ARCHIVO UNRARSCAN.DLL BORRADO

Foro referente al sistema operativo Windows XP
sevisur
Usuario linuxero
Usuario linuxero
Mensajes: 7
Registrado: 15 Nov 2011, 20:38
Agradecido : 2 veces
Contactar:

ARCHIVO UNRARSCAN.DLL BORRADO

Mensajepor sevisur » 15 Nov 2011, 20:44

Saludos a este nuevo foro que me incorporo.

Tengo un problema al abrir el PC , me sale un mensage de que falta archvio UNRARSCAN.DLL. Creo que me lo ha borrado un troyano que tenia mi pco.

He estado buscando pero no encuentro nada sobre este archivo. ¿¿ alguien puede echarme una mano??

Saludos a todos

Avatar de Usuario
Souto
Usuario Bill Gates
Usuario Bill Gates
Mensajes: 10665
Registrado: 25 Feb 2008, 10:21
Ubicación: Galicia
Agradecido : 6 veces
Agradecimiento recibido: 647 veces
Contactar:

Re: ARCHIVO UNRARSCAN.DLL BORRADO

Mensajepor Souto » 15 Nov 2011, 22:46

Hola, bienvenido

Descarga la herramienta HIJACKTHIS,
http://www.trendsecure.com/portal/en-US ... nstall.exe
instálala y ejecútala . Dale al botón "Do a system scan and save a logfile" , al final esto te mostrará un informe. Pega ese texto aquí en el foro


Saludos
Qui dove il mare luccica e tira forte il vento

sevisur
Usuario linuxero
Usuario linuxero
Mensajes: 7
Registrado: 15 Nov 2011, 20:38
Agradecido : 2 veces
Contactar:

Re: ARCHIVO UNRARSCAN.DLL BORRADO

Mensajepor sevisur » 16 Nov 2011, 16:21

Souto escribió:Hola, bienvenido

Descarga la herramienta HIJACKTHIS,
http://www.trendsecure.com/portal/en-US ... nstall.exe
instálala y ejecútala . Dale al botón "Do a system scan and save a logfile" , al final esto te mostrará un informe. Pega ese texto aquí en el foro


Saludos

antes de nada muchas gracias. Me sale muchisimas cosas, las pego

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE
C:\Program Files\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ham.asksearch.com/?cfg=2-396-0-...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ZumoCast] C:\Program Files\Zecter\ZumoCast\ZumoLauncher.lnk
O4 - HKCU\..\Run: [EPSON SX218 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE /FU "C:\WINDOWS\TEMP\E_S4A.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [YZ5CZHZY0D1F2IUX] C:\$Recycle$\B8DEA5BB930.exe /q (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: Inicio rápido de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Program Files\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ES_ES&c=64&bd=pavilion&pf=laptop
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3570261468
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www5.aeat.es/es13/h/cactivex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Servicio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servicio de Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 13193 bytes

Avatar de Usuario
Souto
Usuario Bill Gates
Usuario Bill Gates
Mensajes: 10665
Registrado: 25 Feb 2008, 10:21
Ubicación: Galicia
Agradecido : 6 veces
Agradecimiento recibido: 647 veces
Contactar:

Re: ARCHIVO UNRARSCAN.DLL BORRADO

Mensajepor Souto » 16 Nov 2011, 18:02

Esa librería que falta pertenece al Anti Trojan Elite
El programa aparece referenciado en el log que aportas

O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO

Simplemente desinstala ese programa ó si te tiene interés lo instalas de nuevo y el asunto debería solucionarse.


Saludos
Qui dove il mare luccica e tira forte il vento

sevisur
Usuario linuxero
Usuario linuxero
Mensajes: 7
Registrado: 15 Nov 2011, 20:38
Agradecido : 2 veces
Contactar:

Re: ARCHIVO UNRARSCAN.DLL BORRADO

Mensajepor sevisur » 16 Nov 2011, 18:10

Souto escribió:Esa librería que falta pertenece al Anti Trojan Elite
El programa aparece referenciado en el log que aportas

O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO

Simplemente desinstala ese programa ó si te tiene interés lo instalas de nuevo y el asunto debería solucionarse.


