• Registrarse
  • Iniciar sesión


  • Resultados 1 al 2 de 2

    Virus de la Policía

    Resumen del tema: Virus de la Policía - Buenas tardes a todos, se me ha infectado el ordenador con el virus del asunto. Primero ejecuté PoliFix.exe siguiendo las instrucciones de vuestra guía, pero no se eliminó. Me he descargado OTL (tal y como ...

    1. #1
      Usuario Avatar de halrac
      Registrado
      mar 2012
      Ubicación
      España
      Mensajes
      5

      Molesto Virus de la Policía (ayuda, por favor)

      Buenas tardes a todos,

      se me ha infectado el ordenador con el virus del asunto. Primero ejecuté PoliFix.exe siguiendo las instrucciones de vuestra guía, pero no se eliminó.

      Me he descargado OTL (tal y como indicáis en otros posts), lo he ejecutado en modo seguro y este es el reporte:

      OTL logfile created on: 3/8/2012 5:42:10 PM - Run 1
      OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\mariana\Desktop
      Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000409 | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.76% Memory free
      3.98 Gb Paging File | 3.13 Gb Available in Paging File | 78.49% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
      Drive C: | 282.80 Gb Total Space | 218.37 Gb Free Space | 77.22% Space Free | Partition Type: NTFS
      Drive D: | 7.60 Gb Total Space | 3.02 Gb Free Space | 39.73% Space Free | Partition Type: FAT32

      Computer Name: MARIANA-PC | User Name: mariana | Logged in as Administrator.
      Boot Mode: SafeMode | Scan Mode: Current user
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\mariana\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\Windows\explorer.exe (Microsoft Corporation)


      ========== Modules (No Company Name) ==========

      MOD - C:\Program Files\WinRAR\rarext.dll ()


      ========== Win32 Services (SafeList) ==========

      SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
      SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
      SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
      SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
      SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
      SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
      SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
      SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
      SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
      SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
      SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
      SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
      SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe (IDT, Inc.)
      SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
      SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
      SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
      SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe (Andrea Electronics Corporation)
      SRV - (AresChatServer) -- C:\Program Files\Ares\chatServer.exe (Ares Development Group)


      ========== Driver Services (SafeList) ==========

      DRV - (AvgTdiX) -- C:\windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
      DRV - (AvgMfx86) -- C:\windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
      DRV - (AVGIDSDriverw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
      DRV - (AVGIDSFilterw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
      DRV - (AVGIDSErHrw7x) -- C:\windows\System32\Drivers\AVGIDSwx.sys (AVG Technologies CZ, s.r.o. )
      DRV - (AVGIDSShimw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
      DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
      DRV - (AvgLdx86) -- C:\windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
      DRV - (AvgRkx86) -- C:\windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
      DRV - (NETw5s32) Controlador del adaptador Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
      DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
      DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
      DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
      DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
      DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
      DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
      DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
      DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
      DRV - (MfeAVFK) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
      DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
      DRV - (MfeBOPK) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
      DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
      DRV - (tidnet) -- C:\Windows\System32\drivers\tidnet.sys (Telefónica I+D)
      DRV - (HpqKbFiltr) -- C:\windows\system32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
      DRV - (HBtnKey) -- C:\windows\system32\DRIVERS\cpqbttn.sys (Hewlett-Packard Development Company, L.P.)
      DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
      DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
      DRV - (Huawei) -- C:\Windows\System32\drivers\ewdcsc.sys (Huawei Tech. Co., Ltd.)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_ES&c=92&bd=all&pf=cmnb
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
      IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_ES&c=92&bd=all&pf=cmnb
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
      IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
      IE - HKCU\..\SearchScopes,DefaultScope = {9305BAFA-6056-4144-910A-371437CFE03F}
      IE - HKCU\..\SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2EAA}: "URL" = http://www.missim.org/google?q={searchTerms}&sa=Search&cx=partner-pub-3546861938806019:fn51rv5o9ne&cof=FORID%3A10&ie=UTF-8&hl=es
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{9305BAFA-6056-4144-910A-371437CFE03F}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
      IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
      FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
      FF - prefs.js..browser.search.selectedEngine: "Google"
      FF - prefs.js..browser.startup.homepage: "www.google.es"
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
      FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.2
      FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
      FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
      FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties"
      FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/25 23:08:16 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/25 23:08:16 | 000,000,000 | ---D | M]

