• Registrarse
  • Iniciar sesión


  • Resultados 1 al 7 de 7

    Problemas con WINLOGON

    Hola soy nuevo en este foro, y la verdad quisiera pedir asistencia tecnica, tengo una PC que me estan dando lata con un sistema llamado WINLOGON.EXE entiendo que es un archivo de sistema, pero este ...

    1. #1
      Usuario Avatar de f4to
      Registrado
      nov 2012
      Ubicación
      Ciudad de Mexico
      Mensajes
      5

      Problemas con WINLOGON

      Hola soy nuevo en este foro, y la verdad quisiera pedir asistencia tecnica, tengo una PC que me estan dando lata con un sistema llamado WINLOGON.EXE entiendo que es un archivo de sistema, pero este virus, no me deja hacer practicamente nada, he leido sus respuestas sobre el tema, pero no siquiera me deja instalar nada, ya que todo lo que sea relacionado con Antivirus, o cualquier tipo de limpieza como el CCleaner, o me cierra la ventana o me dice que no puedo instalar nada, tambien lo hace al momento en que busco en internet antivirus o informacion sobre el, no quiero reinstalar Widnows XP que es la version que tengo, pero ya intente de todo y nada.

      Espero me puedan ayudar.

      La manera en que se contagio la PC fue por medio de una USB, este virus lo que hace es poner toda tu informacion como accesos directos en la USB.

      Saludos, Muchas Gracias

    2. #2
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: Problemas con WINLOGON

      Hola f4to

      al Foro.

      Consejos para antes de publicar un nuevo mensaje

      Políticas del Foro de InfoSpyware

      Políticas Foro Oficial de HijackThis en español
      --------------------------------------------------



      Si no puedes realizar los pasos en Modo Normal Inicia tu ordenador en Modo Seguro con funciones de Red e intenta lo siguiente:



      Paso 1.- Descargas el siguiente archivo :

      • iExplorer.exe a tu escritorio.
      • Doble click para ejecutarlo.
      • Al finalizar te dará un reporte, que pegaras en tu próxima respuesta.


      Paso 2.: Sin reiniciar: <<<< esto es muy importante:

      Descargue UsbFix



      *Nota* Para ejecutar UsbFix.exe, siga estos pasos:

      • Haga doble Click sobre USBFix
      • Seguido teclee la opción Supresión
      • Aparecerá una advertencia para que conecte sus Usb) (Dispositivos extraibles, Pendrive\Micro SD, etc.), pulse en Aceptar
      • Durante el análisis el escritorio puede desaparecer, esto es normal, si USBFix le pide reiniciar el sistema acepte y reinicie su equipo.
      • USBFix, genera un reporte, el cual se encuentra generalmente en C:\USBFix.txt

      Nota: UsbFix creará una carpeta oculta llamada "$RECYCLE.BIN" "autorun.inf" en cada partición y cada unidad USB que se encuentre conectado al momento de ejecutar este. No elimine esta carpeta ... eso le ayudará a proteger sus dispositivos USB de futuras infecciones.

      Paso 2.- - Descarga la herramienta ComboFix.exe y guárdala en el escritorio.
      • Si te pide actualizar "Aceptas".
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.


      Nota Importante: Luego del primer reinicio que realiza el programa Combofix, realiza un reinicio mas.

      Esperamos los reportes.



      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de f4to
      Registrado
      nov 2012
      Ubicación
      Ciudad de Mexico
      Mensajes
      5

      Re: Problemas con WINLOGON

      Hola Gracias por Responder Efectivamente realize los pasos como me hiciste favor de indicarme aqui los resultados, sin embargo sigo teniendo el mismo problema, no me deja instalar antivirus, no me deba abrir el CCleaner, no me deja abrir el CMD, si lo busco en internet me cierra las ventanas. alguna otra opcion?? Muchas Gracias

      aqui los reportes

    4. #4
      Usuario Avatar de f4to
      Registrado
      nov 2012
      Ubicación
      Ciudad de Mexico
      Mensajes
      5

      Re: Problemas con WINLOGON

      RKILL.TXT

      Rkill 2.4.5 by Lawrence Abrams (Grinler)
      Bleeping Computer - Technical Support and Computer Help
      Copyright 2008-2012 BleepingComputer.com
      More Information about Rkill can be found at this link:
      RKill - What it does and What it Doesn&#39;t - A brief introduction to the program

      Program started at: 11/13/2012 02:58:34 PM in x86 mode.
      Windows Version: Microsoft Windows XP Service Pack 3

      Checking for Windows services to stop:

      * No malware services found to stop.

      Checking for processes to terminate:

      * C:\Documents and Settings\Personal\C616E6F637275605\winlogon.exe (PID: 1280) [SFI]
      * C:\Documents and Settings\Personal\C616E6F637275605\winlogon.exe (PID: 1280) [UP-HEUR]

      2 proccesses terminated!

      Checking Registry for malware related settings:

