Problema con el arranque de la pc

Foro referente al sistema operativo Windows XP
chris-cjs
Usuario linuxero
Usuario linuxero
Mensajes: 13
Registrado: 22 Jul 2009, 17:37
Contactar:

Re: Problema con el arranque de la pc

Mensajepor chris-cjs » 23 Jul 2009, 17:42

Dany escribió:Dices que sólo te aparece el adminstrador de tareas, que procesos te aparecen?


Hola Dany , mira los procesos qe aparecen son estos :

nvsvc32.exe
explorer.exe
spoolsv.exe
taskmgr.exe
svchost.exe (5 veces aparece)
lsass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
alg.exe
System
Proceso inactivo del sistema

Esos son todos
Última edición por chris-cjs el 23 Jul 2009, 17:56, editado 1 vez en total.

chris-cjs
Usuario linuxero
Usuario linuxero
Mensajes: 13
Registrado: 22 Jul 2009, 17:37
Contactar:

Re: Problema con el arranque de la pc

Mensajepor chris-cjs » 23 Jul 2009, 17:47

Hola Souto , lo hice dos veces al scaneo anoche , copio los dos archivos de texto .

Malwarebytes' Anti-Malware 1.39
Versión de la Base de Datos: 2421
Windows 5.1.2600 Service Pack 2

22/07/2009 08:32:13 p.m.
mbam-log-2009-07-22 (20-32-13).txt

Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 95706
Tiempo transcurrido: 3 minute(s), 28 second(s)

Procesos en Memoria Infectados: 1
Módulos en Memoria Infectados: 1
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 2
Elementos de Datos del Registro Infectados: 1
Carpetas Infectadas: 0
Ficheros Infectados: 57

Procesos en Memoria Infectados:
C:\WINDOWS\system32\explorer.exe (Backdoor.Agent) -> Unloaded process successfully.

Módulos en Memoria Infectados:
C:\Documents and Settings\Administrador\Configuración local\Temp\cydC7.tmp (Worm.Parite) -> Delete on reboot.

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Barsaka (Trojan.Downloader) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\Documents and Settings\Administrador\Configuración local\Temp\cydC7.tmp (Worm.Parite) -> Delete on reboot.
c:\WINDOWS\Temp\akp380.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\azo47B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\bdv1B8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\bhc158.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\bib1D0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\bit223.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\bvo37E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\clt386.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\cmo477.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\dzt222.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\ebi460.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\eta1CF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\fhc3.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\ftt1B0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\fvo47A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\gel21D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\gnp285.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\goj282.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\grc18F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\grg19B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\huh15E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\ixx28B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jdi45E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jpc18E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\kdh2D1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\kfa1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\kjj283.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\lhc4.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\ljv286.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\lwt3D7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\lxo478.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\miv1B9.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\mmi461.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\mtv288.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\nfu1B1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\nhc159.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\nxv287.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\ofa28C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\pgu1B7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\pyj463.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\RESTART.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\rfo47C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\rre3DB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\sdp383.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\srg19A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\sxv1BA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tbc190.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\uoi45F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\uxv289.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\vjo479.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\vrj462.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wbt1AF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\xjj284.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\xmh2D2.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\yoj280.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\explorer.exe (Trojan.Downloader) -> Delete on reboot.

este es el otro

Malwarebytes' Anti-Malware 1.39
Versión de la Base de Datos: 2421
Windows 5.1.2600 Service Pack 2

22/07/2009 08:46:15 p.m.
mbam-log-2009-07-22 (20-46-15).txt

Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 95593
Tiempo transcurrido: 4 minute(s), 24 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 1
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 22

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
C:\WINDOWS\Temp\rfa2.tmp (Worm.Parite) -> Delete on reboot.

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\WINDOWS\Temp\rfa2.tmp (Worm.Parite) -> Delete on reboot.
c:\documents and settings\localservice\configuración local\Temp\cka5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\configuración local\Temp\dia4.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\bca6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\dha3.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\gfa1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\gia4.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\goa9.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\hya9.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jba6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jea1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jra8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\kma8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\oca7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\pea1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\plaA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\raaA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\saa5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\uea2.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\xqz8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\yna7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\zmaB.tmp (Worm.Parite) -> Quarantined and deleted successfully.

