Virus/troyano policia nacional ( Re-abierto )

**roberchef29578** · 08/03/12, 16:58:44

hola buenas, enhorabuena a tod@s por el trabajo q haceis en esta web.
Mi nombre es Roberto, llevo 4 días sin poder quitarme el dichoso virus de la polica nacional.
He pasado en modo a prueba de fallos el antivirus Avira, el superantispyware, el combofix y el Otl y cada vez q reinicio en modo normal sale la dichosa pantalla dela policia nacional y el ukash. Agradecería muchísimo vuestra ayuda, esto me está costando grandes inconvenientes en mi trabajo. Os dejo el último reporte del Otl:

OTL logfile created on: 08/03/2012 6:30:19 - Run 2
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\ROBERTO MORA\Mis documentos\Descargas
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 111,73 Mb Available Physical Memory | 21,84% Memory free
1,47 Gb Paging File | 1,06 Gb Available in Paging File | 72,36% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 232,88 Gb Total Space | 5,18 Gb Free Space | 2,22% Space Free | Partition Type: NTFS

Computer Name: ROBERTO | User Name: ROBERTO MORA | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/07 15:43:19 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ROBERTO MORA\Mis documentos\Descargas\OTL.exe
PRC - [2011/12/09 01:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/11/05 08:13:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe
PRC - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Archivos de programa\SUPERAntiSpyware\SASCore.exe
PRC - [2004/12/14 02:40:56 | 000,031,744 | ---- | M] (Adobe Systems Incorporated) -- C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
PRC - [2004/08/19 15:42:48 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/08 05:46:50 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/03/08 05:46:50 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/03/07 10:21:31 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/02/17 09:48:43 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/05 08:13:36 | 001,989,592 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NBService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Stopped] -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/21 12:16:57 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 07:54:41 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Archivos de programa\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/07/28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MBAMSwissArmy)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2011/08/09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Archivos de programa\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/21 12:19:16 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/21 12:19:15 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/17 15:27:42 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:32 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003/08/15 08:53:12 | 000,462,684 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/08/14 16:16:38 | 000,404,736 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/02/20 02:18:36 | 000,036,608 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2001/08/23 21:03:54 | 000,025,434 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2001/08/17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1957994488-1275210071-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
IE - HKU\S-1-5-21-1957994488-1275210071-725345543-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1957994488-1275210071-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1957994488-1275210071-725345543-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109130&babsrc=SP_ss&mntrId=c0efd473000000000000000d61161266
IE - HKU\S-1-5-21-1957994488-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.es/"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109130&babsrc=adbartrp&mntrId=c0efd473000000000000000d61161266&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Archivos de programa\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Archivos de programa\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2031/02/01 17:32:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/11/02 15:32:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Archivos de programa\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/11/03 06:47:19 | 000,000,000 | ---D | M]

