Problema con el firewall

**LinNNUX** · 18/03/2012, 18:47

Hola, estoy desesperado con un problema que tengo con mi firewall que no encuentro la solución.
Al querer activar mi firewall me tira un error que es el siguiente:

Mirando algunas respuestas encontre que el problema podria ser, porque no tenia activado el Motor de Filtrado de Base, al querer activarlo me tiro este error

Creo yo que el problema es porque mi hermano instaló un antivirus hace tiempo con un nuevo firewall que bloqueo todos los programas, mi pregunta es : ¿Cómo puedo sacar ese firewall y activar nuevamente el FIREWALL DE WINDOWS que es lo recomendable?

Espero su solidaridad conmigo, de antemano los agradezco

**cfuentesviera** · 19/03/2012, 01:50

Que antivirus tienes instalados en el sistema ?

podrias probar desintalandolo completamente (ojala sin conexion a internet) y tratar de activar el firewall de windows.

Saludos

**Pato_py** · 19/03/2012, 02:39

Una consulta, cuando intentas activar el Motor de Filtrado de Base, tu ejecutas el services.msc con una cuenta de administrador? o sea, le das boton derecho y elijes la opcion "ejecutar como administrador"?

Ten en cuenta que el error de acceso denegado que te da al intentar iniciar el servicio, suele ser porque lo intentas hacer con un usuario normal sin permisos de administrador.

De todos modos si no te funciona con el metodo recomendado mas arriba, es buena la idea del compañero cfuentesviera de desinstalar el antivirus actual, y para no dejar rastro deberias de desinstalarlo con la herramienta de desinstalacion (la mayoria de los antivirus de hoy en dia lo tienen).

Espero puedas solucionarlo.

Saludos.

**LinNNUX** · 20/03/2012, 13:54

Bueno les agradezco por su rápida respuesta; les comento que actualmente no uso ningún antivirus por este problema, yo ejecuto el services.msc como Administrador, pero igual no puedo activarlo...

**cfuentesviera** · 20/03/2012, 18:12

Mmm, pasa la herramienta Combofix, alomejor estas infectado y el mismo virus no te permite levantar el firewall

Bleeping Computer Downloads: ComboFix Download

podrias pegar el log cuando termine combofix y tratar de reactivar el firewall.