Avatar de Usuario
Souto
Usuario Bill Gates
Usuario Bill Gates
Mensajes: 10665
Registrado: 25 Feb 2008, 10:21
Ubicación: Galicia
Agradecido : 6 veces
Agradecimiento recibido: 647 veces
Contactar:

Re: Problema con el arranque de la pc

Mensajepor Souto » 23 Jul 2009, 18:07

Los registros de Malware confirman la infección y aparentemente la has liquidado.
Vuelve a sacarme un Winlogon, por favor
Qui dove il mare luccica e tira forte il vento

chris-cjs
Usuario linuxero
Usuario linuxero
Mensajes: 13
Registrado: 22 Jul 2009, 17:37
Contactar:

Re: Problema con el arranque de la pc

Mensajepor chris-cjs » 23 Jul 2009, 18:19

vuelvo a hacer esto como .bat ?

C:\Windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /s>>Winlogon.txt
start notepad Winlogon.txt

Avatar de Usuario
Souto
Usuario Bill Gates
Usuario Bill Gates
Mensajes: 10665
Registrado: 25 Feb 2008, 10:21
Ubicación: Galicia
Agradecido : 6 veces
Agradecimiento recibido: 647 veces
Contactar:

Re: Problema con el arranque de la pc

Mensajepor Souto » 23 Jul 2009, 18:29

Si, por favor.
Qui dove il mare luccica e tira forte il vento

chris-cjs
Usuario linuxero
Usuario linuxero
Mensajes: 13
Registrado: 22 Jul 2009, 17:37
Contactar:

Re: Problema con el arranque de la pc

Mensajepor chris-cjs » 23 Jul 2009, 18:42

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
AutoRestartShell REG_DWORD 0x1
DefaultDomainName REG_SZ COLOSO
DefaultUserName REG_SZ Administrador
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD 0xffffffff
SfcDisable REG_DWORD 0xffffff9d
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0x1
AutoAdminLogon REG_SZ 0
DefaultPassword REG_SZ
UIHost REG_EXPAND_SZ vistaui.exe
LogonType REG_DWORD 0x1
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
HibernationPreviouslyEnabled REG_DWORD 0x1
WinStationsDisabled REG_SZ 0
ShowLogonOptions REG_DWORD 0x0
AltDefaultUserName REG_SZ Administrador
AltDefaultDomainName REG_SZ COLOSO