[2011/11/19 17:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\Mozilla\Extensions
[2012/02/23 11:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\Mozilla\Firefox\Profiles\e5pdj0mz.default\extensions
[2011/11/14 15:38:17 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\Mozilla\Firefox\Profiles\e5pdj0mz.default\searchplugins\SearchResults.xml
[2011/11/19 17:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ROBERTO MORA\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\E5PDJ0MZ.DEFAULT\EXTENSIONS\{C151D79E-E61B-4A90-A887-5A46D38FBA99}.XPI
[2011/11/05 08:13:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2012/01/30 18:36:56 | 000,002,310 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\babylon.xml
[2011/11/05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2011/11/05 04:57:33 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\drae.xml
[2011/11/05 04:57:33 | 000,001,143 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-es.xml
[2011/11/14 15:38:17 | 000,002,520 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\SearchResults.xml
[2011/11/05 04:57:33 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-es.xml
[2011/11/05 04:57:33 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2012/03/07 16:03:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Archivos de programa\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Archivos de programa\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1957994488-1275210071-725345543-1003..\Run: [RDReminder] C:\Archivos de programa\Dll-Files.com Fixer\DLLFixer.exe (Dll-FIles.Com)
O4 - HKU\S-1-5-21-1957994488-1275210071-725345543-1003..\Run: [SUPERAntiSpyware] C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\AB8F90FF-9EE0-C78B-064D-7457A09D47F6.lnk = C:\WINDOWS\system32\actmovie.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Roberto\Menú Inicio\Programas\Inicio\AB8F90FF-9EE0-C78B-064D-7457A09D47F6.lnk = C:\WINDOWS\system32\actmovie.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 54387 = C:\DOCUME~1\ALLUSE~1.WIN\LOCALS~1\Temp\msdubm.exe (Bandoo Media Inc.)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-1275210071-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957994488-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1957994488-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1957994488-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1957994488-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-21-1957994488-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1957994488-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O9 - Extra Button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Archivos de programa\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Archivos de programa\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6CE0288-2CC4-4B3A-97AF-AE06A9FD4BAE}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL) - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/02 10:42:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2031/02/01 17:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Menú Inicio\Programas\Accessories
[2031/02/01 17:41:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ROBERTO MORA\IETldCache
[2031/02/01 16:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\Malwarebytes
[2031/02/01 16:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Malwarebytes
[2031/02/01 01:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\boost_interprocess
[2012/03/07 22:04:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/07 21:33:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/03/07 21:21:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/07 21:21:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/07 21:21:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/07 21:21:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/07 21:21:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/07 16:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\Avira
[2012/03/07 16:06:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ROBERTO MORA\Reciente
[2012/03/07 16:03:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/07 14:17:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ROBERTO MORA\Recent
[2012/03/07 10:48:59 | 000,000,000 | -H-D | C] -- C:\Archivos de programa\InstallShield Installation Information
[2012/03/07 10:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\SUPERAntiSpyware.com
[2012/03/07 10:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\SUPERAntiSpyware.com
[2012/03/07 10:20:44 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SUPERAntiSpyware
[2012/03/06 22:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Avira
[2012/03/06 22:11:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/03/06 22:11:50 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/03/06 22:11:50 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/03/06 22:11:50 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2012/03/06 22:11:50 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2012/03/06 22:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Avira
[2012/03/06 22:11:45 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Avira
[2012/03/06 20:51:25 | 000,000,000 | ---D | C] -- C:\Archivos de programa\GridinSoft Trojan Killer
[2012/03/06 19:48:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/06 19:46:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/06 19:46:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ROBERTO MORA\Menú Inicio\Programas\Herramientas administrativas
[2012/03/06 18:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\kodak
[2012/03/06 18:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Local Settings
[2012/03/06 11:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Nero
[2012/03/06 11:53:27 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2012/03/06 11:53:23 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2012/03/05 11:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Configuración local\Datos de programa\VS Revo Group
[2012/03/05 11:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Revo Uninstaller Pro
[2012/03/05 11:18:07 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2012/03/05 11:18:01 | 000,000,000 | ---D | C] -- C:\Archivos de programa\VS Revo Group
[2012/02/29 11:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Escritorio\GAK ASAMBLEA FEB2012 colab. voluntario
[2012/02/18 14:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Mis documentos\BANCA ÉTICA
[2012/02/17 13:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Dll-Files.com Fixer
[2012/02/17 13:06:00 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Dll-Files.com Fixer
[2012/02/17 13:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\dll-files.com
[2012/02/16 15:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Microsoft Silverlight
[2012/02/10 20:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\FreeCDRipper

========== Files - Modified Within 30 Days ==========

[2031/02/01 17:32:22 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Mozilla Firefox.lnk
[2012/03/07 22:00:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/07 16:05:00 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B07B0946-184F-45D3-8774-AA4D482D759A}.job
[2012/03/07 16:03:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/03/07 15:18:48 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/07 13:59:57 | 000,000,540 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task ed7780e1-a678-4f2e-aca6-74f52ca6428b.job
[2012/03/07 13:59:57 | 000,000,540 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task e3b43a2e-2f2b-4bb3-84a5-6307a78ea6ac.job
[2012/03/07 13:57:21 | 000,000,177 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2012/03/07 10:49:26 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\AvRack.lnk
[2012/03/07 10:20:53 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\SUPERAntiSpyware Professional.lnk
[2012/03/06 22:12:10 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Avira AntiVir Control Center.lnk
[2012/03/06 20:45:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/06 19:49:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/06 11:54:53 | 000,001,316 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Nero StartSmart.lnk
[2012/03/05 20:26:33 | 001,220,106 | ---- | M] () -- C:\Documents and Settings\ROBERTO MORA\Escritorio\entradas WUM Festival.pdf
[2012/03/05 11:18:08 | 000,000,974 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Revo Uninstaller Pro.lnk
[2012/02/29 13:06:14 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\DLL-files.com Fixer_UPDATES.job
[2012/02/17 13:06:07 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\ROBERTO MORA\Escritorio\DLL-Files.com FIXER.lnk
[2012/02/16 11:15:34 | 173,021,096 | ---- | M] () -- C:\Documents and Settings\ROBERTO MORA\Escritorio\The Hi-Fly Orchestra Live!!.mp3

