Virus sgae-policia

**papitayranita** · 31/05/12, 02:47:22

Yo tengo el mismo problema.
He pasado el Karpesky rescue 10 y me dejo de salir la pantalla blanca,pero en cualquier modo me sale la pantalla negra en la que si puedo mover el raton,pero no aparece mas nada,asi que me baje el polifix,ya que ahora si me deja iniciar el administrador de tareas,ejecute el polifix y cuando termino me reinicio el ordenador.
Por ahora sigue todo igual,la pantalla negra y sin iconos ni nada,solo puedo ejecutar cosas desde el administrador de tareas.
Tambien ejecute y actualize el malwarebytes,pero este no encuentra nada.
Hay alguna solucion?

**ElPiedra** · 31/05/12, 05:19:25

Hola papitayranita,

Si tienes acceso al "Símbolo del Sistema" poder probar con la nueva versión de nuestra herramienta PoliFix 2.0.3 siguiendo los pasos descritos en nuestra:

Cómo eliminar el "Virus de la Policía" (Ransomware SGAE).

También puedes generar y dejarnos un reporte de OTL

Salu2

PD//Otra utilidad de LiveCD que estamos probando con aparentes buenos resultados es: PandaRescueDisk.ISO.

**papitayranita** · 31/05/12, 12:27:16

Buenas,he seguido todos los pasos y nada,y en el simbolo de sistema e ejecutado el polifix 2.0.3 y la cosa sigue igual.Tambien e de decirte que en el modo de simbolo de sistema y de prueba de errores tampoco me salen iconos en el escritorio,todo sale negro y el boton derecho del raton no funciona,asi que he ejecutado polifix con el administrador de tareas.
Tambien he usado el cd del doctor web,me encuentra varios troyanos y le doy a cure,pero tampoco lo soluciona.
El ultimo paso que he realizado es pasar el OTL,y el reporte es el siguiente:

OTL logfile created on: 5/31/2012 6:18:57 PM - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Daniel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: España | Language: ESN | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 76.07% Memory free
7.50 Gb Paging File | 6.57 Gb Available in Paging File | 87.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.88 Gb Total Space | 155.75 Gb Free Space | 16.95% Space Free | Partition Type: NTFS
Drive D: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: DANIEL-HP | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012/05/31 18:06:21 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/03 15

42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2010/01/25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/22 08:36:20 | 002,421,384 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV:64bit: - [2010/11/20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/08/09 04:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2010/01/04 15:32:34 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/01/04 15:32:32 | 000,502,888 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/07/14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/14 03:39:46 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\incdrm.dll -- (w200mdm)
SRV - [2012/04/16 13:54:15 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 15

42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/07/14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/05 14

11 | 000,161,032 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2012/01/05 00:54:58 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/11/30 19:37:29 | 000,128,264 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2011/11/23 10:59:45 | 000,149,768 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2011/09/02 22:29:54 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2011/09/02 22:29:52 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2011/06/02 07:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 07:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/06/02 07:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/04/28 13:57:43 | 000,121,928 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2011/04/28 13:57:42 | 000,114,760 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 01:05:13 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/12/21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/12/21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/12/21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/09/15 10:42:12 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/09/15 10:33:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/08/19 20:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/25 16:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/10/28 03

02 | 000,346,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02

33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/07/06 16:33:50 | 000,019,456 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw95rc.sys -- (hcw95rc)
DRV:64bit: - [2009/07/06 16:32:36 | 000,658,432 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw95bda.sys -- (hcw95bda)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/08/13 20:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2006/12/26 14:54:37 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2006/12/26 14:54:33 | 000,013,520 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2010/09/15 10:33:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/12/26 14:54:37 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D57FCAC6-C66E-4421-93BF-86ABBDEEA303}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/10
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{D57FCAC6-C66E-4421-93BF-86ABBDEEA303}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\SearchScopes\{71868739-05E4-4030-8735-BF3B475D0CF5}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q="
FF - prefs.js..network.proxy.http: "64.66.192.61"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/17 07:04:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/10 22:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2012/04/29 11:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\mvrnnw1e.default\extensions
[2012/03/07 06:47:11 | 000,000,000 | ---D | M] (Ð¡Ð¿ÑƒÑ‚Ð½Ð¸Ðº @Mail.Ru) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\mvrnnw1e.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
[2012/03/07 06:47:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\mvrnnw1e.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/04/29 11:57:51 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\mvrnnw1e.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/03/07 06:47:11 | 000,000,000 | ---D | M] (uTorrentBar_ES Community Toolbar) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\mvrnnw1e.default\extensions\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}
[2012/05/31 19:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\mvrnnw1e.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011/10/17 07:03:51 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\mvrnnw1e.default\extensions\[email protected]
[2012/01/26 18:33:07 | 000,002,515 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mvrnnw1e.default\searchplugins\Search_Results.xml
[2011/10/17 18:51:01 | 000,003,915 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mvrnnw1e.default\searchplugins\sweetim.xml
[2012/05/10 18:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/03/07 06:46:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
[2011/09/30 15:21:36 | 000,627,675 | ---- | M] () (No name found) -- C:\USERS\DANIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVRNNW1E.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/09/15 18:53:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/06 15:54:50 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/16 13:54:41 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/10/15 18:19:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/15 18:19:00 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
[2011/10/15 18:19:00 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
[2012/01/26 18:33:07 | 000,002,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2011/10/15 18:19:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
[2011/10/15 18:19:00 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