Saludos


pero tiene algo que ver con el archivo UNRARSCAN.LL que me falta ??

ese programa esta en la papelera del PC

Avatar de Usuario
Souto
Usuario Bill Gates
Usuario Bill Gates
Mensajes: 10665
Registrado: 25 Feb 2008, 10:21
Ubicación: Galicia
Agradecido : 6 veces
Agradecimiento recibido: 647 veces
Contactar:

Re: ARCHIVO UNRARSCAN.DLL BORRADO

Mensajepor Souto » 16 Nov 2011, 18:38

Veo que no me he explicado bien:
UNRARSCAN.LL es un componente de ese programa, el Anti Trojan Elite.
A pesar de que dices que está en la papelera, el programa no ha sido desinstalado correctamente porque aún está siendo llamado desde el Registro:

O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO

Puedes hacer culquiera de las cosas que ya te he dicho ó si vas a prescindir de este programa (un tanto sospechoso, por cierto) entonces puedes también resolverlo de este modo:
Ejecuta de nuevo HijackThis , pero pulsa sobre "Do a system scan only", marca la siguiente entrada del log y pulsa "Fix Checked" y una vez finalizado reinicia el equipo

O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO




Saludos
Qui dove il mare luccica e tira forte il vento

sevisur
Usuario linuxero
Usuario linuxero
Mensajes: 7
Registrado: 15 Nov 2011, 20:38
Agradecido : 2 veces
Contactar:

Re: ARCHIVO UNRARSCAN.DLL BORRADO

Mensajepor sevisur » 17 Nov 2011, 20:44

[quote="Souto"]Veo que no me he explicado bien:
UNRARSCAN.LL es un componente de ese programa, el Anti Trojan Elite.
A pesar de que dices que está en la papelera, el programa no ha sido desinstalado correctamente porque aún está siendo llamado desde el Registro:

O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO

Puedes hacer culquiera de las cosas que ya te he dicho ó si vas a prescindir de este programa (un tanto sospechoso, por cierto) entonces puedes también resolverlo de este modo:
Ejecuta de nuevo HijackThis , pero pulsa sobre "Do a system scan only", marca la siguiente entrada del log y pulsa "Fix Checked" y una vez finalizado reinicia el equipo

O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO

uffffffffffff.. que desesperacion.......... He realizado estos ultimos pasos que me has indicado, pero sigue saliendo lo mismo al abrir el pc:

Error al iniciar la aplicacion porque no se encontro UNRARSCAN.DLL La reinstalacion de la aplicacion puede solucionar el problema[/color]Saludos

Avatar de Usuario
Souto
Usuario Bill Gates
Usuario Bill Gates
Mensajes: 10665
Registrado: 25 Feb 2008, 10:21
Ubicación: Galicia
Agradecido : 6 veces
Agradecimiento recibido: 647 veces
Contactar:

Re: ARCHIVO UNRARSCAN.DLL BORRADO

Mensajepor Souto » 17 Nov 2011, 21:11

Déjalo esta noche realizando un análisis completo con Malwarebytes

http://www.infospyware.com/antispyware/ ... timalware/

al final del proceso mostrará un log con el resultado .

Pega su contenido en el foro.


Saludos
Qui dove il mare luccica e tira forte il vento

sevisur
Usuario linuxero
Usuario linuxero
Mensajes: 7
Registrado: 15 Nov 2011, 20:38
Agradecido : 2 veces
Contactar:

Re: ARCHIVO UNRARSCAN.DLL BORRADO

Mensajepor sevisur » 17 Nov 2011, 22:45

Souto escribió:Déjalo esta noche realizando un análisis completo con Malwarebytes

http://www.infospyware.com/antispyware/ ... timalware/

al final del proceso mostrará un log con el resultado .

Pega su contenido en el foro.