      [2010/05/22 19:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mariana\AppData\Roaming\mozilla\Extensions
      [2012/02/25 11:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mariana\AppData\Roaming\mozilla\Firefox\Profiles\up20968o.default\extensions
      [2011/03/21 19:38:59 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\mariana\AppData\Roaming\mozilla\Firefox\Profiles\up20968o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
      [2011/03/21 19:38:56 | 000,003,915 | ---- | M] () -- C:\Users\mariana\AppData\Roaming\Mozilla\Firefox\Profiles\up20968o.default\searchplugins\sweetim.xml
      [2010/05/22 19:41:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
      [2010/05/22 19:41:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
      [2010/05/22 19:41:23 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
      [2012/01/17 19:50:00 | 000,003,996 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
      [2012/01/17 19:50:00 | 000,000,751 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
      [2012/01/17 19:50:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/01/17 19:50:00 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - default_search_provider: Google ()
      CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

      O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
      O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
      O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
      O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
      O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
      O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
      O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
      O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
      O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
      O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
      O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
      O4 - HKCU..\Run: [kodak] C:\Users\mariana\AppData\Roaming\kodak\kodak.exe ()
      O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
      O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
      O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
      O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
      O13 - gopher Prefix: missing
      O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
      O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B62842FC-CE0A-4BA0-8237-257B523FC504}: DhcpNameServer = 192.168.132.73 192.168.132.72 192.168.132.71
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDF6588E-BD31-484A-81EE-F5598DA28050}: DhcpNameServer = 80.58.61.250 80.58.61.254
      O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
      O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O33 - MountPoints2\{89919335-628a-11df-b851-00271345cb9f}\Shell - "" = AutoRun
      O33 - MountPoints2\{89919335-628a-11df-b851-00271345cb9f}\Shell\AutoRun\command - "" = D:\AutoRun.exe
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/03/08 17:41:10 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\mariana\Desktop\OTL.exe
      [2012/03/08 17:22:43 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{7B5F1016-3C2A-44B4-A3E8-E710372639EF}
      [2012/03/08 16:37:55 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{7799D2F6-EFEE-4BF0-9546-3920CBA246EF}
      [2012/03/08 16:28:07 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{1A84BC5E-9580-44CB-AAE3-DB2A7051CDF3}
      [2012/03/02 14:09:49 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{F6E3696B-855B-4AA4-99BC-2482B0AAE0DA}
      [2012/03/02 14:09:34 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{02FA8984-C3AA-4275-AAD3-D7A6730ACD18}
      [2012/03/02 14:07:57 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{57AB7098-720E-4067-96D2-AC13F1E0BC9C}
      [2012/03/02 14:07:46 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{1B07D05D-D24E-445F-8B28-DBA649B2050E}
      [2012/03/02 14:03:24 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{28A3A30A-21D9-449C-BB3E-7D6481A8BAAC}
      [2012/03/02 14:03:12 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{5BEA5A4C-92B6-412A-AF69-EAAAD4E1B937}
      [2012/03/02 13:59:59 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{6C8B0654-C2D8-4267-8D84-AFFA054E58E9}
      [2012/03/02 13:59:48 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{F773163A-2C55-4AFA-B01C-9B725E3A7EE9}
      [2012/02/26 11:13:19 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{5585737E-FE69-4425-B36C-3E6C1D758F39}
      [2012/02/26 10:59:02 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{FEED8531-F0E3-4601-A4D0-82DC8B8F2F69}
      [2012/02/26 10:58:49 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{AC16B333-9B1F-4494-B070-4F89968015EB}
      [2012/02/26 10:55:58 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{E6C951CA-B4FC-47B8-8B8B-997470968945}
      [2012/02/26 10:55:46 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{0FF023FB-492D-4069-AC70-53FC521A57EA}
      [2012/02/26 10:43:55 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{59276CEA-4B3E-4E0B-8AB0-2FF665892A61}
      [2012/02/26 10:40:28 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{8726A790-865D-40A2-AADC-17F26C10A19E}
      [2012/02/26 10:37:08 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{2BFE8E5F-4731-4C8B-A541-5A9F9719B047}
      [2012/02/26 10:36:55 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivos Bluetooth
      [2012/02/26 10:34:25 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{5A5CC509-A477-4530-9691-55BBC5C1B21A}
      [2012/02/26 10:33:14 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{E809B664-E792-406C-9395-8E1BE543176D}
      [2012/02/26 10:22:29 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{CDB673DF-4121-47CF-897F-E97793F686F8}
      [2012/02/25 11:55:49 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Roaming\kodak
      [2012/02/25 11:16:09 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{4D413EE8-82B9-4CAA-90AB-A25D69D4D36F}
      [2012/02/25 11:15:57 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{1E5023C2-0A49-4BE1-8B44-71616A856A33}
      [2012/02/24 19:06:47 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{B7B46672-BAA9-4553-BC48-61DD7D621F9D}
      [2012/02/24 19:06:36 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{7A2F22BC-41B3-49E4-B9CF-6C4D2615FD7E}
      [2012/02/23 21:51:48 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{8C3B46D1-C106-4CC7-91F0-00989BCD38D2}
      [2012/02/23 21:51:35 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{13F6FBA3-E3AB-42B2-A75D-E8212D11F9CC}
      [2012/02/21 19:14:42 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{4F2A8248-73C1-4374-9230-4CB2650DED28}
      [2012/02/21 19:14:31 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{368DB9D1-99A9-4581-8C1B-2B7BE7F4D497}
      [2012/02/20 22:35:47 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{D5DCBCAB-B8CB-48AB-AC92-C31BA9DBB686}
      [2012/02/20 22:35:35 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{AD630425-6EC9-40C8-BF5D-76D1A0C86065}
      [2012/02/19 15:23:29 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{A8DC99C2-CF8C-4CC1-9AFF-06CDBA5341A0}
      [2012/02/19 15:23:12 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{1411C64C-6FB1-4130-9B1A-FA56C6F12709}
      [2012/02/19 10:55:18 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{B724B3B8-07A9-4C4E-83B6-6C4D568AD34A}
      [2012/02/19 10:55:06 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{468B551D-395A-492A-A960-7A2296D0F25C}
      [2012/02/17 19:43:27 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{AC1B3705-A42D-463C-B86C-7B2497353466}
      [2012/02/17 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{6C31577A-1540-4FBB-A47A-BCF76980D8D1}
      [2012/02/16 22:05:47 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{7BB17796-BA7D-402E-B594-35365B9020B8}
      [2012/02/16 22:05:36 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{C8382098-149A-403C-8D54-308975B15B70}
      [2012/02/13 20:09:53 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{47B75C7B-A51B-414D-B30E-508ECC3DD99D}
      [2012/02/13 20:09:41 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{313AA04A-BD53-4067-BA5E-1DD1096850AC}
      [2012/02/08 19:07:13 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{AF686FEF-86AF-4C9C-A24F-929EBF588F22}
      [2012/02/08 19:07:01 | 000,000,000 | ---D | C] -- C:\Users\mariana\AppData\Local\{E83CD096-C4E7-41E2-9561-C25E0B48D610}