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}
<Sin nombre> REG_SZ Inalámbrico
ProcessGroupPolicy REG_SZ ProcessWIRELESSPolicy
DllName REG_EXPAND_SZ gptext.dll
NoUserPolicy REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}
<Sin nombre> REG_SZ Folder Redirection
ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx
DllName REG_EXPAND_SZ fdeploy.dll
NoMachinePolicy REG_DWORD 0x1
NoSlowLink REG_DWORD 0x1
PerUserLocalSettings REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x0
NoBackgroundPolicy REG_DWORD 0x0
GenerateGroupPolicy REG_SZ GenerateGroupPolicy
EventSources REG_MULTI_SZ (Folder Redirection,Application)\0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}
Status REG_DWORD 0x0
RsopStatus REG_DWORD 0x0
LastPolicyTime REG_DWORD 0xed14ac
PrevSlowLink REG_DWORD 0x0
PrevRsopLogging REG_DWORD 0x1
ForceRefreshFG REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}
<Sin nombre> REG_SZ Cuota de discos de Microsoft
NoMachinePolicy REG_DWORD 0x0
NoUserPolicy REG_DWORD 0x1
NoSlowLink REG_DWORD 0x1
NoBackgroundPolicy REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x1
PerUserLocalSettings REG_DWORD 0x0
RequiresSuccessfulRegistry REG_DWORD 0x1
EnableAsynchronousProcessing REG_DWORD 0x0
DllName REG_EXPAND_SZ dskquota.dll
ProcessGroupPolicy REG_SZ ProcessGroupPolicy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}
<Sin nombre> REG_SZ Programador de paquetes QoS
ProcessGroupPolicy REG_SZ ProcessPSCHEDPolicy
DllName REG_EXPAND_SZ gptext.dll
NoUserPolicy REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}
<Sin nombre> REG_SZ Secuencias de comandos
ProcessGroupPolicy REG_SZ ProcessScriptsGroupPolicy
ProcessGroupPolicyEx REG_SZ ProcessScriptsGroupPolicyEx
GenerateGroupPolicy REG_SZ GenerateScriptsGroupPolicy
DllName REG_EXPAND_SZ gptext.dll
NoSlowLink REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x1
NotifyLinkTransition REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
<Sin nombre> REG_SZ Asignación de zonas de Internet Explorer
DllName REG_EXPAND_SZ iedkcs32.dll
ProcessGroupPolicy REG_SZ ProcessGroupPolicyForZoneMap
NoGPOListChanges REG_DWORD 0x1
RequiresSucessfulRegistry REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
ProcessGroupPolicy REG_SZ SceProcessSecurityPolicyGPO
GenerateGroupPolicy REG_SZ SceGenerateGroupPolicy
ExtensionRsopPlanningDebugLevel REG_DWORD 0x1
ProcessGroupPolicyEx REG_SZ SceProcessSecurityPolicyGPOEx
ExtensionDebugLevel REG_DWORD 0x1
DllName REG_EXPAND_SZ scecli.dll
<Sin nombre> REG_SZ Security
NoUserPolicy REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x1
EnableAsynchronousProcessing REG_DWORD 0x1
MaxNoGPOListChangesInterval REG_DWORD 0x3c0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx
GenerateGroupPolicy REG_SZ GenerateGroupPolicy
ProcessGroupPolicy REG_SZ ProcessGroupPolicy
DllName REG_EXPAND_SZ iedkcs32.dll
<Sin nombre> REG_SZ Personalización de Internet Explorer
NoSlowLink REG_DWORD 0x1
NoBackgroundPolicy REG_DWORD 0x0
NoGPOListChanges REG_DWORD 0x1
NoMachinePolicy REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
ProcessGroupPolicy REG_SZ SceProcessEFSRecoveryGPO
DllName REG_EXPAND_SZ scecli.dll
<Sin nombre> REG_SZ EFS recovery
NoUserPolicy REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x1
RequiresSuccessfulRegistry REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}
<Sin nombre> REG_SZ Microsoft Offline Files
DllName REG_EXPAND_SZ %SystemRoot%\System32\cscui.dll
EnableAsynchronousProcessing REG_DWORD 0x0
NoBackgroundPolicy REG_DWORD 0x0
NoGPOListChanges REG_DWORD 0x0
NoMachinePolicy REG_DWORD 0x0
NoSlowLink REG_DWORD 0x0
NoUserPolicy REG_DWORD 0x1
PerUserLocalSettings REG_DWORD 0x0
ProcessGroupPolicy REG_SZ ProcessGroupPolicy
RequiresSuccessfulRegistry REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}
<Sin nombre> REG_SZ Instalación de software
DllName REG_EXPAND_SZ appmgmts.dll
ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyObjectsEx
GenerateGroupPolicy REG_SZ GenerateGroupPolicy
NoBackgroundPolicy REG_DWORD 0x0
RequiresSucessfulRegistry REG_DWORD 0x0
NoSlowLink REG_DWORD 0x1
PerUserLocalSettings REG_DWORD 0x1
EventSources REG_MULTI_SZ (Application Management,Application)\0(MsiInstaller,Application)\0\0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}
<Sin nombre> REG_SZ Seguridad IP
ProcessGroupPolicy REG_SZ ProcessIPSECPolicy
DllName REG_EXPAND_SZ gptext.dll
NoUserPolicy REG_DWORD 0x1
NoGPOListChanges REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
Asynchronous REG_DWORD 0x0
Impersonate REG_DWORD 0x0
DllName REG_EXPAND_SZ crypt32.dll
Logoff REG_SZ ChainWlxLogoffEvent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
Asynchronous REG_DWORD 0x0
Impersonate REG_DWORD 0x0
DllName REG_EXPAND_SZ cryptnet.dll
Logoff REG_SZ CryptnetWlxLogoffEvent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
DLLName REG_SZ cscdll.dll
Logon REG_SZ WinlogonLogonEvent
Logoff REG_SZ WinlogonLogoffEvent
ScreenSaver REG_SZ WinlogonScreenSaverEvent
Startup REG_SZ WinlogonStartupEvent
Shutdown REG_SZ WinlogonShutdownEvent
StartShell REG_SZ WinlogonStartShellEvent
Impersonate REG_DWORD 0x0
Asynchronous REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
DLLName REG_SZ wlnotify.dll
Logon REG_SZ SCardStartCertProp
Logoff REG_SZ SCardStopCertProp
Lock REG_SZ SCardSuspendCertProp
Unlock REG_SZ SCardResumeCertProp
Enabled REG_DWORD 0x1
Impersonate REG_DWORD 0x1
Asynchronous REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
Asynchronous REG_DWORD 0x0
DllName REG_EXPAND_SZ wlnotify.dll
Impersonate REG_DWORD 0x0
StartShell REG_SZ SchedStartShell
Logoff REG_SZ SchedEventLogOff