========== Files Created - No Company Name ==========

[2012/03/07 21:21:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/07 21:21:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/07 21:21:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/07 21:21:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/07 21:21:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/07 10:21:18 | 000,000,540 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task ed7780e1-a678-4f2e-aca6-74f52ca6428b.job
[2012/03/07 10:21:18 | 000,000,540 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task e3b43a2e-2f2b-4bb3-84a5-6307a78ea6ac.job
[2012/03/07 10:20:53 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\SUPERAntiSpyware Professional.lnk
[2012/03/06 22:12:10 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Avira AntiVir Control Center.lnk
[2012/03/06 19:49:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/06 19:48:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/06 11:54:53 | 000,001,316 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Nero StartSmart.lnk
[2012/03/05 20:26:31 | 001,220,106 | ---- | C] () -- C:\Documents and Settings\ROBERTO MORA\Escritorio\entradas WUM Festival.pdf
[2012/03/05 11:18:08 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Revo Uninstaller Pro.lnk
[2012/02/17 13:06:42 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\DLL-files.com Fixer_UPDATES.job
[2012/02/17 13:06:07 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\ROBERTO MORA\Escritorio\DLL-Files.com FIXER.lnk
[2012/02/16 10:53:47 | 173,021,096 | ---- | C] () -- C:\Documents and Settings\ROBERTO MORA\Escritorio\The Hi-Fly Orchestra Live!!.mp3
[2011/11/10 20:34:35 | 000,159,492 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2011/11/10 20:34:35 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2011/11/05 19:46:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/02 15:58:15 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\ROBERTO MORA\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/02 15:30:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/11/02 12:55:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2011/11/02 12:49:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2011/11/02 11:14:08 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/11/02 11:04:47 | 000,000,177 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2011/11/02 10:46:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/02 10:38:54 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/23 06:11:27 | 000,120,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat

========== LOP Check ==========

[2008/12/09 23:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Azureus
[2011/08/08 23:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Bluetooth
[2010/09/07 14:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\Nokia
[2010/09/07 13:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\NokiaInstallerCache
[2010/09/07 14

33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\PC Suite
[2011/10/31 13:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Datos de programa\TEMP
[2012/01/30 18:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Babylon
[2031/02/01 01:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\boost_interprocess
[2011/11/03 06:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\ESET
[2009/10/30 19:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Datos de programa\Audacity
[2009/06/26 18:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Datos de programa\Azureus
[2010/08/11 22:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Datos de programa\FileZilla
[2008/07/11 22:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Datos de programa\MSNInstaller
[2011/10/24 03:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Datos de programa\Nokia
[2010/09/29 12:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Datos de programa\Nokia Ovi Suite
[2010/09/07 14:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Datos de programa\PC Suite
[2008/10/16 19:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Datos de programa\Softplicity
[2011/05/17 11:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Datos de programa\URSoft
[2008/11/17 21:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roberto\Datos de programa\uTorrent
[2012/01/30 18:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\Babylon
[2012/02/17 13:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\dll-files.com
[2011/11/14 15:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\FreeAudioPack
[2012/02/10 20:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\FreeCDRipper
[2011/11/26 20:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\searchquband
[2011/11/02 15:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\URSoft
[2012/02/29 13:06:14 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\DLL-files.com Fixer_UPDATES.job
[2012/03/07 13:59:57 | 000,000,540 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e3b43a2e-2f2b-4bb3-84a5-6307a78ea6ac.job
[2012/03/07 13:59:57 | 000,000,540 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task ed7780e1-a678-4f2e-aca6-74f52ca6428b.job
[2012/03/07 16:05:00 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B07B0946-184F-45D3-8774-AA4D482D759A}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:C4252FE0
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:B3D74A13
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:1CE11B51

< End of report >

**Javierhf** · 08/03/12, 18:06:56

Buenas

roberchef29578.

al Foro.