      * System Policy Removed: DisableCMD [HKCU]
      * System Policy Removed: DisableRegistryTools [HKCU]
      * System Policy Removed: DisableTaskMgr [HKCU]
      * Explorer Policy Removed: NoRun [HKCU]
      * _avp32.exe debugger. [IFEO Debugger Deleted]
      * _avpcc.exe debugger. [IFEO Debugger Deleted]
      * _avpm.exe debugger. [IFEO Debugger Deleted]
      * ackwin32.exe debugger. [IFEO Debugger Deleted]
      * advxdwin.exe debugger. [IFEO Debugger Deleted]
      * agentsvr.exe debugger. [IFEO Debugger Deleted]
      * agentw.exe debugger. [IFEO Debugger Deleted]
      * alertsvc.exe debugger. [IFEO Debugger Deleted]
      * alogserv.exe debugger. [IFEO Debugger Deleted]
      * amon9x.exe debugger. [IFEO Debugger Deleted]
      * anti-trojan.exe debugger. [IFEO Debugger Deleted]
      * antivirus.exe debugger. [IFEO Debugger Deleted]
      * ants.exe debugger. [IFEO Debugger Deleted]
      * apimonitor.exe debugger. [IFEO Debugger Deleted]
      * aplica32.exe debugger. [IFEO Debugger Deleted]
      * apvxdwin.exe debugger. [IFEO Debugger Deleted]
      * ashWebSv.exe debugger. [IFEO Debugger Deleted]
      * atcon.exe debugger. [IFEO Debugger Deleted]
      * atguard.exe debugger. [IFEO Debugger Deleted]
      * atro55en.exe debugger. [IFEO Debugger Deleted]
      * atupdater.exe debugger. [IFEO Debugger Deleted]
      * atwatch.exe debugger. [IFEO Debugger Deleted]
      * aupdate.exe debugger. [IFEO Debugger Deleted]
      * autodown.exe debugger. [IFEO Debugger Deleted]
      * autotrace.exe debugger. [IFEO Debugger Deleted]
      * autoupdate.exe debugger. [IFEO Debugger Deleted]
      * avcenter.exe debugger. [IFEO Debugger Deleted]
      * avconfig.exe debugger. [IFEO Debugger Deleted]
      * avconsol.exe debugger. [IFEO Debugger Deleted]
      * ave32.exe debugger. [IFEO Debugger Deleted]
      * avgcc32.exe debugger. [IFEO Debugger Deleted]
      * avgctrl.exe debugger. [IFEO Debugger Deleted]
      * avgemc.exe debugger. [IFEO Debugger Deleted]
      * avgnt.exe debugger. [IFEO Debugger Deleted]
      * avgserv.exe debugger. [IFEO Debugger Deleted]
      * avgserv9.exe debugger. [IFEO Debugger Deleted]
      * avguard.exe debugger. [IFEO Debugger Deleted]
      * avgw.exe debugger. [IFEO Debugger Deleted]
      * avkpop.exe debugger. [IFEO Debugger Deleted]
      * avkserv.exe debugger. [IFEO Debugger Deleted]
      * avkservice.exe debugger. [IFEO Debugger Deleted]
      * avkwctl9.exe debugger. [IFEO Debugger Deleted]
      * avnotify.exe debugger. [IFEO Debugger Deleted]
      * avnt.exe debugger. [IFEO Debugger Deleted]
      * avp32.exe debugger. [IFEO Debugger Deleted]
      * avpcc.exe debugger. [IFEO Debugger Deleted]
      * avpdos32.exe debugger. [IFEO Debugger Deleted]
      * avpm.exe debugger. [IFEO Debugger Deleted]
      * avptc32.exe debugger. [IFEO Debugger Deleted]
      * avpupd.exe debugger. [IFEO Debugger Deleted]
      * avsched32.exe debugger. [IFEO Debugger Deleted]
      * avshadow.exe debugger. [IFEO Debugger Deleted]
      * avsynmgr.exe debugger. [IFEO Debugger Deleted]
      * avupgsvc.exe debugger. [IFEO Debugger Deleted]
      * avwin95.exe debugger. [IFEO Debugger Deleted]
      * avwinnt.exe debugger. [IFEO Debugger Deleted]
      * avwsc.exe debugger. [IFEO Debugger Deleted]
      * avwupd32.exe debugger. [IFEO Debugger Deleted]
      * avxmonitor9x.exe debugger. [IFEO Debugger Deleted]
      * avxmonitornt.exe debugger. [IFEO Debugger Deleted]
      * avxquar.exe debugger. [IFEO Debugger Deleted]
      * bd_professional.exe debugger. [IFEO Debugger Deleted]
      * bidef.exe debugger. [IFEO Debugger Deleted]
      * bidserver.exe debugger. [IFEO Debugger Deleted]
      * bipcp.exe debugger. [IFEO Debugger Deleted]
      * bipcpevalsetup.exe debugger. [IFEO Debugger Deleted]
      * bisp.exe debugger. [IFEO Debugger Deleted]
      * blackd.exe debugger. [IFEO Debugger Deleted]
      * blackice.exe debugger. [IFEO Debugger Deleted]
      * bootwarn.exe debugger. [IFEO Debugger Deleted]
      * borg2.exe debugger. [IFEO Debugger Deleted]
      * bs120.exe debugger. [IFEO Debugger Deleted]
      * ccapp.exe debugger. [IFEO Debugger Deleted]
      * ccevtmgr.exe debugger. [IFEO Debugger Deleted]
      * ccpxysvc.exe debugger. [IFEO Debugger Deleted]
      * cdp.exe debugger. [IFEO Debugger Deleted]
      * cfgwiz.exe debugger. [IFEO Debugger Deleted]
      * cfiadmin.exe debugger. [IFEO Debugger Deleted]
      * cfiaudit.exe debugger. [IFEO Debugger Deleted]
      * cfinet.exe debugger. [IFEO Debugger Deleted]
      * cfinet32.exe debugger. [IFEO Debugger Deleted]
      * claw95.exe debugger. [IFEO Debugger Deleted]
      * claw95cf.exe debugger. [IFEO Debugger Deleted]
      * clean.exe debugger. [IFEO Debugger Deleted]
      * cleaner.exe debugger. [IFEO Debugger Deleted]
      * cleaner3.exe debugger. [IFEO Debugger Deleted]
      * cleanpc.exe debugger. [IFEO Debugger Deleted]
      * cmgrdian.exe debugger. [IFEO Debugger Deleted]
      * cmon016.exe debugger. [IFEO Debugger Deleted]
      * combofix.exe debugger. [IFEO Debugger Deleted]
      * connectionmonitor.exe debugger. [IFEO Debugger Deleted]
      * cpd.exe debugger. [IFEO Debugger Deleted]
      * cpf9x206.exe debugger. [IFEO Debugger Deleted]
      * cpfnt206.exe debugger. [IFEO Debugger Deleted]
      * ctrl.exe debugger. [IFEO Debugger Deleted]
      * cv.exe debugger. [IFEO Debugger Deleted]
      * cwnb181.exe debugger. [IFEO Debugger Deleted]
      * cwntdwmo.exe debugger. [IFEO Debugger Deleted]
      * defalert.exe debugger. [IFEO Debugger Deleted]