Saludos

**LinNNUX** · 21/03/2012, 06:43

ComboFix 12-03-20.02 - HOME 20/03/2012 23:50:44.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.51.3082.18.895.416 [GMT -5:00]
Running from: c:\users\HOME\Descargas\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HOME\AppData\Local\.#
c:\users\HOME\AppData\Local\.#\MBX@1704@A2866B0.## #
c:\users\HOME\AppData\Local\.#\MBX@1704@A2866D0.## #
c:\users\HOME\AppData\Local\.#\MBX@CF4@94966B0.###
c:\users\HOME\AppData\Local\.#\MBX@CF4@94966D0.###
c:\users\HOME\AppData\Roaming\13AE.exe
c:\users\HOME\AppData\Roaming\391B.exe
c:\users\HOME\AppData\Roaming\C9C3.exe
c:\users\HOME\AppData\Roaming\cglogs.dat
c:\users\HOME\AppData\Roaming\D24B.exe
c:\users\HOME\AppData\Roaming\HOMElog.dat
c:\users\HOME\AppData\Roaming\install\winver.exe
c:\users\HOME\AppData\Roaming\Likekp.exe
c:\users\HOME\AppData\Roaming\svm32.dat
C:\w7lxe.exe
c:\w7lxe.exe\w7lxe.exe
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))
.
.
2012-03-21 04:56 . 2012-03-21 04:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 11:24 . 2012-03-20 11:24 -------- d-----w- c:\program files\Sol Edit
2012-03-18 04:11 . 2012-03-18 04:11 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 04:11 . 2012-03-18 04:11 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 20:29 . 2012-03-01 19:34 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E105B33B-C8C0-4826-BF23-BF63F9BCEF02}\mpengine.dll
2012-03-14 05:41 . 1998-06-24 04:00 115016 ----a-w- c:\windows\MSINET.OCX
2012-03-14 05:41 . 2002-12-20 18:02 1077336 ----a-w- c:\windows\MSCOMCTL.OCX
2012-03-14 05:41 . 2012-03-14 05:41 -------- d-----w- c:\program files\Kyalon
2012-03-14 04:02 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 04:02 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 23:10 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:10 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:10 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 23:10 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 23:10 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 23:10 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 22:59 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 22:59 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 22:59 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 22:59 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 22:59 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 22:59 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-10 19:43 . 2012-03-10 19:43 -------- d-----w- c:\users\HOME\AppData\Local\APN
2012-03-10 19:42 . 2012-03-10 19:42 -------- d-----w- c:\program files\DsNET Corp
2012-03-08 23:30 . 2012-03-18 16:58 -------- d-----w- c:\program files\3D Live Pool
2012-03-08 18:11 . 2012-03-08 18:11 -------- d-----w- c:\programdata\Iminent
2012-03-08 18:06 . 2012-03-08 18:06 -------- d-----w- c:\program files\Ares
2012-03-08 17:21 . 2012-03-08 17:21 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-03-08 17:21 . 2012-03-08 17:21 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-03-08 17:21 . 2012-03-08 17:21 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-03-07 21:54 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-03-07 21:41 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-03-07 21:41 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-03-07 21:41 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-07 21:36 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
2012-03-07 21:32 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-03-07 21:32 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-03-07 21:31 . 2011-11-17 05:48 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-03-07 21:31 . 2011-11-17 05:48 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-03-07 21:31 . 2011-11-17 05:42 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-03-07 21:31 . 2011-11-17 05:39 314368 ----a-w- c:\windows\system32\webio.dll
2012-03-07 21:31 . 2011-11-17 05:39 224768 ----a-w- c:\windows\system32\schannel.dll
2012-03-07 21:31 . 2011-11-17 05:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2012-03-07 21:31 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-03-07 21:31 . 2011-11-17 05:39 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-03-07 21:31 . 2011-11-17 05:39 22016 ----a-w- c:\windows\system32\secur32.dll
2012-03-07 21:31 . 2011-11-17 05:36 22528 ----a-w- c:\windows\system32\lsass.exe
2012-03-07 21:31 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-07 21:18 . 2012-03-07 21:18 -------- d-----w- c:\windows\system32\wbem\en-US
2012-03-07 19:33 . 2011-10-15 05:48 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-03-07 19:33 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-02-23 14:18 . 2011-08-31 12:50 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-18 04:11 . 2011-10-06 00:47 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e4 2cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd6 2ccb9e983d\user32.dll
[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec2 64ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"= "c:\program files\Messenger_Plus\prxtbMess.dll" [2011-01-17 175912]
"{ba5844d2-b2c5-49eb-86f5-248d776a6f08}"= "c:\program files\Uptodown\prxtbUpto.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
.
[HKEY_CLASSES_ROOT\clsid\{ba5844d2-b2c5-49eb-86f5-248d776a6f08}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
2011-08-09 14:49 225584 ----a-w- c:\program files\BrowserCompanion\jsloader.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 21:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]
2011-08-09 14:49 141104 ----a-w- c:\program files\BrowserCompanion\updatebhoWin32.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
2011-01-17 21:54 175912 ----a-w- c:\program files\Messenger_Plus\prxtbMess.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba5844d2-b2c5-49eb-86f5-248d776a6f08}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Uptodown\prxtbUpto.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"= "c:\program files\Messenger_Plus\prxtbMess.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{ba5844d2-b2c5-49eb-86f5-248d776a6f08}"= "c:\program files\Uptodown\prxtbUpto.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{ba5844d2-b2c5-49eb-86f5-248d776a6f08}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B760D5A4-8D24-4CB6-942E-D6BB540AD88C}"= "c:\program files\Messenger_Plus\prxtbMess.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{BA5844D2-B2C5-49EB-86F5-248D776A6F08}"= "c:\program files\Uptodown\prxtbUpto.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{ba5844d2-b2c5-49eb-86f5-248d776a6f08}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"E09EXLRD_168325"="c:\program files\Microsoft Encarta\Encarta 2009 Biblioteca Premium DVD\EDICT.EXE" [2008-06-06 351000]
