Virus de la Policía (ayuda, por favor) Buenas tardes a todos,
se me ha infectado el ordenador con el virus del asunto. Primero ejecuté PoliFix.exe siguiendo las instrucciones de vuestra guía, pero no se eliminó.
Me he descargado OTL (tal y como indicáis en otros posts), lo he ejecutado en modo seguro y este es el reporte:
OTL logfile created on: 3/8/2012 5:42:10 PM - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\mariana\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: España | Language: ESN | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.76% Memory free
3.98 Gb Paging File | 3.13 Gb Available in Paging File | 78.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.80 Gb Total Space | 218.37 Gb Free Space | 77.22% Space Free | Partition Type: NTFS
Drive D: | 7.60 Gb Total Space | 3.02 Gb Free Space | 39.73% Space Free | Partition Type: FAT32
Computer Name: MARIANA-PC | User Name: mariana | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\mariana\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\WinRAR\rarext.dll ()
========== Win32 Services (SafeList) ==========
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe (IDT, Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (AresChatServer) -- C:\Program Files\Ares\chatServer.exe (Ares Development Group)
========== Driver Services (SafeList) ==========
DRV - (AvgTdiX) -- C:\windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriverw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSErHrw7x) -- C:\windows\System32\Drivers\AVGIDSwx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (NETw5s32) Controlador del adaptador Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (tidnet) -- C:\Windows\System32\drivers\tidnet.sys (Telefónica I+D)
DRV - (HpqKbFiltr) -- C:\windows\system32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\windows\system32\DRIVERS\cpqbttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (Huawei) -- C:\Windows\System32\drivers\ewdcsc.sys (Huawei Tech. Co., Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_ES&c=92&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_ES&c=92&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9305BAFA-6056-4144-910A-371437CFE03F}
IE - HKCU\..\SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2EAA}: "URL" = http://www.missim.org/google?q={searchTerms}&sa=Search&cx=partner-pub-3546861938806019:fn51rv5o9ne&cof=FORID%3A10&ie=UTF-8&hl=es
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9305BAFA-6056-4144-910A-371437CFE03F}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.es"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.2
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/25 23:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/25 23:08:16 | 000,000,000 | ---D | M]
[2010/05/22 19:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mariana\AppData\Roaming\mozilla\Extensions
[2012/02/25 11:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mariana\AppData\Roaming\mozilla\Firefox\Profiles\up20968o.default\extensions
[2011/03/21 19:38:59 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\mariana\AppData\Roaming\mozilla\Firefox\Profiles\up20968o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011/03/21 19:38:56 | 000,003,915 | ---- | M] () -- C:\Users\mariana\AppData\Roaming\Mozilla\Firefox\Profiles\up20968o.default\searchplugins\sweetim.xml
[2010/05/22 19:41:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/05/22 19:41:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/22 19:41:23 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/17 19:50:00 | 000,003,996 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
[2012/01/17 19:50:00 | 000,000,751 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
[2012/01/17 19:50:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
[2012/01/17 19:50:00 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml
========== Chrome ==========
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [kodak] C:\Users\mariana\AppData\Roaming\kodak\kodak.exe ()
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B62842FC-CE0A-4BA0-8237-257B523FC504}: DhcpNameServer = 192.168.132.73 192.168.132.72 192.168.132.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDF6588E-BD31-484A-81EE-F5598DA28050}: DhcpNameServer = 80.58.61.250 80.58.61.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{89919335-628a-11df-b851-00271345cb9f}\Shell - "" = AutoRun
O33 - MountPoints2\{89919335-628a-11df-b851-00271345cb9f}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/03/08 17:41:10 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\mariana\Desktop\OTL.exe