      * defscangui.exe debugger. [IFEO Debugger Deleted]
      * defwatch.exe debugger. [IFEO Debugger Deleted]
      * deputy.exe debugger. [IFEO Debugger Deleted]
      * doors.exe debugger. [IFEO Debugger Deleted]
      * dpf.exe debugger. [IFEO Debugger Deleted]
      * drwatson.exe debugger. [IFEO Debugger Deleted]
      * drweb32.exe debugger. [IFEO Debugger Deleted]
      * dvp95.exe debugger. [IFEO Debugger Deleted]
      * dvp95_0.exe debugger. [IFEO Debugger Deleted]
      * ecengine.exe debugger. [IFEO Debugger Deleted]
      * efpeadm.exe debugger. [IFEO Debugger Deleted]
      * ent.exe debugger. [IFEO Debugger Deleted]
      * esafe.exe debugger. [IFEO Debugger Deleted]
      * escanhnt.exe debugger. [IFEO Debugger Deleted]
      * escanv95.exe debugger. [IFEO Debugger Deleted]
      * espwatch.exe debugger. [IFEO Debugger Deleted]
      * etrustcipe.exe debugger. [IFEO Debugger Deleted]
      * evpn.exe debugger. [IFEO Debugger Deleted]
      * exantivirus-cnet.exe debugger. [IFEO Debugger Deleted]
      * expert.exe debugger. [IFEO Debugger Deleted]
      * fact.exe debugger. [IFEO Debugger Deleted]
      * f-agnt95.exe debugger. [IFEO Debugger Deleted]
      * fameh32.exe debugger. [IFEO Debugger Deleted]
      * fast.exe debugger. [IFEO Debugger Deleted]
      * fch32.exe debugger. [IFEO Debugger Deleted]
      * fih32.exe debugger. [IFEO Debugger Deleted]
      * findviru.exe debugger. [IFEO Debugger Deleted]
      * firewall.exe debugger. [IFEO Debugger Deleted]
      * fnrb32.exe debugger. [IFEO Debugger Deleted]
      * fprot.exe debugger. [IFEO Debugger Deleted]
      * f-prot.exe debugger. [IFEO Debugger Deleted]
      * f-prot95.exe debugger. [IFEO Debugger Deleted]
      * fp-win.exe debugger. [IFEO Debugger Deleted]
      * fp-win_trial.exe debugger. [IFEO Debugger Deleted]
      * frw.exe debugger. [IFEO Debugger Deleted]
      * fsaa.exe debugger. [IFEO Debugger Deleted]
      * fsav.exe debugger. [IFEO Debugger Deleted]
      * fsav32.exe debugger. [IFEO Debugger Deleted]
      * fsav530stbyb.exe debugger. [IFEO Debugger Deleted]
      * fsav530wtbyb.exe debugger. [IFEO Debugger Deleted]
      * fsav95.exe debugger. [IFEO Debugger Deleted]
      * fsgk32.exe debugger. [IFEO Debugger Deleted]
      * fsm32.exe debugger. [IFEO Debugger Deleted]
      * fsma32.exe debugger. [IFEO Debugger Deleted]
      * fsmb32.exe debugger. [IFEO Debugger Deleted]
      * f-stopw.exe debugger. [IFEO Debugger Deleted]
      * gbmenu.exe debugger. [IFEO Debugger Deleted]
      * gbpoll.exe debugger. [IFEO Debugger Deleted]
      * generics.exe debugger. [IFEO Debugger Deleted]
      * guard.exe debugger. [IFEO Debugger Deleted]
      * guarddog.exe debugger. [IFEO Debugger Deleted]
      * guardgui.exe debugger. [IFEO Debugger Deleted]
      * hacktracersetup.exe debugger. [IFEO Debugger Deleted]
      * htlog.exe debugger. [IFEO Debugger Deleted]
      * hwpe.exe debugger. [IFEO Debugger Deleted]
      * iamapp.exe debugger. [IFEO Debugger Deleted]
      * iamserv.exe debugger. [IFEO Debugger Deleted]
      * iamstats.exe debugger. [IFEO Debugger Deleted]
      * ibmasn.exe debugger. [IFEO Debugger Deleted]
      * ibmavsp.exe debugger. [IFEO Debugger Deleted]
      * icload95.exe debugger. [IFEO Debugger Deleted]
      * icloadnt.exe debugger. [IFEO Debugger Deleted]
      * icmon.exe debugger. [IFEO Debugger Deleted]
      * icsupp95.exe debugger. [IFEO Debugger Deleted]
      * icsuppnt.exe debugger. [IFEO Debugger Deleted]
      * iface.exe debugger. [IFEO Debugger Deleted]
      * ifw2000.exe debugger. [IFEO Debugger Deleted]
      * iomon98.exe debugger. [IFEO Debugger Deleted]
      * jammer.exe debugger. [IFEO Debugger Deleted]
      * jedi.exe debugger. [IFEO Debugger Deleted]
      * kavlite40eng.exe debugger. [IFEO Debugger Deleted]
      * kavpers40eng.exe debugger. [IFEO Debugger Deleted]
      * kerio-pf-213-en-win.exe debugger. [IFEO Debugger Deleted]
      * kerio-wrl-421-en-win.exe debugger. [IFEO Debugger Deleted]
      * kerio-wrp-421-en-win.exe debugger. [IFEO Debugger Deleted]
      * killprocesssetup161.exe debugger. [IFEO Debugger Deleted]
      * ldnetmon.exe debugger. [IFEO Debugger Deleted]
      * ldpro.exe debugger. [IFEO Debugger Deleted]
      * ldpromenu.exe debugger. [IFEO Debugger Deleted]
      * ldscan.exe debugger. [IFEO Debugger Deleted]
      * licmgr.exe debugger. [IFEO Debugger Deleted]
      * localnet.exe debugger. [IFEO Debugger Deleted]
      * lockdown.exe debugger. [IFEO Debugger Deleted]
      * lockdown2000.exe debugger. [IFEO Debugger Deleted]
      * lookout.exe debugger. [IFEO Debugger Deleted]
      * lsetup.exe debugger. [IFEO Debugger Deleted]
      * luall.exe debugger. [IFEO Debugger Deleted]
      * luau.exe debugger. [IFEO Debugger Deleted]
      * lucomserver.exe debugger. [IFEO Debugger Deleted]
      * luinit.exe debugger. [IFEO Debugger Deleted]
      * luspt.exe debugger. [IFEO Debugger Deleted]
      * mbam.exe debugger. [IFEO Debugger Deleted]
      * mbamgui.exe debugger. [IFEO Debugger Deleted]
      * mbamservice.exe debugger. [IFEO Debugger Deleted]
      * mcagent.exe debugger. [IFEO Debugger Deleted]
      * mcmnhdlr.exe debugger. [IFEO Debugger Deleted]
      * mcshield.exe debugger. [IFEO Debugger Deleted]
      * mctool.exe debugger. [IFEO Debugger Deleted]
      * mcupdate.exe debugger. [IFEO Debugger Deleted]
      * mcvsrte.exe debugger. [IFEO Debugger Deleted]
      * mcvsshld.exe debugger. [IFEO Debugger Deleted]
      * mfw2en.exe debugger. [IFEO Debugger Deleted]
      * mfweng3.02d30.exe debugger. [IFEO Debugger Deleted]
