWS\pack.epk found !


*** Search specific Registry keys ***

HKEY_CURRENT_USER\Software\Lanconfig found !

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In C:\WINDOWS\system32 :

dywtifcyvs.dat found !
mmllkjaxww.dat found !

* In "C:\Documents and Settings\Justin\locals~1\applic~1" :


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
OOO-Favorit certificate not found !

4)Search known files :



*** Search completed on 21/03/2008 at 22:21:49.95 ***


Y A CONTINUACION EL NUEVO REPORTE DE HIJACKTHIS:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:08:20, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Telefonica] "C:\Program Files\Telefonica\bin\sprtcmd.exe" /P Telefonica
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeleteLog] c:\windows\system32\oobe\DeleteLog.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC AE.EXE /FU "C:\WINDOWS\TEMP\E_SC4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (WficaCtl Object) - http://download2.citrix.com/FILES/en/products/client/ale/current/wfica.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149762579609
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13263 bytes



SOLO QUISIERA QUE ME CONTESTARAS A UNA DE LAS PREGUNTAS QUE TE HICE ANTERIORMENTE Y NO ME CONTESTASTES:
1. TENDRIA QUE HACER TODO ESTO CON TODAS LAS CUENTAS DE USUARIO???????

2. CUANDO ENCIENDO MI PC EL SPYBOT RECONOCE QUE UNA ENTRADA EN EL REGISTRO ESTA INTENTANDO MODIFICARSE LLAMADA STARTUP GLOBAL SISTEM, YO LA CANCELO CON EL SPYBOT, IGUAL OS SIRVE ESTO DE ALGO.

3. EL SPYBOT SE INICIA EL ANALISIS CUANDO ENCIENDO EL ORDENADOR, COMO LO DESACTIVO?NO HAY NINGUNA OPCION PARA ELLO.

4. EL MALWAREBYTES TIENE UNA OPCION DE INMUNIZAR PERO CUANDO CIERRO EL PROGRAMA YA NO INMUNIZA?COMO LO HAGO PARA QUE INMUNICE TODO EL RATO?COMO EL SPYBLASTER QUE INMUNICATODO EL RATO O ESO CREO, ESTOY EN LO CIERTO??

5. Y POR ULTIMO CUANDO INTENTO ESCANEAR CON EL KASPERSKY ONLINE ME DICE QUE LA BASE DE DATOS HA CADUCADO O ALGO ASI Y NO ME DEJA ANALIZAR!!!!!!!

GRACIAS DE ANTEMANO
Última edición por susaniitq fecha: 22/03/08 a las 04:30:22.
  post #10  
Antiguo 22/03/08, 11:28:41
Usuario
  
Registrado: jun 2007
Ubicación: ibiza
Mensajes: 82
Re: Problema con Restauración del Sistema
TAMBIEN OS ADJUNTO EL REPORTE DEL KASPERSKY ONLINE:

C:\Documents and Settings\Administrator\Desktop\catchme.zip/asc3550p.sys Infectados: Trojan-Proxy.Win32.Saturn.ai saltado

C:\Documents and Settings\Administrator\Desktop\catchme.zip ZIP: infectado - 1 saltado

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked saltado

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked saltado

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12212006-140354.log Object is locked saltado

C:\Documents and Settings\Default User\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\FM_log.txt Object is locked saltado

C:\Documents and Settings\Justin\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\DM_log.txt Object is locked saltado

C:\Documents and Settings\Justin\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\FM_log.txt Object is locked saltado

C:\Documents and Settings\Justin\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\HookStarter_log.txt Object is locked saltado

C:\Documents and Settings\Justin\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked saltado

C:\Documents and Settings\Justin\Cookies\index.dat Object is locked saltado

C:\Documents and Settings\Justin\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked saltado

C:\Documents and Settings\Justin\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked saltado

C:\Documents and Settings\Justin\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked saltado

C:\Documents and Settings\Justin\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked saltado

C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{8D0F93B2-8446-463C-8CD4-A5C89BDA8C14} Object is locked saltado

C:\Documents and Settings\Justin\Local Settings\History\History.IE5\index.dat Object is locked saltado

C:\Documents and Settings\Justin\Local Settings\Temp\~DFCF72.tmp Object is locked saltado

C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado

C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado

C:\Documents and Settings\Justin\ntuser.dat Object is locked saltado

C:\Documents and Settings\Justin\ntuser.dat.LOG Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\ntuser.dat Object is locked saltado