Temas que interesa revisar y leer :

Consejos para antes de publicar un nuevo mensaje.

Políticas del Foro de InfoSpyware.

Políticas Foro Oficial de HijackThis en español.

¿Cómo subir imágenes al Foro? *TUTORIAL*
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ahora vamos al problema :

Ejecuta de nuevo OTL.exe

Copia y Pega el código que está dentro del recuadro de abajo en la sección Análisis Personalizado / Código de Reparación.

Código:

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 54387 = C:\DOCUME~1\ALLUSE~1.WIN\LOCALS~1\Temp\msdubm.exe (Bandoo Media Inc.)
[2012/03/06 18:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\kodak
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:C4252FE0
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:B3D74A13
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Datos de programa\TEMP:1CE11B51

:Files
ipconfig /flushdns /c 

:Commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]

Presiona el Botón Reparar para lanzar la eliminación. Presionas OK.

OTL va a Reiniciar el ordenador para completar la eliminación.

Guardas el nuevo reporte generado. Lo copias y pegas en Tu próxima respuesta y nos comentas como sigue el ordenador ahora, en relación al problema planteado.

Saludos.

**roberchef29578** · 09/03/12, 19:02:00

buenas! parece q ha desaparecido el dichoso virus de la policia, cuando he reiniciado el ordenar me iba lentísimo, incluso estaba como bloqueado, pero no salía el dicho cartelito de la policia/ukash pidiendote dinero, he vuelto a reiniciar, he pasado el dll flies.com FIXER y ahora parece q va bien.

Os dejo el reporte y os agradezco enormemente la ayuda, no tengo palabras.

De todo corazón, muchisimas gracias!

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\54387 deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Local Settings\Temp\msdubm.exe moved successfully.
C:\Documents and Settings\ROBERTO MORA\Datos de programa\kodak folder moved successfully.
ADS C:\Documents and Settings\All Users\Datos de programa\TEMP:C4252FE0 deleted successfully.
ADS C:\Documents and Settings\All Users\Datos de programa\TEMP:B3D74A13 deleted successfully.
ADS C:\Documents and Settings\All Users\Datos de programa\TEMP:1CE11B51 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configuración IP de Windows
Se vació con éxito la caché de resolución de DNS.
C:\Documents and Settings\ROBERTO MORA\Mis documentos\Descargas\cmd.bat deleted successfully.
C:\Documents and Settings\ROBERTO MORA\Mis documentos\Descargas\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

**Javierhf** · 09/03/12, 20:34:30

Perfecto,

me alegra ver que esta el tema arreglado.

Solo resta que hagas lo siguiente :

Ejecuta de nuevo OTL.exe y presionas el Botón Limpiar.

Esto Eliminará del sistema a OTL.exe y sus archivos creados y eliminados.

Te pedirá reiniciar el ordenador, debes pulsar SI.

Y ahora ya podemos dar el tema por terminado.

Si necesitas reabrir el tema, pulsa en

a la derecha de cualquier mensaje del tema y solicítalo. Un Moderad@r atenderá tu consulta.
Como Reportar Mensajes?.

Te recomendamos mantenerte informado en: InfoSpyware Blog y seguirnos en nuestras vías de difusión: E-Mail - Facebook - Twitter

Saludos, Javier.

**SanMar** · 11/03/12, 22:31:39

Hola chicos:

A pedido del usuario se re-abre el tema.

Hola buenas, gracias de nuevo por la ayuda, seguí tus instrucciones con el Otl y le di a limpiar.
De todas formas,parece q hay algo q no va bien, pq me va lentísimo el sistema operativo, hay dos cosas q me llaman la atención y q veo q consumen mucha Ram:

-ekr.exe (tuve el eset nod32 pero lo desisntalé con el revo uninstaller pro tras pillar el virus e instalé después el avira)

-firefox.exe (con solo tener 2 ventanas abiertas) se dispara a 125-130kb

- wuauclt.exe (se va a los 120 kb o más y tengo las actualizaciones de windows desactivadas)

Mi ordenador es un poco viejuno (512 Mb ram) pero antes de pillar el virus no le pasaba esto.