      * mgavrtcl.exe debugger. [IFEO Debugger Deleted]
      * mgavrte.exe debugger. [IFEO Debugger Deleted]
      * mghtml.exe debugger. [IFEO Debugger Deleted]
      * mgui.exe debugger. [IFEO Debugger Deleted]
      * minilog.exe debugger. [IFEO Debugger Deleted]
      * monitor.exe debugger. [IFEO Debugger Deleted]
      * moolive.exe debugger. [IFEO Debugger Deleted]
      * mpfagent.exe debugger. [IFEO Debugger Deleted]
      * mpfservice.exe debugger. [IFEO Debugger Deleted]
      * mpftray.exe debugger. [IFEO Debugger Deleted]
      * mrflux.exe debugger. [IFEO Debugger Deleted]
      * MSASCui.exe debugger. [IFEO Debugger Deleted]
      * msblast.exe debugger. [IFEO Debugger Deleted]
      * mssmmc32.exe debugger. [IFEO Debugger Deleted]
      * mu0311ad.exe debugger. [IFEO Debugger Deleted]
      * mwatch.exe debugger. [IFEO Debugger Deleted]
      * n32scanw.exe debugger. [IFEO Debugger Deleted]
      * navapsvc.exe debugger. [IFEO Debugger Deleted]
      * navapw32.exe debugger. [IFEO Debugger Deleted]
      * navdx.exe debugger. [IFEO Debugger Deleted]
      * navlu32.exe debugger. [IFEO Debugger Deleted]
      * navnt.exe debugger. [IFEO Debugger Deleted]
      * navstub.exe debugger. [IFEO Debugger Deleted]
      * navw32.exe debugger. [IFEO Debugger Deleted]
      * navwnt.exe debugger. [IFEO Debugger Deleted]
      * nc2000.exe debugger. [IFEO Debugger Deleted]
      * ncinst4.exe debugger. [IFEO Debugger Deleted]
      * ndd32.exe debugger. [IFEO Debugger Deleted]
      * neomonitor.exe debugger. [IFEO Debugger Deleted]
      * neowatchlog.exe debugger. [IFEO Debugger Deleted]
      * netarmor.exe debugger. [IFEO Debugger Deleted]
      * netinfo.exe debugger. [IFEO Debugger Deleted]
      * netmon.exe debugger. [IFEO Debugger Deleted]
      * netscanpro.exe debugger. [IFEO Debugger Deleted]
      * netspyhunter-1.2.exe debugger. [IFEO Debugger Deleted]
      * netutils.exe debugger. [IFEO Debugger Deleted]
      * nisserv.exe debugger. [IFEO Debugger Deleted]
      * nisum.exe debugger. [IFEO Debugger Deleted]
      * nmain.exe debugger. [IFEO Debugger Deleted]
      * nod32.exe debugger. [IFEO Debugger Deleted]
      * normist.exe debugger. [IFEO Debugger Deleted]
      * norton_internet_secu_3.0_407.exe debugger. [IFEO Debugger Deleted]
      * notstart.exe debugger. [IFEO Debugger Deleted]
      * npf40_tw_98_nt_me_2k.exe debugger. [IFEO Debugger Deleted]
      * npfmessenger.exe debugger. [IFEO Debugger Deleted]
      * nprotect.exe debugger. [IFEO Debugger Deleted]
      * npscheck.exe debugger. [IFEO Debugger Deleted]
      * npssvc.exe debugger. [IFEO Debugger Deleted]
      * nsched32.exe debugger. [IFEO Debugger Deleted]
      * ntrtscan.exe debugger. [IFEO Debugger Deleted]
      * ntxconfig.exe debugger. [IFEO Debugger Deleted]
      * nui.exe debugger. [IFEO Debugger Deleted]
      * nupgrade.exe debugger. [IFEO Debugger Deleted]
      * nvarch16.exe debugger. [IFEO Debugger Deleted]
      * nvc95.exe debugger. [IFEO Debugger Deleted]
      * nvsvc32.exe debugger. [IFEO Debugger Deleted]
      * nwinst4.exe debugger. [IFEO Debugger Deleted]
      * nwservice.exe debugger. [IFEO Debugger Deleted]
      * nwtool16.exe debugger. [IFEO Debugger Deleted]
      * ostronet.exe debugger. [IFEO Debugger Deleted]
      * outpost.exe debugger. [IFEO Debugger Deleted]
      * outpostinstall.exe debugger. [IFEO Debugger Deleted]
      * outpostproinstall.exe debugger. [IFEO Debugger Deleted]
      * padmin.exe debugger. [IFEO Debugger Deleted]
      * panixk.exe debugger. [IFEO Debugger Deleted]
      * pavcl.exe debugger. [IFEO Debugger Deleted]
      * pavproxy.exe debugger. [IFEO Debugger Deleted]
      * pavsched.exe debugger. [IFEO Debugger Deleted]
      * pavw.exe debugger. [IFEO Debugger Deleted]
      * pccwin98.exe debugger. [IFEO Debugger Deleted]
      * pcfwallicon.exe debugger. [IFEO Debugger Deleted]
      * pcip10117_0.exe debugger. [IFEO Debugger Deleted]
      * pcscan.exe debugger. [IFEO Debugger Deleted]
      * periscope.exe debugger. [IFEO Debugger Deleted]
      * persfw.exe debugger. [IFEO Debugger Deleted]
      * perswf.exe debugger. [IFEO Debugger Deleted]
      * pf2.exe debugger. [IFEO Debugger Deleted]
      * pfwadmin.exe debugger. [IFEO Debugger Deleted]
      * pingscan.exe debugger. [IFEO Debugger Deleted]
      * platin.exe debugger. [IFEO Debugger Deleted]
      * pop3trap.exe debugger. [IFEO Debugger Deleted]
      * poproxy.exe debugger. [IFEO Debugger Deleted]
      * popscan.exe debugger. [IFEO Debugger Deleted]
      * portdetective.exe debugger. [IFEO Debugger Deleted]
      * portmonitor.exe debugger. [IFEO Debugger Deleted]
      * ppinupdt.exe debugger. [IFEO Debugger Deleted]
      * pptbc.exe debugger. [IFEO Debugger Deleted]
      * ppvstop.exe debugger. [IFEO Debugger Deleted]
      * processmonitor.exe debugger. [IFEO Debugger Deleted]
      * procexplorerv1.0.exe debugger. [IFEO Debugger Deleted]
      * programauditor.exe debugger. [IFEO Debugger Deleted]
      * proport.exe debugger. [IFEO Debugger Deleted]
      * protectx.exe debugger. [IFEO Debugger Deleted]
      * pspf.exe debugger. [IFEO Debugger Deleted]
      * purge.exe debugger. [IFEO Debugger Deleted]
      * qconsole.exe debugger. [IFEO Debugger Deleted]
      * qserver.exe debugger. [IFEO Debugger Deleted]
      * rapapp.exe debugger. [IFEO Debugger Deleted]
      * rav7.exe debugger. [IFEO Debugger Deleted]
      * rav7win.exe debugger. [IFEO Debugger Deleted]
      * rav8win32eng.exe debugger. [IFEO Debugger Deleted]
      * realmon.exe debugger. [IFEO Debugger Deleted]