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado

C:\fe18ef225603d1fec8e9cf12fe47fd\sp2qfe\portcls.s ys Object is locked saltado

C:\fe18ef225603d1fec8e9cf12fe47fd\spmsg.dll Object is locked saltado

C:\fe18ef225603d1fec8e9cf12fe47fd\spuninst.exe Object is locked saltado

C:\fe18ef225603d1fec8e9cf12fe47fd\update\branches. inf Object is locked saltado

C:\fe18ef225603d1fec8e9cf12fe47fd\update\eula.txt Object is locked saltado

C:\fe18ef225603d1fec8e9cf12fe47fd\update\KB892559. CAT Object is locked saltado

C:\fe18ef225603d1fec8e9cf12fe47fd\update\spcustom. dll Object is locked saltado

C:\fe18ef225603d1fec8e9cf12fe47fd\update\update.ex e Object is locked saltado

C:\fe18ef225603d1fec8e9cf12fe47fd\update\update.ve r Object is locked saltado

C:\fe18ef225603d1fec8e9cf12fe47fd\update\updatebr. inf Object is locked saltado

C:\fe18ef225603d1fec8e9cf12fe47fd\update\update_SP 2QFE.inf Object is locked saltado

C:\fe18ef225603d1fec8e9cf12fe47fd\update\updspapi. dll Object is locked saltado

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked saltado

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked saltado

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked saltado

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked saltado

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked saltado

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked saltado

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked saltado

C:\SDFix\backups\backups.zip/backups/NTSpool.exe Infectados: Backdoor.Win32.SdBot.cxo saltado

C:\SDFix\backups\backups.zip ZIP: infectado - 1 saltado

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP11\change.log Object is locked saltado

C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado

C:\WINDOWS\SchedLgU.Txt Object is locked saltado

C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado

C:\WINDOWS\Sti_Trace.log Object is locked saltado

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked saltado

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked saltado

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked saltado

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\default Object is locked saltado

C:\WINDOWS\system32\config\default.LOG Object is locked saltado

C:\WINDOWS\system32\config\Internet.evt Object is locked saltado

C:\WINDOWS\system32\config\SAM Object is locked saltado

C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\SECURITY Object is locked saltado

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado

C:\WINDOWS\system32\config\software Object is locked saltado

C:\WINDOWS\system32\config\software.LOG Object is locked saltado

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\system Object is locked saltado

C:\WINDOWS\system32\config\system.LOG Object is locked saltado

C:\WINDOWS\system32\drivers\atapi.sys Object is locked saltado

C:\WINDOWS\system32\drivers\sptd.sys Object is locked saltado

C:\WINDOWS\system32\h323log.txt Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado

C:\WINDOWS\Temp\Perflib_Perfdata_780.dat Object is locked saltado

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked saltado

C:\WINDOWS\wiadebug.log Object is locked saltado

C:\WINDOWS\wiaservc.log Object is locked saltado

C:\WINDOWS\WindowsUpdate.log Object is locked saltado

D:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP11\change.log Object is locked saltado

Análisis completado.

Y DECIROS QUE HE BORRADO MANUALMENTE LOS 10 PRIMEROS DEL SISTEMA EL RESTO NO LO HICE TODABIA A LA ESPERA DE CONSEJO
GRACIAS DE ANTEMANO
Tema Cerrado
Página 1 de 2 1 2

« Tema Anterior | Próximo Tema »
Herramientas

Reglas del foro
No puedes crear nuevos temas
No puedes responder temas
No puedes subir adjuntos
No puedes editar tus mensajes
BB code is activado
Las caritas están activado
Código [IMG] está activado
Código HTML está desactivado
Trackbacks are desactivado
Pingbacks are activado
Refbacks are activado

Temas Similares
Tema Autor Foro Respuestas Último mensaje
problemas con los iconos (Solucionado) ivanabaslut Foro de Windows 14 22/01/08 19:39:04
Error al iniciarse Windows "svchost.exe" Aeet Temas Solucionados 10 12/11/07 17:05:17
Problema con el sonido! Efect_Danielon Foro de Hardware 1 03/03/07 16:57:10
Problemas con mis driver de sonido (Informe Everest) (Solucionado) ponchocc Ayuda General 2 13/12/06 00:11:23
Tengo problemas con el MSN.... maquina Foro Oficial de HijackThis en español 9 26/11/06 12:23:13




Todas las horas son GMT -4. La hora es 20:35:53.

Sobre Infospyware - Contáctanos - Políticas del Foro - Staff - Archivo - Blog  

Powered by: InfoSpyware, Versión 3.8.4
Copyright © 2004 - 2009, ForoSpyware.com
© Copyright 2005 - 2009 InfoSpyware ® Todos los derechos reservados.
InfoSpyware es miembro de ASAP - Alliance of Security Analysis Professionals

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31