      ========== Files - Modified Within 30 Days ==========

      [2012/03/08 17:43:28 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\mariana\Desktop\OTL.com
      [2012/03/08 17:40:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
      [2012/03/08 17:40:09 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys
      [2012/03/08 17:37:20 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\mariana\Desktop\OTL.exe
      [2012/03/08 17:29:20 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/03/08 17:29:20 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/03/08 17:28:23 | 000,703,840 | ---- | M] () -- C:\windows\System32\perfh00A.dat
      [2012/03/08 17:28:23 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
      [2012/03/08 17:28:23 | 000,137,806 | ---- | M] () -- C:\windows\System32\perfc00A.dat
      [2012/03/08 17:28:23 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
      [2012/03/08 17:22:22 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
      [2012/02/26 00:19:12 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
      [2012/02/23 22:12:36 | 001,483,820 | ---- | M] () -- C:\Users\mariana\Documents\Documento2.rtf
      [2012/02/21 19:44:02 | 000,000,330 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFormariana.job
      [2012/02/20 22:38:45 | 000,002,127 | ---- | M] () -- C:\Users\mariana\Documents\recension.rtf
      [2012/02/19 14:29:14 | 000,005,556 | ---- | M] () -- C:\Users\mariana\Documents\Documento important.rtf
      [2012/02/19 13:14:08 | 000,000,411 | ---- | M] () -- C:\Users\mariana\Documents\Documento.rtf
      [2012/02/19 10:35:37 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
      [2012/02/17 19:42:18 | 000,493,912 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