Saludos



joderrrrr................ ALUCINANTE

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versión de la Base de Datos: 8184

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/11/2011 22:43:34
mbam-log-2011-11-17 (22-43-33).txt

Tipos de Análisis: Análisis Completo (C:\|D:\|)
Objetos examinados: 317303
Tiempo transcurrido: 1 hora(s), 14 minuto(s), 20 segundo(s)

Procesos en Memoria Infectados: 0
Módulos de Memoria Infectados: 0
Claves del Registro Infectadas: 9
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 1
Carpetas Infectadas: 12
Archivos Infectados: 51

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos de Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E2402A0-5F99-4188-B30D-D8743996B340} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LuckyTender (Adware.LuckyTender) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Carpetas Infectadas:
c:\program files\luckytender (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\1.3.1 (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp help and support (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\images (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\lightscribe (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\my product name (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\SEDInst (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\Shared (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
c:\$recycle$ (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Archivos Infectados:
c:\PT.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
c:\documents and settings\administrator\archivos temporales de internet\Content.IE5\GQF2MT6Y\calc[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-820248312-883502657-1262772323-500\Dc59.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
c:\system volume information\_restore{5caac034-3e9f-4a8e-a3fe-99d20678a761}\RP799\A0107646.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{5caac034-3e9f-4a8e-a3fe-99d20678a761}\RP809\A0110899.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
c:\system volume information\_restore{5caac034-3e9f-4a8e-a3fe-99d20678a761}\RP809\A0110913.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
c:\program files\luckytender\uninst.exe (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp help and support\ahpregw.cab (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp help and support\hsc_search_uninstall.js (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp help and support\hsc_uninstall.js (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp help and support\modemcheck.dll (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp help and support\modemutil.dll (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp help and support\modem_uninstall.js (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp help and support\pchcabinstall.vbs (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp help and support\ScDmi.dll (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\hp wireless assistant.exe (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\hpqnt.dll (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\HPQWA.css (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\HPQWA.js (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\HPQWACom.dll (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\HPQWAVer.exe (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\HPQWA_UI.exe (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\hpwa.html (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\hpwa2.html (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\hpwa3.html (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\hpwaabout.html (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\hpwacontent.html (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\hpwaproperty.html (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\hp_wireless_assistant_help.chm (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\hp_wireless_assistant_on_state.gif (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\hp_wireless_assistant_over_state.gif (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\Wireless.exe (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\images\bluetooth32.png (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\images\disabled.gif (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\images\header_property.bmp (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\images\Off.gif (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\images\On.gif (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\images\wa_header.bmp (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\images\white_line.bmp (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\images\WHN32.bmp (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\images\wireless_off.ico (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\images\wireless_on.ico (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\images\wlan32.png (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\hp wireless assistant\images\wwan32.png (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\lightscribe\psg getting started.mht (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\program files\luckytender\HPQ\Shared\hpqtoaster.exe (Adware.LuckyTender) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\user(2).ds (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
c:\$recycle$\93089a10dd71164 (Trojan.Spyeyes) -> Quarantined and deleted successfully.

sevisur
Usuario linuxero
Usuario linuxero
Mensajes: 7
Registrado: 15 Nov 2011, 20:38
Agradecido : 2 veces
Contactar:

Re: ARCHIVO UNRARSCAN.DLL BORRADO

Mensajepor sevisur » 17 Nov 2011, 22:59

Una vez finalizado el analisis, 2 archivos no salieron marcados para eliminar. ¿ Los tengo tambien que marcar y eliminar ?

Me sale esto
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versión de la Base de Datos: 8184

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/11/2011 23:24:20
mbam-log-2011-11-17 (23-24-20).txt

Tipos de Análisis: Análisis Rápido
Objetos examinados: 191878
Tiempo transcurrido: 6 minuto(s), 33 segundo(s)

Procesos en Memoria Infectados: 0
Módulos de Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Archivos Infectados: 2

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos de Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Archivos Infectados:
c:\PT.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
c:\RECYCLER\s-1-5-21-820248312-883502657-1262772323-500\Dc59.exe (PUP.Hacktool.Patcher) -> Not selected for removal.


Volver a “Windows XP / X64”

¿Quién está conectado?

Usuarios navegando por este Foro: Bing [Bot], Yahoo [Bot] y 1 invitado