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
Logoff REG_SZ WLEventLogoff
Impersonate REG_DWORD 0x0
Asynchronous REG_DWORD 0x1
DllName REG_EXPAND_SZ sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
DLLName REG_SZ WlNotify.dll
Lock REG_SZ SensLockEvent
Logon REG_SZ SensLogonEvent
Logoff REG_SZ SensLogoffEvent
Safe REG_DWORD 0x1
MaxWait REG_DWORD 0x258
StartScreenSaver REG_SZ SensStartScreenSaverEvent
StopScreenSaver REG_SZ SensStopScreenSaverEvent
Startup REG_SZ SensStartupEvent
Shutdown REG_SZ SensShutdownEvent
StartShell REG_SZ SensStartShellEvent
PostShell REG_SZ SensPostShellEvent
Disconnect REG_SZ SensDisconnectEvent
Reconnect REG_SZ SensReconnectEvent
Unlock REG_SZ SensUnlockEvent
Impersonate REG_DWORD 0x1
Asynchronous REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
Asynchronous REG_DWORD 0x0
DllName REG_EXPAND_SZ wlnotify.dll
Impersonate REG_DWORD 0x0
Logoff REG_SZ TSEventLogoff
Logon REG_SZ TSEventLogon
PostShell REG_SZ TSEventPostShell
Shutdown REG_SZ TSEventShutdown
StartShell REG_SZ TSEventStartShell
Startup REG_SZ TSEventStartup
MaxWait REG_DWORD 0x258
Reconnect REG_SZ TSEventReconnect
Disconnect REG_SZ TSEventDisconnect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
Logon REG_SZ WLEventLogon
Logoff REG_SZ WLEventLogoff
Startup REG_SZ WLEventStartup
Shutdown REG_SZ WLEventShutdown
StartScreenSaver REG_SZ WLEventStartScreenSaver
StopScreenSaver REG_SZ WLEventStopScreenSaver
Lock REG_SZ WLEventLock
Unlock REG_SZ WLEventUnlock
StartShell REG_SZ WLEventStartShell
PostShell REG_SZ WLEventPostShell
Disconnect REG_SZ WLEventDisconnect
Reconnect REG_SZ WLEventReconnect
Impersonate REG_DWORD 0x1
Asynchronous REG_DWORD 0x0
SafeMode REG_DWORD 0x0
MaxWait REG_DWORD 0xffffffff
DllName REG_EXPAND_SZ WgaLogon.dll
Event REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings
Data REG_BINARY 01000000D08C9DDF0115D1118C7A00C04FC297EB01000000CD9FD7BE947BFF4DA8D803ED3211E8B004000000040000005300000003660000A800000010000000E0F086B0DC2F09DE9C3AC913315406B00000000004800000A000000010000000031A0494D84BEA7E6860E9470D77D1B4A8010000941F2BDD5D8F1400D3679A5F94C36F00BB60A7F02FD10397275261A2A2149CE336079C81BA09F3C231521D0DC0900EB6DABCE9629F24F6BD4A211CA506CFC75300FE7C26AFC286315FAF85B8626D24DC2078422EDD57ECDF3FE7560DB7459C47D5E9E3EA86918BCEF77D678E84CC83EA188EEA7A3417EFD480D23625C2BC9D4C0DF29A631E15379FC64F0D634821B487297D9E524A91DEDE300DAD3DCBE30ADCAE5B388AA96C2202B5F422F81D731E60AABE28B18416F3B139CF2BDA414DB69496880EBFF4590084E273F54737F157C9EF45BA38008FB54117A6AD527C7B906EF34AF62FA49FC84689F6E9798E67DC0D903222DEF3EE82CD1154E1EE19A754DF90F24A2453DC033028D0067085D9AF3CEF6C6791FA0AE19AF69AAB1FAAED8A894B1C92C55232748345C310331ADE75C35633F9CD9C2CC90B59CC15D782FC9AE4750341C12C2E1C4447295279AEA0DAFABED204952A29B77E2806E3E4546DFDA839F5665DE280BEFF79F74364F30CAD94A7FBE467A3971F7624EEC7F6CAEDDBF96347BFFE633AE4F6F9C8D33EAE4F92DB8A0E3A6880C448992A5EADEB423ED6BA14E1E59ED7E09ABE140000009DFCA504B8F2B4071CE2E39FAC2F0B27CAFF9C24