      * regedit.exe debugger. [IFEO Debugger Deleted]
      * regedt32.exe debugger. [IFEO Debugger Deleted]
      * rescue.exe debugger. [IFEO Debugger Deleted]
      * rescue32.exe debugger. [IFEO Debugger Deleted]
      * rrguard.exe debugger. [IFEO Debugger Deleted]
      * rshell.exe debugger. [IFEO Debugger Deleted]
      * rtvscn95.exe debugger. [IFEO Debugger Deleted]
      * rulaunch.exe debugger. [IFEO Debugger Deleted]
      * safari.exe debugger. [IFEO Debugger Deleted]
      * safeweb.exe debugger. [IFEO Debugger Deleted]
      * sbserv.exe debugger. [IFEO Debugger Deleted]
      * scan32.exe debugger. [IFEO Debugger Deleted]
      * scan95.exe debugger. [IFEO Debugger Deleted]
      * scanpm.exe debugger. [IFEO Debugger Deleted]
      * scrscan.exe debugger. [IFEO Debugger Deleted]
      * serv95.exe debugger. [IFEO Debugger Deleted]
      * setup_flowprotector_us.exe debugger. [IFEO Debugger Deleted]
      * setupvameeval.exe debugger. [IFEO Debugger Deleted]
      * sgssfw32.exe debugger. [IFEO Debugger Deleted]
      * sh.exe debugger. [IFEO Debugger Deleted]
      * shellspyinstall.exe debugger. [IFEO Debugger Deleted]
      * shn.exe debugger. [IFEO Debugger Deleted]
      * smc.exe debugger. [IFEO Debugger Deleted]
      * sofi.exe debugger. [IFEO Debugger Deleted]
      * spf.exe debugger. [IFEO Debugger Deleted]
      * sphinx.exe debugger. [IFEO Debugger Deleted]
      * spyxx.exe debugger. [IFEO Debugger Deleted]
      * ss3edit.exe debugger. [IFEO Debugger Deleted]
      * st2.exe debugger. [IFEO Debugger Deleted]
      * supftrl.exe debugger. [IFEO Debugger Deleted]
      * supporter5.exe debugger. [IFEO Debugger Deleted]
      * sweep95.exe debugger. [IFEO Debugger Deleted]
      * symproxysvc.exe debugger. [IFEO Debugger Deleted]
      * symtray.exe debugger. [IFEO Debugger Deleted]
      * taskmgr.exe debugger. [IFEO Debugger Deleted]
      * taumon.exe debugger. [IFEO Debugger Deleted]
      * tbscan.exe debugger. [IFEO Debugger Deleted]
      * tc.exe debugger. [IFEO Debugger Deleted]
      * tca.exe debugger. [IFEO Debugger Deleted]
      * tcm.exe debugger. [IFEO Debugger Deleted]
      * tds2-98.exe debugger. [IFEO Debugger Deleted]
      * tds2-nt.exe debugger. [IFEO Debugger Deleted]
      * tds-3.exe debugger. [IFEO Debugger Deleted]
      * tfak.exe debugger. [IFEO Debugger Deleted]
      * tfak5.exe debugger. [IFEO Debugger Deleted]
      * tgbob.exe debugger. [IFEO Debugger Deleted]
      * titanin.exe debugger. [IFEO Debugger Deleted]
      * titaninxp.exe debugger. [IFEO Debugger Deleted]
      * trjscan.exe debugger. [IFEO Debugger Deleted]
      * trjsetup.exe debugger. [IFEO Debugger Deleted]
      * trojantrap3.exe debugger. [IFEO Debugger Deleted]
      * undoboot.exe debugger. [IFEO Debugger Deleted]
      * vbcmserv.exe debugger. [IFEO Debugger Deleted]
      * vbcons.exe debugger. [IFEO Debugger Deleted]
      * vbust.exe debugger. [IFEO Debugger Deleted]
      * vbwin9x.exe debugger. [IFEO Debugger Deleted]
      * vbwinntw.exe debugger. [IFEO Debugger Deleted]
      * vcsetup.exe debugger. [IFEO Debugger Deleted]
      * vet32.exe debugger. [IFEO Debugger Deleted]
      * vet95.exe debugger. [IFEO Debugger Deleted]
      * vettray.exe debugger. [IFEO Debugger Deleted]
      * vfsetup.exe debugger. [IFEO Debugger Deleted]
      * vir-help.exe debugger. [IFEO Debugger Deleted]
      * virusmdpersonalfirewall.exe debugger. [IFEO Debugger Deleted]
      * vnlan300.exe debugger. [IFEO Debugger Deleted]
      * vnpc3000.exe debugger. [IFEO Debugger Deleted]
      * vpc32.exe debugger. [IFEO Debugger Deleted]
      * vpc42.exe debugger. [IFEO Debugger Deleted]
      * vpfw30s.exe debugger. [IFEO Debugger Deleted]
      * vptray.exe debugger. [IFEO Debugger Deleted]
      * vscan40.exe debugger. [IFEO Debugger Deleted]
      * vscenu6.02d30.exe debugger. [IFEO Debugger Deleted]
      * vsched.exe debugger. [IFEO Debugger Deleted]
      * vsecomr.exe debugger. [IFEO Debugger Deleted]
      * vshwin32.exe debugger. [IFEO Debugger Deleted]
      * vsisetup.exe debugger. [IFEO Debugger Deleted]
      * vsmain.exe debugger. [IFEO Debugger Deleted]
      * vsmon.exe debugger. [IFEO Debugger Deleted]
      * vsstat.exe debugger. [IFEO Debugger Deleted]
      * vswin9xe.exe debugger. [IFEO Debugger Deleted]
      * vswinntse.exe debugger. [IFEO Debugger Deleted]
      * vswinperse.exe debugger. [IFEO Debugger Deleted]
      * w32dsm89.exe debugger. [IFEO Debugger Deleted]
      * w9x.exe debugger. [IFEO Debugger Deleted]
      * watchdog.exe debugger. [IFEO Debugger Deleted]
      * webscanx.exe debugger. [IFEO Debugger Deleted]
      * webtrap.exe debugger. [IFEO Debugger Deleted]
      * wfindv32.exe debugger. [IFEO Debugger Deleted]
      * whoswatchingme.exe debugger. [IFEO Debugger Deleted]
      * wimmun32.exe debugger. [IFEO Debugger Deleted]
      * winppr32.exe debugger. [IFEO Debugger Deleted]
      * winrecon.exe debugger. [IFEO Debugger Deleted]
      * wnt.exe debugger. [IFEO Debugger Deleted]
      * wradmin.exe debugger. [IFEO Debugger Deleted]
      * wrctrl.exe debugger. [IFEO Debugger Deleted]
      * wsbgate.exe debugger. [IFEO Debugger Deleted]
      * wyvernworksfirewall.exe debugger. [IFEO Debugger Deleted]
      * xpf202en.exe debugger. [IFEO Debugger Deleted]
      * zapro.exe debugger. [IFEO Debugger Deleted]
      * zapsetup3001.exe debugger. [IFEO Debugger Deleted]
      * zatutor.exe debugger. [IFEO Debugger Deleted]
      * zonalm2601.exe debugger. [IFEO Debugger Deleted]
      * zonealarm.exe debugger. [IFEO Debugger Deleted]