[2012/03/08 17:22:43 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{7B5F1016-3C2A-44B4-A3E8-E710372639EF}
[2012/03/08 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{7799D2F6-EFEE-4BF0-9546-3920CBA246EF}
[2012/03/08 16:28:07 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{1A84BC5E-9580-44CB-AAE3-DB2A7051CDF3}
[2012/03/02 14:09:49 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{F6E3696B-855B-4AA4-99BC-2482B0AAE0DA}
[2012/03/02 14:09:34 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{02FA8984-C3AA-4275-AAD3-D7A6730ACD18}
[2012/03/02 14:07:57 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{57AB7098-720E-4067-96D2-AC13F1E0BC9C}
[2012/03/02 14:07:46 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{1B07D05D-D24E-445F-8B28-DBA649B2050E}
[2012/03/02 14:03:24 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{28A3A30A-21D9-449C-BB3E-7D6481A8BAAC}
[2012/03/02 14:03:12 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{5BEA5A4C-92B6-412A-AF69-EAAAD4E1B937}
[2012/03/02 13:59:59 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{6C8B0654-C2D8-4267-8D84-AFFA054E58E9}
[2012/03/02 13:59:48 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{F773163A-2C55-4AFA-B01C-9B725E3A7EE9}
[2012/02/26 11:13:19 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{5585737E-FE69-4425-B36C-3E6C1D758F39}
[2012/02/26 10:59:02 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{FEED8531-F0E3-4601-A4D0-82DC8B8F2F69}
[2012/02/26 10:58:49 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{AC16B333-9B1F-4494-B070-4F89968015EB}
[2012/02/26 10:55:58 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{E6C951CA-B4FC-47B8-8B8B-997470968945}
[2012/02/26 10:55:46 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{0FF023FB-492D-4069-AC70-53FC521A57EA}
[2012/02/26 10:43:55 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{59276CEA-4B3E-4E0B-8AB0-2FF665892A61}
[2012/02/26 10:40:28 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{8726A790-865D-40A2-AADC-17F26C10A19E}
[2012/02/26 10:37:08 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{2BFE8E5F-4731-4C8B-A541-5A9F9719B047}
[2012/02/26 10:36:55 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivos Bluetooth
[2012/02/26 10:34:25 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{5A5CC509-A477-4530-9691-55BBC5C1B21A}
[2012/02/26 10:33:14 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{E809B664-E792-406C-9395-8E1BE543176D}
[2012/02/26 10:22:29 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{CDB673DF-4121-47CF-897F-E97793F686F8}
[2012/02/25 11:55:49 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Roaming\kodak
[2012/02/25 11:16:09 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{4D413EE8-82B9-4CAA-90AB-A25D69D4D36F}
[2012/02/25 11:15:57 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{1E5023C2-0A49-4BE1-8B44-71616A856A33}
[2012/02/24 19:06:47 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{B7B46672-BAA9-4553-BC48-61DD7D621F9D}
[2012/02/24 19:06:36 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{7A2F22BC-41B3-49E4-B9CF-6C4D2615FD7E}
[2012/02/23 21:51:48 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{8C3B46D1-C106-4CC7-91F0-00989BCD38D2}
[2012/02/23 21:51:35 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{13F6FBA3-E3AB-42B2-A75D-E8212D11F9CC}
[2012/02/21 19:14:42 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{4F2A8248-73C1-4374-9230-4CB2650DED28}
[2012/02/21 19:14:31 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{368DB9D1-99A9-4581-8C1B-2B7BE7F4D497}
[2012/02/20 22:35:47 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{D5DCBCAB-B8CB-48AB-AC92-C31BA9DBB686}
[2012/02/20 22:35:35 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{AD630425-6EC9-40C8-BF5D-76D1A0C86065}
[2012/02/19 15:23:29 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{A8DC99C2-CF8C-4CC1-9AFF-06CDBA5341A0}
[2012/02/19 15:23:12 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{1411C64C-6FB1-4130-9B1A-FA56C6F12709}
[2012/02/19 10:55:18 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{B724B3B8-07A9-4C4E-83B6-6C4D568AD34A}
[2012/02/19 10:55:06 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{468B551D-395A-492A-A960-7A2296D0F25C}
[2012/02/17 19:43:27 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{AC1B3705-A42D-463C-B86C-7B2497353466}
[2012/02/17 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{6C31577A-1540-4FBB-A47A-BCF76980D8D1}
[2012/02/16 22:05:47 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{7BB17796-BA7D-402E-B594-35365B9020B8}
[2012/02/16 22:05:36 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{C8382098-149A-403C-8D54-308975B15B70}