      ========== Files Created - No Company Name ==========

      [2012/02/19 14:29:23 | 001,483,820 | ---- | C] () -- C:\Users\mariana\Documents\Documento2.rtf
      [2012/02/19 14:29:14 | 000,005,556 | ---- | C] () -- C:\Users\mariana\Documents\Documento important.rtf
      [2012/02/19 13:14:07 | 000,000,411 | ---- | C] () -- C:\Users\mariana\Documents\Documento.rtf
      [2012/02/19 10:35:37 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
      [2012/02/07 18:06:18 | 000,059,769 | ---- | C] () -- C:\Users\mariana\Desktop\nDeha9o3Zamyxew6j-PT.0.jpg
      [2012/02/07 18:05:29 | 000,174,808 | ---- | C] () -- C:\Users\mariana\Desktop\EcszJW8vWDzdBCpcsFN3.0.jpg
      [2012/02/07 18:05:11 | 000,073,458 | ---- | C] () -- C:\Users\mariana\Desktop\d4ovHZb1ATh_s1llQxa2.0.jpg
      [2012/02/07 18:00:51 | 002,651,603 | ---- | C] () -- C:\Users\mariana\Desktop\Dia intercambio! 007.JPG
      [2012/02/07 17:59:13 | 003,770,115 | ---- | C] () -- C:\Users\mariana\Desktop\Halloween '10 Malaga! 008 - copia.JPG
      [2012/02/07 17:58:28 | 005,781,407 | ---- | C] () -- C:\Users\mariana\Desktop\Diitaa M3C3AL!! 022.JPG
      [2012/02/07 17:58:10 | 002,781,305 | ---- | C] () -- C:\Users\mariana\Desktop\Diitaa M3C3AL!! 020.JPG
      [2012/02/07 17:57:18 | 005,536,872 | ---- | C] () -- C:\Users\mariana\Desktop\Diitaa M3C3AL!! 010.JPG
      [2010/08/15 14:26:08 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
      [2010/05/14 12:02:08 | 000,524,288 | ---- | C] () -- C:\windows\System32\xvidcore.dll
      [2010/05/14 12:02:08 | 000,139,264 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
      [2010/05/12 15:26:58 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
      [2010/05/12 15:26:57 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
      [2010/05/12 15:26:57 | 000,027,184 | ---- | C] () -- C:\windows\snuvcdsm.exe
      [2010/05/12 15:26:56 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
      [2010/05/12 15:26:56 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
      [2010/05/12 15:26:55 | 000,203,312 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

      ========== LOP Check ==========

      [2010/05/17 06:28:27 | 000,000,000 | ---D | M] -- C:\Users\mariana\AppData\Roaming\AVG9
      [2010/05/14 12:07:08 | 000,000,000 | ---D | M] -- C:\Users\mariana\AppData\Roaming\AVSMedia
      [2010/09/04 00:59:59 | 000,000,000 | ---D | M] -- C:\Users\mariana\AppData\Roaming\PhotoScape
      [2010/05/18 15:39:18 | 000,000,000 | ---D | M] -- C:\Users\mariana\AppData\Roaming\Telefónica Móviles
      [2011/03/25 17:32:38 | 000,000,000 | ---D | M] -- C:\Users\mariana\AppData\Roaming\Windows Live Writer
      [2012/02/21 19:13:56 | 000,032,540 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

      ========== Purity Check ==========



      < End of report >


      Espero que podáis ayudarme. Quedo a la espera.
      Última edición por halrac fecha: 09/03/12 a las 02:31:36

    2. #2
      Usuario Avatar de halrac
      Registrado
      mar 2012
      Ubicación
      España
      Mensajes
      5

      Re: Virus de la Policía

      Bueno, al final creo que he conseguido quitar el virus (o eso parece)

      Me extrañaba que nadie respondiera mi mensaje, así que me he buscado un poco la vida por ahí.

      Encontré un archivo .exe un poco extraño (_023_vbc.exe_x86) así que decidí borrar la carpeta en la que estaba. La ruta era la siguiente: C:\Windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319

      Reinicié el ordenador y funcionaba perfectamente. Voy a pasarle ahora el Malwarebytes Anti-Malware 1.60.1 a ver si me detecta algo más...

      Muchas gracias por vuestra impagable labor.