      Backup Registry file created at:
      C:\Documents and Settings\Personal\Escritorio\rkill\rkill-11-13-2012-02-59-21.reg

      Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

      Performing miscellaneous checks:

      * System Restore Disabled

      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
      "DisableSR" = dword:00000001

      * Windows Firewall Disabled

      [HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
      "EnableFirewall" = dword:00000000

      Checking Windows Service Integrity:

      * Sistema de sucesos COM+ (EventSystem) is not Running.
      Startup Type set to: Manual

      * Servicio de restauración de sistema (srservice) is not Running.
      Startup Type set to: Automatic

      * Centro de seguridad (wscsvc) is not Running.
      Startup Type set to: Disabled

      * Actualizaciones automáticas (wuauserv) is not Running.
      Startup Type set to: Disabled

      * Controlador de filtro de Restaurar sistema (sr) is not Running.
      Startup Type set to: Disabled

      Searching for Missing Digital Signatures:

      * No issues found.

      Checking HOSTS File:

      * HOSTS file entries found:

      204.93.210.140 hotmail.com
      204.93.210.140 Sign In
      20.230.42.93 iniciorapido.info
      9.7.200.133 Iniciorapido.info
      11.121.183.253 buscalo.in
      162.248.178.198 buscalo.in - buscalo Resources and Information. This website is for sale!
      70.11.255.225 buscafacil.com
      59.44.156.8 buscafacil.com - buscafacil Resources and Information. This website is for sale!
      129.158.139.196 emsisoft.com
      212.29.134.142 ahnlab.com
      188.237.211.100 antivir.es
      177.13.112.207 antiy.net
      179.127.27.71 authentium.com
      74.66.91.17 avast.com
      238.18.167.231 avg.com
      227.51.69.82 bitdefender.com
      41.164.239.203 quickheal.com
      124.35.47.148 clamav.net
      33.55.123.174 comodo.com
      22.88.25.214 drweb.com

      20 out of 680 HOSTS entries shown.
      Please review HOSTS file for further entries.

      Program finished at: 11/13/2012 03:00:03 PM
      Execution time: 0 hours(s), 1 minute(s), and 29 seconds(s)

    5. #5
      Usuario Avatar de f4to
      Registrado
      nov 2012
      Ubicación
      Ciudad de Mexico
      Mensajes
      5

      Re: Problemas con WINLOGON

      USBFIX.TXT

      ############################## | UsbFix V 7.096 | [Supresión]

      Usuario: Personal (Administrador) # HOME
      Actualizado el 15/08/2012 por El Desaparecido
      Comenzó a 15:03:21 | 13/11/2012

      Sitio web: http://eldesaparecido.com
      Foro: SoSVirus &bull; Portail
      Archivo sospechoso ? : http://eldesaparecido.com/upload.php
      Contacto: [email protected]

      PC: TOSHIBA (Satellite A215) (X86-based PC) # Desktop Computer
      CPU: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 (1795)
      RAM -> [Total : 2430 | Free : 2103]
      BIOS: BIOS Version 1.00
      BOOT: Fail-safe with network boot

      OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
      WB: Windows Internet Explorer 8.0.6001.18702

      SC: Security Center Service [(!) Disabled]
      WU: Windows Update Service [(!) Disabled]
      FW: Windows FireWall Service [Enabled]

      C:\ (%systemdrive%) -> Disco fijo # 149 Gb (139 Mb libre(s) - 93%) [] # NTFS
      D:\ -> CD-ROM

      ################## | Procesos Activos |

      C:\WINDOWS\System32\smss.exe (560)
      C:\WINDOWS\system32\winlogon.exe (636)
      C:\WINDOWS\system32\services.exe (680)
      C:\WINDOWS\system32\lsass.exe (692)
      C:\WINDOWS\system32\svchost.exe (1008)
      C:\WINDOWS\system32\svchost.exe (1116)
      C:\WINDOWS\system32\WgaTray.exe (588)
      C:\WINDOWS\Explorer.EXE (700)
      C:\WINDOWS\system32\wbem\unsecapp.exe (1400)
      C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE (1256)
      C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE (1696)
      C:\UsbFix\Go.exe (1184)

      ################## | Procesos Parados |

      Parado! C:\WINDOWS\system32\WgaTray.exe (588)
      Parado! C:\WINDOWS\Explorer.EXE (700)
      Parado! C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE (1256)
      Parado! C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE (1696)

      ################## | Archivos # Carpetas infectadas |

      Suprimido ! C:\Documents and Settings\Personal\Datos de programa\minn.exe
      Suprimido ! C:\Recycler\S-1-5-21-1060284298-1788223648-1801674531-1003

      (!) Archivos temporales suprimido.

      ################## | Registro |

      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2servic.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acs.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ahnsd.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alerter.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antigen.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwcl9.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpexec.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpinst.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpmon.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpnt.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avrescue.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebloader.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxw.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\azonealarm.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuard.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\callmsi.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cclaw.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccshtdwn.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfind.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ChromeSetup.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamauto.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95ct.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpdclnt.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinject.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csinsm32.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\css1631.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Diskmon.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drvins32.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dumphive.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dv95_o.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\earthagent.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecls.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecmd.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\edi.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efinet32.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHttpSrv.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanh95.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ewido.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exit.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explored.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fa-setup.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Filemon.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallControlPanel.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FirewallSettings.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fix-it.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flowprotector.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot95.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsave32.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fslaunch.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fssm32.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwenc.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fwinstall.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GenericRenosFix.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gibe.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleToolbarInstaller_download_signed.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardhlp.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hidec.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HJTInstall.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HostsChk.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmoon.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icssuppnt.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEDFix.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iris.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isrv95.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jed.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav8.0.0.357es.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kis8.0.0.506latam.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpf.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcadmin.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcuimgr.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdll.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfeann.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsys32.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monsysnt.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monwow.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msinfo32.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msn.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspatch.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mxtask.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scan.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nai_vs_stat.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav32_loader.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav80try.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navauto-protect.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naveng.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navengnavex15.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navex15.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navrunr.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navsched.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nd98spst.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndntspst.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netcfg.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Netscape.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netstat.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntdetect.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupdate.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvapsvc.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvlaunch.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\offguard.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ogrc.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Opera_964_int_Setup.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pathping.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2002s902.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcc2k_76_1436.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccclient.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccguide.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcciomon.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccmain.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccntmon.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccpfw.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin97.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcdsetup.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscanpdsetup.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\penis32.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pev.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ping.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmon.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prckiller.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Process.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Procmon.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pview95.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regmon.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Restart.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\route.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\routemon.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieBITS.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieCrypto.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieDcomLaunch.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieRpcSs.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SandboxieWUAU.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SbieCtrl.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SbieSvc.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\schedapp.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scvhosl.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sd.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdclt.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sharedaccess.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmitfraudFix.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spider.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spysweeper.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SrchSTS.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srwatch.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepsrv.sys.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swnetsup.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swreg.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swsc.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\swxcacls.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysdoc32.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syshelp.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasklist.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmon.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tauscan.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcpsvs32.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tftpd.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmlisten.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmntsrv.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tracerpt.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tracert.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UCCLSID.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UI0Detect.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unzip.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\update.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VACFix.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vccmserv.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcleaner.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcontrol.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet98.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vmsrvc.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpcmap.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsscan40.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vvstat.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscan.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WerFault.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wgfe95.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wingate.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winhlpp32.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wink.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmgm32.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winroute.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservices.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winsfcm.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmias.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmiav.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2Fix.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wuauclt.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xscan.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutorzauinst.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zauinst.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlh.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalarm.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp.exe
      Suprimido ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_findviru.exe
      Suprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFolderOptions
      Suprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFolderOptions

      ################## | Mountpoints2 |


      ################## | Listing |

      [11/08/2012 - 16:05:05 | D ] C:\Archivos de programa
      [08/07/2011 - 15:17:01 | N | 0] C:\AUTOEXEC.BAT
      [09/07/2011 - 10:01:19 | N | 211] C:\boot.ini
      [24/08/2001 - 06:00:00 | N | 4952] C:\Bootfont.bin
      [23/08/2012 - 18:24:28 | D ] C:\Config.Msi
      [08/07/2011 - 15:17:01 | N | 0] C:\CONFIG.SYS
      [08/07/2011 - 15:33:18 | D ] C:\Documents and Settings
      [08/07/2011 - 18:59:53 | D ] C:\Hotkey.temp
      [08/07/2011 - 15:17:01 | N | 0] C:\IO.SYS
      [08/07/2011 - 15:17:01 | N | 0] C:\MSDOS.SYS
      [08/07/2011 - 16:07:34 | RHD ] C:\MSOCache
      [13/04/2008 - 14:13:04 | N | 47564] C:\NTDETECT.COM
      [13/04/2008 - 16:01:52 | N | 251168] C:\ntldr
      [08/07/2011 - 16:30:13 | D ] C:\Program Files
      [13/11/2012 - 15:04:21 | SHD ] C:\RECYCLER
      [08/07/2011 - 15:32:28 | SHD ] C:\System Volume Information
      [13/11/2012 - 15:04:21 | D ] C:\UsbFix
      [13/11/2012 - 15:06:38 | A | 26072] C:\UsbFix.txt
      [13/11/2012 - 14:57:36 | D ] C:\WINDOWS

      ################## | Vaccin |

      C:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)

      ################## | Upload |

      Por favor, envie el archivo: C:\UsbFix_Upload_Me_HOME.zip
      http://eldesaparecido.com/upload.php
      Gracias por su contribución.

      ################## | E.O.F |

    6. #6
      Usuario Avatar de f4to
      Registrado
      nov 2012
      Ubicación
      Ciudad de Mexico
      Mensajes
      5