[2012/02/13 20:09:53 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{47B75C7B-A51B-414D-B30E-508ECC3DD99D}
[2012/02/13 20:09:41 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{313AA04A-BD53-4067-BA5E-1DD1096850AC}
[2012/02/08 19:07:13 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{AF686FEF-86AF-4C9C-A24F-929EBF588F22}
[2012/02/08 19:07:01 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{E83CD096-C4E7-41E2-9561-C25E0B48D610}
========== Files - Modified Within 30 Days ==========
[2012/03/08 17:43:28 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\mariana\Desktop\OTL.com
[2012/03/08 17:40:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/08 17:40:09 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/08 17:37:20 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\mariana\Desktop\OTL.exe
[2012/03/08 17:29:20 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 17:29:20 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 17:28:23 | 000,703,840 | ---- | M] () -- C:\windows\System32\perfh00A.dat
[2012/03/08 17:28:23 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/03/08 17:28:23 | 000,137,806 | ---- | M] () -- C:\windows\System32\perfc00A.dat
[2012/03/08 17:28:23 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/03/08 17:22:22 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/26 00:19:12 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/23 22:12:36 | 001,483,820 | ---- | M] () -- C:\Users\mariana\Documents\Documento2.rtf
[2012/02/21 19:44:02 | 000,000,330 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFormariana.job
[2012/02/20 22:38:45 | 000,002,127 | ---- | M] () -- C:\Users\mariana\Documents\recension.rtf
[2012/02/19 14:29:14 | 000,005,556 | ---- | M] () -- C:\Users\mariana\Documents\Documento important.rtf
[2012/02/19 13:14:08 | 000,000,411 | ---- | M] () -- C:\Users\mariana\Documents\Documento.rtf
[2012/02/19 10:35:37 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2012/02/17 19:42:18 | 000,493,912 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/02/19 14:29:23 | 001,483,820 | ---- | C] () -- C:\Users\mariana\Documents\Documento2.rtf
[2012/02/19 14:29:14 | 000,005,556 | ---- | C] () -- C:\Users\mariana\Documents\Documento important.rtf
[2012/02/19 13:14:07 | 000,000,411 | ---- | C] () -- C:\Users\mariana\Documents\Documento.rtf
[2012/02/19 10:35:37 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2012/02/07 18:06:18 | 000,059,769 | ---- | C] () -- C:\Users\mariana\Desktop\nDeha9o3Zamyxew6j-PT.0.jpg
[2012/02/07 18:05:29 | 000,174,808 | ---- | C] () -- C:\Users\mariana\Desktop\EcszJW8vWDzdBCpcsFN3.0.jpg
[2012/02/07 18:05:11 | 000,073,458 | ---- | C] () -- C:\Users\mariana\Desktop\d4ovHZb1ATh_s1llQxa2.0.jpg
[2012/02/07 18:00:51 | 002,651,603 | ---- | C] () -- C:\Users\mariana\Desktop\Dia intercambio! 007.JPG
[2012/02/07 17:59:13 | 003,770,115 | ---- | C] () -- C:\Users\mariana\Desktop\Halloween '10 Malaga! 008 - copia.JPG
[2012/02/07 17:58:28 | 005,781,407 | ---- | C] () -- C:\Users\mariana\Desktop\Diitaa M3C3AL!! 022.JPG
[2012/02/07 17:58:10 | 002,781,305 | ---- | C] () -- C:\Users\mariana\Desktop\Diitaa M3C3AL!! 020.JPG
[2012/02/07 17:57:18 | 005,536,872 | ---- | C] () -- C:\Users\mariana\Desktop\Diitaa M3C3AL!! 010.JPG
[2010/08/15 14:26:08 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2010/05/14 12:02:08 | 000,524,288 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2010/05/14 12:02:08 | 000,139,264 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2010/05/12 15:26:58 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010/05/12 15:26:57 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010/05/12 15:26:57 | 000,027,184 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010/05/12 15:26:56 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010/05/12 15:26:56 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/05/12 15:26:55 | 000,203,312 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
========== LOP Check ==========
[2010/05/17 06:28:27 | 000,000,000 | ---D | M] -- C:\Users\mariana\AppData\Roaming\AVG9
[2010/05/14 12:07:08 | 000,000,000 | ---D | M] -- C:\Users\mariana\AppData\Roaming\AVSMedia
[2010/09/04 00:59:59 | 000,000,000 | ---D | M] -- C:\Users\mariana\AppData\Roaming\PhotoScape
[2010/05/18 15:39:18 | 000,000,000 | ---D | M] -- C:\Users\mariana\AppData\Roaming\Telefónica Móviles
[2011/03/25 17:32:38 | 000,000,000 | ---D | M] -- C:\Users\mariana\AppData\Roaming\Windows Live Writer
[2012/02/21 19:13:56 | 000,032,540 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Espero que podáis ayudarme. Quedo a la espera.
Registrate para responder