Gracias por la atención

Salu2.

**Javierhf** · 12/03/12, 06:04:49

Buenas, vamos a verificar tu equipo de nuevo con OTL.

Descargar OTL By OldTimer

>>> Para Ejecutar OTL

Cerrar todos programas que tengas abiertos y hacer doble click en el ícono de OTL para ejecutarlo.
Dejarlo correr y esperar a que aparezca el menú de OTL..
Cuando salga el menú de OTL, solo debes cambiar debajo de: "Tipo de Análisis" poniendo Resultado Mínimo.
Marcar las opciones: Buscar LOP y Buscar Purity.
Marcar las Opciones >> Omitir Archivos De Microsoft y Usar Listado de Compañías Reconocidas.
Copiar y Pegar el siguiente script bajo la casilla Análisis Personalizados/Código de Reparación:

NOTA: No copiar la palabra Cita.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
CREATERESTOREPOINT
Por favor No cambies el resto de la configuración a menos que te lo solicitemos.

Presionar el botón >> .
Una vez que termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt. Éstos archivos estarán grabados en el mismo lugar donde OTL.exe fue descargado.
Copiar y pegar el contenido del archivo OTL.txt en tu próxima respuesta.

Saludos, Javier.

**roberchef29578** · 12/03/12, 18:23:00

Hola buenas, ahí te dejo lo q me pediste, muchas gracias por tu atención.

OTL logfile created on: 12/03/2012 23

32 - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\ROBERTO MORA\Mis documentos\Descargas
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 187,09 Mb Available Physical Memory | 36,58% Memory free
1,47 Gb Paging File | 0,94 Gb Available in Paging File | 64,01% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Archivos de programa
Drive C: | 232,88 Gb Total Space | 5,30 Gb Free Space | 2,28% Space Free | Partition Type: NTFS

Computer Name: ROBERTO | User Name: ROBERTO MORA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\ROBERTO MORA\Mis documentos\Descargas\OTL.exe (OldTimer Tools)
PRC - C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Archivos de programa\Eset\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Archivos de programa\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Archivos de programa\Winamp\winampa.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Archivos de programa\Mozilla Firefox\mozjs.dll ()
MOD - C:\Archivos de programa\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Archivos de programa\Winamp\winampa.exe ()
MOD - C:\Archivos de programa\WinRAR\rarext.dll ()

========== Win32 Services (SafeList) ==========

SRV - (NBService) -- File not found
SRV - (HidServ) -- File not found
SRV - (ekrn) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (AntiVirService) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CCALib8) -- C:\Archivos de programa\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ose) -- C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MBAMSwissArmy) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation )
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109130&babsrc=SP_ss&mntrId=c0efd473000000000000000d61161266
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.es/"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109130&babsrc=adbartrp&mntrId=c0efd473000000000000000d61161266&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Archivos de programa\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Archivos de programa\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Archivos de programa\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Archivos de programa\Mozilla Firefox\components [2031/02/01 17:32:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Archivos de programa\Mozilla Firefox\plugins [2011/11/02 15:32:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Archivos de programa\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/11/03 06:47:19 | 000,000,000 | ---D | M]