      Re: Problemas con WINLOGON

      COMBOFIX.TXT

      ComboFix 12-11-13.02 - Personal 13/11/2012 15:13:53.1.2 - x86 NETWORK
      Microsoft Windows XP Professional 5.1.2600.3.1252.52.3082.18.2430.2011 [GMT -6:00]
      Running from: c:\documents and settings\Personal\Escritorio\ComboFix.exe
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\archivos de programa\TelevisionFanatic
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64auxstb.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64bar.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64barsvc.exe
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64brmon.exe
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64brstub.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64datact.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64dlghk.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64dyn.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64feedmg.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64highin.exe
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64hkstub.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64htmlmu.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64httpct.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64idle.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64ieovr.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64impipe.exe
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64medint.exe
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64mlbtn.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64msg.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64Plugin.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64radio.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64regfft.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64reghk.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64regiet.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64script.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64skin.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64sknlcr.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64skplay.exe
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64SrcAs.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64SrchMn.exe
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64tpinst.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\64uabtn.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\BOOTSTRAP.JS
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\CREXT.DLL
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\CrExtP64.exe
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\INSTALL.RDF
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\installKeys.js
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\LOGO.BMP
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\NP64Stub.dll
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\T8HTML.DLL
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\T8RES.DLL
      c:\archivos de programa\TelevisionFanatic\bar\1.bin\T8TICKER.DLL
      c:\archivos de programa\TelevisionFanatic\bar\Cache\0597C572
      c:\archivos de programa\TelevisionFanatic\bar\Cache\0597CB1F.bmp
      c:\archivos de programa\TelevisionFanatic\bar\Cache\0597CC0A.bmp
      c:\archivos de programa\TelevisionFanatic\bar\Cache\0597CC96.bmp
      c:\archivos de programa\TelevisionFanatic\bar\Cache\0597CD13.bmp
      c:\archivos de programa\TelevisionFanatic\bar\Cache\0597CDBF.bmp
      c:\archivos de programa\TelevisionFanatic\bar\Cache\0597CE8A.bmp
      c:\archivos de programa\TelevisionFanatic\bar\Cache\0597CF17.bmp
      c:\archivos de programa\TelevisionFanatic\bar\Cache\0597CF75.bmp
      c:\archivos de programa\TelevisionFanatic\bar\Cache\0597CFD2.bmp
      c:\archivos de programa\TelevisionFanatic\bar\Cache\0597D040.bmp
      c:\archivos de programa\TelevisionFanatic\bar\Cache\0597D0BD.bmp
      c:\archivos de programa\TelevisionFanatic\bar\Cache\0597D159.bmp
      c:\archivos de programa\TelevisionFanatic\bar\Cache\0597D253.bmp
      c:\archivos de programa\TelevisionFanatic\bar\Cache\0597DEC6.jhtml
      c:\archivos de programa\TelevisionFanatic\bar\Cache\05B3AC25.bmp
      c:\archivos de programa\TelevisionFanatic\bar\Cache\files.ini
      c:\archivos de programa\TelevisionFanatic\bar\gen1\COMMON.T8S
      c:\archivos de programa\TelevisionFanatic\bar\History\search3
      c:\archivos de programa\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON.T8S
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\8_step1.gif
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\anemone.js
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\bd_grad.gif
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\hpguard.js
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\hpguard1.htm
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\hpguard2.htm
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\hpp_ok.png
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\hpp_x.png
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\hpp_x2.png
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\index.htm
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\mid_dots.gif
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\mws_logo.gif
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\protect.htm
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\rebut4b.htm
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\shield.png
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\stop.gif
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\systrayp.htm
      c:\archivos de programa\TelevisionFanatic\bar\Message\COMMON\tp_grad.gif
      c:\archivos de programa\TelevisionFanatic\bar\Settings\prevcfg2.htm
      c:\archivos de programa\TelevisionFanatic\bar\Settings\s_pid.dat
      c:\archivos de programa\TelevisionFanatic\bar\Settings\s_w1.dat
      c:\archivos de programa\TelevisionFanatic\bar\Settings\s_w1.dat.bak
      c:\archivos de programa\TelevisionFanatic\bar\Settings\s_w2.dat
      c:\archivos de programa\TelevisionFanatic\bar\Settings\setting3.htm
      c:\archivos de programa\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties100016728.html
      c:\archivos de programa\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties100016730.html
      c:\archivos de programa\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties100065028.html
      c:\archivos de programa\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties208911428.html
      c:\archivos de programa\TelevisionFanatic\TelevisionFanatic\Cache\Radio.html
      c:\archivos de programa\TelevisionFanatic\TelevisionFanatic\Cache\VideosAffinityBtn.html
      c:\documents and settings\Personal\C616E6F637275605\winlogon.exe
      c:\windows\MGADiag.exe
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      -------\Legacy_TELEVISIONFANATICSERVICE
      -------\Service_TelevisionFanaticService
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 )))))))))))))))))))))))))))))))
      .
      .
      2012-11-13 21:02 . 2012-11-13 21:07 -------- d-----w- C:\UsbFix
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "EnableLUA"= 0 (0x0)
      .
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "DisableRegistryTools"= 1 (0x1)
      "DisableTaskMgr"= 1 (0x1)
      .
      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoAutoUpdate"= 1 (0x1)
      "NoRun"= 1 (0x1)
      "NoFile"= 1 (0x1)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2servic.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ackwin32.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\acs.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\advxdwin.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agentsvr.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\agentw.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ahnsd.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alerter.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alertsvc.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alogserv.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\amon.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\amon9x.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\anti-trojan.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antigen.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antivirus.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ants.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apimonitor.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aplica32.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apvxdwin.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashWebSv.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atcon.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atguard.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atro55en.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atupdater.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\atwatch.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aupdate.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autodown.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autotrace.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoupdate.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcenter.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avconfig.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avconsol.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ave32.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcc32.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgctrl.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgemc.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgnt.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv9.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avguard.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgw.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkpop.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkserv.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkservice.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkwcl9.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkwctl9.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avnotify.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avnt.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp32.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpcc.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpdos32.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpexec.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpinst.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpm.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpmon.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpnt.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avptc32.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpupd.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avrescue.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avscan.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avsched32.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avshadow.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avsynmgr.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avupgsvc.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwebloader.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwin95.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwinnt.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwsc.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avwupd32.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxmonitor9x.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxmonitornt.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxquar.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avxw.exe]
      "Debugger"="c:\documents and settings\Personal\C616E6F637275605\winlogon.exe"
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
      .
      SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
      @="Driver Group"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
      @="Driver"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
      @="DiskDrive"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
      @="Hdc"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
      @="Keyboard"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
      @="Mouse"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
      @="System"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
      @="Volume"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "ose"=3 (0x3)
      "odserv"=3 (0x3)
      "JavaQuickStarterService"=2 (0x2)
      "TOSHIBA Bluetooth Service"=2 (0x2)
      "AgereModemAudio"=2 (0x2)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiSpyWareDisableNotify"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
      "AntiVirusDisableNotify"=dword:00000001
      "FirewallDisableNotify"=dword:00000001
      "UpdatesDisableNotify"=dword:00000001
      "UacDisableNotify"=dword:00000001
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "DisableNotifications"= 1 (0x1)
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\Archivos de programa\\Epson Software\\Event Manager\\EEventManager.exe"=
      "c:\\Archivos de programa\\Archivos comunes\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
      "c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
      "c:\\Archivos de programa\\Archivos comunes\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
      "c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
      "c:\\Archivos de programa\\iTunes\\iTunes.exe"=
      "c:\\Documents and Settings\\Personal\\C616E6F637275605\\winlogon.exe"=
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "5353:TCP"= 5353:TCP:Adobe CSI CS4
      .
      S2 GamingWonderlandService;GamingWonderlandService;c:\archiv~1\GAMING~2\bar\1.bin\gtbarsvc.exe [17/07/2012 12:35 p.m. 42504]
      .
      Contents of the 'Scheduled Tasks' folder
      .
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = hxxp://jecc5v409f9ijgd.directorio-w.com
      uStart Page = hxxp://lnc0xwv94560802.directorio-w.com
      uDefault_Search_URL = hxxp://8qx5tn00dfo5v73.directorio-w.com
      mLocal Page = hxxp://v06zm1lnd1yulg1.directorio-w.com
      mStart Page = hxxp://95bbj7nn25k0a0v.directorio-w.com
      uInternet Settings,ProxyOverride = *.local
      TCP: DhcpNameServer = 192.168.1.254
      .
      - - - - ORPHANS REMOVED - - - -
      .
      HKCU-Run-AdobeBridge - (no file)
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
      Rootkit scan 2012-11-13 15:19
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'winlogon.exe'(940)
      c:\windows\system32\Ati2evxx.dll
      .
      - - - - - - - > 'winlogon.exe'(2060)
      c:\windows\system32\wininet.dll
      c:\archiv~1\GAMING~2\bar\1.bin\gthkstub.dll
      .
      - - - - - - - > 'explorer.exe'(2584)
      c:\windows\system32\WININET.dll
      c:\windows\system32\webcheck.dll
      c:\archiv~1\GAMING~2\bar\1.bin\gthkstub.dll
      c:\archiv~1\GAMING~2\bar\1.bin\gtbrstub.dll
      c:\windows\system32\mshtml.dll
      c:\windows\system32\msls31.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\windows\system32\Ati2evxx.exe
      c:\windows\system32\Ati2evxx.exe
      c:\archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\archivos de programa\Bonjour\mDNSResponder.exe
      c:\windows\system32\wscntfy.exe
      c:\windows\system32\WgaTray.exe
      c:\archivos de programa\Epson Software\Event Manager\EEventManager.exe
      c:\archivos de programa\Epson Software\FAX Utility\FUFAXSTM.exe
      c:\archivos de programa\iTunes\iTunesHelper.exe
      c:\archiv~1\GAMING~2\bar\1.bin\gtsrchmn.exe
      c:\archiv~1\GAMING~2\bar\1.bin\gtbrmon.exe
      c:\archivos de programa\iPod\bin\iPodService.exe
      c:\windows\system32\wbem\unsecapp.exe
      c:\archivos de programa\Internet Explorer\IEXPLORE.EXE
      c:\archivos de programa\Internet Explorer\IEXPLORE.EXE
      .
      **************************************************************************
      .
      Completion time: 2012-11-13 15:20:53 - machine was rebooted
      .
      Pre-Run: 148,816,576,512 bytes libres
      Post-Run: 150,010,589,184 bytes libres
      .
      WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      UnsupportedDebug="do not select this" /debug
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
      .
      - - End Of File - - B4F3F3ECD3050705B12C464565F986AD

    7. #7
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: Problemas con WINLOGON

      Hola:


      Realiza lo siguiente:






      Paso 1.-: Descarga instala y/o actualiza pero no ejecutes aún:




      Paso 2.-: Ejecutas en Modo Normal :

      Malwarebytes' Anti-Malware;

      • Realizas un Scan Completo.
      • Marcar la opción "Quitar lo Seleccionado".
      • Su Reporte se encuentra en la Pestaña Registro.


      Ccleaner.

      • Usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
      • Despues usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


      Paso 3.-: Realizas un escaneo completo con Eset Online de la siguiente manera:

      Descarga el ESET Online Scanner.
      1. Lo ejecutas y marcas las casillas de Eliminar las amenazas detectadas y analizar archivos.

      2. Haces clic en Configuración adicional y ahi marcas las casillas de Analizar en busca de aplicaciones potencialmente indeseables, Analizar en busca de aplicaciones potencialmente peligrosas y Activar la tecnoligía Anti-Stealth.

      3. Pulsas en Iniciar para que empiece a descargar la base firmas de virus y posteriormente empiece a analizar tu sistema.

      4. Cuando acabe haz clic en Finalizar y el reporte lo puedes localizar en C:\Archivos de programa\ESET\ESET Online Scanner\log


      En tu próximo post pegas los reportes de Malwarebytes, Online.



      Nos comentas como sigue el equipo.


      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.