"ares"="c:\program files\Ares\Ares.exe" [2012-02-02 3209216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"Browser companion helper"="c:\program files\BrowserCompanion\BCHelper.exe" [2011-08-09 192304]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\HOME\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\
Recorte de pantalla y Selector de OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Administrador de servicios.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [N/A]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2011-2-10 2641920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^PDFCreator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
backup=c:\windows\pss\PDFCreator.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.e xe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 19:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 00:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 02:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 15:18 1185112 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-10 22:40 136176 ----atw- c:\users\HOME\AppData\Local\Google\Update\GoogleUp date.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-09-21 23:40 1681408 ----a-r- c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-07-08 16:42 13793824 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Antivirus]
2009-12-10 22:53 81920 ----a-w- c:\program files\USB Disk Security\RunUSBGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-10 4640000]
R3 RTL8167;Controlador NT de Realtek 8167;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn. sys [2011-03-30 25088]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-14 1343400]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [2009-07-08 239648]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-18 1086976]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224886382-3761025378-1855908048-1000Core.job
- c:\users\HOME\AppData\Local\Google\Update\GoogleUp date.exe [2011-02-10 22:40]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224886382-3761025378-1855908048-1000UA.job
- c:\users\HOME\AppData\Local\Google\Update\GoogleUp date.exe [2011-02-10 22:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gux-search.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Enviar a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: Interfaces\{39576847-844B-49D3-8AFB-EDF1D70FE036}: NameServer = 200.48.225.130,200.48.225.146
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
FF - ProfilePath - c:\users\HOME\AppData\Roaming\Mozilla\Firefox\Prof iles\5sd2cs07.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.gux-search.com
FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=addr&q=
user_pref(browser.startup.homepage , hxxp://www.gux-search.com);
FF - user.js: browser.startup.page - 1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{db131c55-60c8-4adc-84dc-9e76ab06e2dc} - c:\program files\uTorrentBar_ES\prxtbuTor.dll
BHO-{db131c55-60c8-4adc-84dc-9e76ab06e2dc} - c:\program files\uTorrentBar_ES\prxtbuTor.dll
Toolbar-{db131c55-60c8-4adc-84dc-9e76ab06e2dc} - c:\program files\uTorrentBar_ES\prxtbuTor.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{DB131C55-60C8-4ADC-84DC-9E76AB06E2DC} - c:\program files\uTorrentBar_ES\prxtbuTor.dll
HKCU-Run-CubeDesktop - (no file)
HKCU-Run-AdobeBridge - c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe
HKCU-Run-RDReminder - (no file)
HKCU-Run-Likekp - c:\users\HOME\AppData\Roaming\Likekp.exe
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - c:\program files\Stardock\ObjectDockFree\ODMenu.dll
MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e
MSConfigStartUp-BDRegion - c:\program files\Cyberlink\Shared files\brs.exe
MSConfigStartUp-nod32kui - c:\program files\Eset\nod32kui.exe
MSConfigStartUp-RemoteControl10 - c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
MSConfigStartUp-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSConfigStartUp-UpdateReminder - c:\program files\Eset\UpdateReminder.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-224886382-3761025378-1855908048-1000\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{1D58FDE5-5A55-9371-68B5-DF7137046D5E}*]
"jallhablhhhfnmoepnjp"=hex:63,61,6d,66,69,61,0 0,00
"padimenlecddjemllcobmepljnlpkcmh"=hex:65,61,69,63 ,64,69,65,6a,6c,61,00,00
"hallhablhhhfnmoe"=hex:61,61,00,00
.
[HKEY_USERS\S-1-5-21-224886382-3761025378-1855908048-1000\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{9F473EE8-D3DF-B4DD-240E-06F86AB8D4D8}*]
@Allowed: (Read) (RestrictedCode)
"iampgcdakkcoeeocfb"=hex:69,61,6d,6d,6c,64,64,6f,6 8,65,6d,6e,6d,67,62,62,64,6f,
00,00
"hagamaljgfcfdppe"=hex:69,61,6d,6d,6c,64,64,6f,68, 65,6d,6e,6d,67,62,62,64,6f,
00,00
"iaicodebhjnklelijc"=hex:63,61,6e,6d,6c,64,00, 00
"dbhmmnccjjachhldlipkaggbebjgmfemhilldeoo"=hex:68, 61,62,67,63,67,6d,66,62,6e,
62,67,69,63,63,68,00,00
"jbhmmnccjjachhldlipknejopdimajhgfhalbgknffkajmhbf nog"=hex:68,61,62,67,63,67,
6d,66,62,6e,62,67,69,63,63,68,00,00
"dbhmmnccjjachhldlipklenaheileicbpeblcjdj"=hex:62, 61,67,63,00,00
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\nvvsvc.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
.
************************************************** ************************
.
Completion time: 2012-03-21 00:00:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-21 05:00
.
Pre-Run: 69,890,125,824 bytes libres
Post-Run: 69,797,502,976 bytes libres
.
- - End Of File - - 1B9354446364DB79E5DA2B5D16E74511

**cfuentesviera** · 21/03/2012, 14:33

Estabas infectado :)

que sucede ahora al tratar de levantar el firewall ?

**LinNNUX** · 21/03/2012, 20:27

dame tu msn porfa xD! tuve que usar el restaurador de sistemas, cuando aplique el combofix el motor de filtrado de base arrancó pero el firewall sólo cargaba y no funcionaba

Problema con el firewall

Herramientas

Problema con el firewall

Temas similares

Problema con el firewall de W7

Problema con firewall

Problema Con firewall y Red

problema firewall

problema con el firewall

Permisos de publicación