[2011/11/19 17:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\Mozilla\Extensions
[2012/03/10 11:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\Mozilla\Firefox\Profiles\e5pdj0mz.default\extensions
[2011/11/14 15:38:17 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\Mozilla\Firefox\Profiles\e5pdj0mz.default\searchplugins\SearchResults.xml
[2011/11/19 17:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ROBERTO MORA\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\E5PDJ0MZ.DEFAULT\EXTENSIONS\{C151D79E-E61B-4A90-A887-5A46D38FBA99}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ROBERTO MORA\DATOS DE PROGRAMA\MOZILLA\FIREFOX\PROFILES\E5PDJ0MZ.DEFAULT\EXTENSIONS\[email protected]
[2011/11/05 08:13:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Archivos de programa\mozilla firefox\components\browsercomps.dll
[2012/01/30 18:36:56 | 000,002,310 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\babylon.xml
[2011/11/05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\bing.xml
[2011/11/05 04:57:33 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\drae.xml
[2011/11/05 04:57:33 | 000,001,143 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\eBay-es.xml
[2011/11/14 15:38:17 | 000,002,520 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\SearchResults.xml
[2011/11/05 04:57:33 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\wikipedia-es.xml
[2011/11/05 04:57:33 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\mozilla firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2012/03/10 00:27:17 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Archivos de programa\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Archivos de programa\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe ()
O4 - HKCU..\Run: [RDReminder] C:\Archivos de programa\Dll-Files.com Fixer\DLLFixer.exe (Dll-FIles.Com)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra Button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Archivos de programa\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Archivos de programa\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6CE0288-2CC4-4B3A-97AF-AE06A9FD4BAE}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Felicidad.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/02 10:42:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2031/02/01 17:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Menú Inicio\Programas\Accessories
[2031/02/01 17:41:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ROBERTO MORA\IETldCache
[2031/02/01 16:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\Malwarebytes
[2031/02/01 16:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Malwarebytes
[2031/02/01 01:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\boost_interprocess
[2012/03/11 15:35:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ROBERTO MORA\Recent
[2012/03/10 12:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Tracing
[2012/03/10 12:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Microsoft Office Live Add-in
[2012/03/10 12:39:20 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Microsoft
[2012/03/10 12:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documentos\microsoft
[2012/03/10 12:38:57 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Windows Live SkyDrive
[2012/03/10 12:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\MSN6
[2012/03/10 12:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\MSN6
[2012/03/07 22:04:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/07 21:33:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/03/07 16:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\Avira
[2012/03/07 10:48:59 | 000,000,000 | -H-D | C] -- C:\Archivos de programa\InstallShield Installation Information
[2012/03/07 10:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\SUPERAntiSpyware.com
[2012/03/07 10:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\SUPERAntiSpyware.com
[2012/03/06 22:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Avira
[2012/03/06 22:11:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/03/06 22:11:50 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/03/06 22:11:50 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/03/06 22:11:50 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2012/03/06 22:11:50 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2012/03/06 22:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Avira
[2012/03/06 22:11:45 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Avira
[2012/03/06 20:51:25 | 000,000,000 | ---D | C] -- C:\Archivos de programa\GridinSoft Trojan Killer
[2012/03/06 19:48:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/06 19:46:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/06 19:46:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ROBERTO MORA\Menú Inicio\Programas\Herramientas administrativas
[2012/03/06 18:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Local Settings
[2012/03/06 11:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Nero
[2012/03/06 11:53:27 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2012/03/06 11:53:23 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2012/03/05 11:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Configuración local\Datos de programa\VS Revo Group
[2012/03/05 11:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Revo Uninstaller Pro
[2012/03/05 11:18:07 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2012/03/05 11:18:01 | 000,000,000 | ---D | C] -- C:\Archivos de programa\VS Revo Group
[2012/02/29 11:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Escritorio\GAK ASAMBLEA FEB2012 colab. voluntario
[2012/02/18 14:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Mis documentos\BANCA ÉTICA
[2012/02/17 13:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Dll-Files.com Fixer
[2012/02/17 13:06:00 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Dll-Files.com Fixer
[2012/02/17 13:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\dll-files.com
[2012/02/16 15:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menú Inicio\Programas\Microsoft Silverlight

========== Files - Modified Within 30 Days ==========

[2031/02/01 17:32:22 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Mozilla Firefox.lnk
[2012/03/12 23:18:00 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B07B0946-184F-45D3-8774-AA4D482D759A}.job
[2012/03/12 22:47:53 | 000,000,177 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2012/03/12 09:09:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/12 09:09:55 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/11 15:46:57 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\AvRack.lnk
[2012/03/11 14:16:41 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/11 13:12:42 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/11 11:46:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/10 00:27:17 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/03/06 22:12:10 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Avira AntiVir Control Center.lnk
[2012/03/06 19:49:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/06 11:54:53 | 000,001,316 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Nero StartSmart.lnk
[2012/03/05 11:18:08 | 000,000,974 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Revo Uninstaller Pro.lnk
[2012/02/29 13:06:14 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\DLL-files.com Fixer_UPDATES.job
[2012/02/17 13:06:07 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\ROBERTO MORA\Escritorio\DLL-Files.com FIXER.lnk
[2012/02/16 11:15:34 | 173,021,096 | ---- | M] () -- C:\Documents and Settings\ROBERTO MORA\Escritorio\The Hi-Fly Orchestra Live!!.mp3