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
DLLName REG_SZ wlnotify.dll
Logon REG_SZ RegisterTicketExpiredNotificationEvent
Logoff REG_SZ UnregisterTicketExpiredNotificationEvent
Impersonate REG_DWORD 0x1
Asynchronous REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Asistente de ayuda REG_DWORD 0x0
TsInternetUser REG_DWORD 0x0
SQLAgentCmdExec REG_DWORD 0x0
NetShowServices REG_DWORD 0x0
HelpAssistant REG_DWORD 0x0
IWAM_ REG_DWORD 0x10000
IUSR_ REG_DWORD 0x10000
VUSR_ REG_DWORD 0x10000
Administrador REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials

Avatar de Usuario
Souto
Usuario Bill Gates
Usuario Bill Gates
Mensajes: 10665
Registrado: 25 Feb 2008, 10:21
Ubicación: Galicia
Agradecido : 6 veces
Agradecimiento recibido: 647 veces
Contactar:

Re: Problema con el arranque de la pc

Mensajepor Souto » 23 Jul 2009, 18:53

Vuelve a ejecutar regedit.
Vete otra vez a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

pulsa (un sólo clic) sobre Winlogon para resaltarlo.
En la ventana de la derecha localiza el valor "UIHost", doble clic sobre él y en "Información del valor" borras su contenido y pegas esto:
logonui.exe
cierra Regedit, reinicia el equipo y comprueba si ahora arranca normal.

Saludos
Qui dove il mare luccica e tira forte il vento

chris-cjs
Usuario linuxero
Usuario linuxero
Mensajes: 13
Registrado: 22 Jul 2009, 17:37
Contactar:

Re: Problema con el arranque de la pc

Mensajepor chris-cjs » 23 Jul 2009, 19:12

La acabo de reiniciar pero se vuelve a trabar en el mismo lugar de siempre .
Queres que vuelva a repetir alguno de los pasos anteriores ?

Avatar de Usuario
Souto
Usuario Bill Gates
Usuario Bill Gates
Mensajes: 10665
Registrado: 25 Feb 2008, 10:21
Ubicación: Galicia
Agradecido : 6 veces
Agradecimiento recibido: 647 veces
Contactar:

Re: Problema con el arranque de la pc

Mensajepor Souto » 23 Jul 2009, 19:24

Hay que complementar con otro antivirus.
Realiza un Examen completo on line con
http://onecare.live.com/site/es-es/default.htm
Qui dove il mare luccica e tira forte il vento

chris-cjs
Usuario linuxero
Usuario linuxero
Mensajes: 13
Registrado: 22 Jul 2009, 17:37
Contactar:

Re: Problema con el arranque de la pc

Mensajepor chris-cjs » 23 Jul 2009, 19:47

Ah listo , ahi ya puse a hacer el examen .
Cuando termina copio los resultados aca .


Volver a “Windows XP / X64”

¿Quién está conectado?

Usuarios navegando por este Foro: Google [Bot] y 4 invitados