========== Files Created - No Company Name ==========

[2012/03/10 00:28:22 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/06 22:12:10 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Avira AntiVir Control Center.lnk
[2012/03/06 19:49:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/06 19:48:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/06 11:54:53 | 000,001,316 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Nero StartSmart.lnk
[2012/03/05 11:18:08 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Escritorio\Revo Uninstaller Pro.lnk
[2012/02/17 13:06:42 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\DLL-files.com Fixer_UPDATES.job
[2012/02/17 13:06:07 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\ROBERTO MORA\Escritorio\DLL-Files.com FIXER.lnk
[2012/02/16 10:53:47 | 173,021,096 | ---- | C] () -- C:\Documents and Settings\ROBERTO MORA\Escritorio\The Hi-Fly Orchestra Live!!.mp3
[2011/11/10 20:34:35 | 000,159,492 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2011/11/10 20:34:35 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2011/11/05 19:46:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/02 15:58:15 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\ROBERTO MORA\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/02 15:30:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/11/02 12:55:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2011/11/02 12:49:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2011/11/02 11:14:08 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/11/02 11:04:47 | 000,000,177 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2011/11/02 10:46:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/02 10:38:54 | 000,021,900 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/23 06:11:27 | 000,120,304 | ---- | C] () -- C:\Documents and Settings\LocalService\Configuración local\Datos de programa\FontCache3.0.0.0.dat

========== LOP Check ==========

[2012/01/30 18:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\Babylon
[2031/02/01 01:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\boost_interprocess
[2011/11/03 06:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Datos de programa\ESET
[2012/01/30 18:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\Babylon
[2012/02/17 13:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\dll-files.com
[2011/11/14 15:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\FreeAudioPack
[2012/02/10 20:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\FreeCDRipper
[2011/11/26 20:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\searchquband
[2011/11/02 15:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ROBERTO MORA\Datos de programa\URSoft
[2012/02/29 13:06:14 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\DLL-files.com Fixer_UPDATES.job
[2012/03/12 23:18:00 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B07B0946-184F-45D3-8774-AA4D482D759A}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/11/02 10:42:47 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/11/02 17:43:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/03/06 19:49:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2001/10/14 06:25:22 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/11/02 10:42:47 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/12/20 18:28:04 | 000,000,025 | ---- | M] () -- C:\csb.log
[2012/03/12 09:09:55 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/02 10:42:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/11/02 10:42:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/11/02 17:34:22 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/11/02 17:34:22 | 000,250,640 | RHS- | M] () -- C:\ntldr
[2012/03/12 09:09:55 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2012/03/07 22:27:54 | 000,000,359 | ---- | M] () -- C:\rkill.log

< End of report >

**Javierhf** · 12/03/12, 18:58:20

Me puedes indicar que antivirus usas(si es con licencia) y también cuantos has tenido anteriormente al que uses en la actualidad.

Saludos.

**roberchef29578** · 13/03/12, 09:32:32

hola buenas, utilizo el avira antivirus personal (free antivirus)

**roberchef29578** · 13/03/12, 09:38:03

anteriormente usé el eset nod 32 y más atrás el kaspersky, el ordenador tiene 8 años y he tenido otros pero después del último formateo sino recuerdo mal solo he usado esos dos anteriormente citados más el avira q tengo ahora.
Mirando en administrador de tareas-procesos veo q me consume mucha ram el:
pluggin-container.exe (me llega hasta casi a los 200kb cuando navego con el firefox

Virus/troyano policia nacional ( Re-abierto )

Herramientas

Virus/troyano policia nacional ( Re-abierto )

Re: virus/troyano policia nacional

Re: virus/troyano policia nacional

Re: virus/troyano policia nacional

Re: Virus/troyano policia nacional ( Re-abierto )

Re: Virus/troyano policia nacional ( Re-abierto )

Re: Virus/troyano policia nacional ( Re-abierto )

Re: Virus/troyano policia nacional ( Re-abierto )

Re: Virus/troyano policia nacional ( Re-abierto )

Re: Virus/troyano policia nacional ( Re-abierto )