========== Chrome ==========

CHR - default_search_provider: Iminent (Enabled)
CHR - default_search_provider: search_url = http://search.iminent.com/?appId=C6DB066E-9587-4E87-A152-34A049AB2D5E&ref=toolbox&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: B\u00FAsqueda de Google = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/04 16:58:51 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - !{09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\Toolbar\WebBrowser: (no name) - {DB131C55-60C8-4ADC-84DC-9E76AB06E2DC} - No CLSID value found.
O3 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-3625829785-3437948206-3064859591-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Buscar en la web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Buscar en la web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {61FA0CB0-0806-46EA-B784-0F843285BA23} http://estaticosak1.tuenti.com/client_apps/3_TuentiPhotoUploader.31740.cab (TuentiFotoUploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.42.230.24 62.42.63.52
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A919BB0-BF87-4EB1-AEAF-D2FA8A293B14}: DhcpNameServer = 62.42.230.24 62.42.63.52
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (C:\Users\Daniel\AppData\Local\Temp\opret0l.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O31 - SafeBoot: AlternateShell - C:\Users\Daniel\AppData\Local\Temp\opret0l.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{62751497-e7de-11df-9bb7-7071bc2e162b}\Shell - "" = AutoRun
O33 - MountPoints2\{62751497-e7de-11df-9bb7-7071bc2e162b}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 7 Days ==========

[2012/05/31 18:06:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2012/05/29 23:28:45 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/05/29 15:23:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\.WebSigner
[2012/05/28 21:19:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\A Dos Metros Bajo Tierra-1
[2012/05/25 17:24:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\NCAA Basketball 09 MME

========== Files - Modified Within 7 Days ==========

[2012/05/31 18:13:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/31 18:13:29 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/31 18:12:39 | 000,611,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/31 18:12:39 | 000,102,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/31 18:07:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/31 18:07:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/31 18:06:21 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2012/05/31 18:05:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1006UA.job
[2012/05/31 09:09:23 | 001,555,882 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/31 09:09:23 | 000,703,824 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/05/31 09:09:23 | 000,137,822 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/05/31 08:59:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1004UA.job
[2012/05/31 08:59:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1004Core.job
[2012/05/31 08:47:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1005UA.job
[2012/05/31 08:40:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1001UA.job
[2012/05/31 08:30:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1003UA.job
[2012/05/31 08:23:03 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/29 20:00:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1003UA.job
[2012/05/29 15:30:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1003Core.job
[2012/05/29 15:26:14 | 000,234,516 | ---- | M] () -- C:\Users\Daniel\Documents\destinos madrid.pdf
[2012/05/29 12:05:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1006Core.job
[2012/05/29 11:00:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1003Core.job
[2012/05/28 23:40:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1001Core.job
[2012/05/28 15:57:18 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDaniel.job
[2012/05/28 09:47:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1005Core.job

========== Files Created - No Company Name ==========

[2012/05/29 15:26:12 | 000,234,516 | ---- | C] () -- C:\Users\Daniel\Documents\destinos madrid.pdf
[2012/05/27 11:55:49 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDaniel.job
[2012/01/24 14:02:22 | 000,000,448 | -H-- | C] () -- C:\ProgramData\GolksVyHYDoZE9
[2012/01/24 13:46:31 | 000,000,456 | ---- | C] () -- C:\ProgramData\s74G8nDNhNmFta
[2012/01/05 00:58:16 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2011/11/28 19:40:27 | 000,000,105 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2011/09/16 12:17:13 | 000,000,275 | ---- | C] () -- C:\Users\Daniel\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/09/06 14:25:32 | 000,000,000 | ---- | C] () -- C:\Windows\topocr-demo.INI
[2011/07/10 19:47:09 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/03/08 14:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/03/08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/03/08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/03/08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/03/08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/01/12 19:39:16 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2010/12/06 15:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2010/09/06 16:53:01 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/03 18:04:15 | 000,000,848 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\wklnhst.dat
[2010/09/02 18:05:18 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/09/02 18:05:16 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/02 18:05:16 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/09/02 18:05:15 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/09/02 17:58:08 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/07/13 05:13:02 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:75D58DE6FB98B89C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8DAF83BD
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

Se te ocurre que mas puedo hacer?Gracias por tu ayuda

**ElPiedra** · 01/06/12, 05:48:52

Hola papitayranita,

Hay muchas entradas en el registro de faltantes de archivos y demás cosas...

Intenta ejecutar ComboFix en lugar de OTL a ver si te deja:

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

Desactiva temporalmente el Antivirus y/o Antispyware.
Cierra todas las ventanas abiertas.
Hacerle doble clic al archivo ComboFix.exe y seguí las instrucciones.
Cuando termine, generara un registro en C:\ComboFix.txt.
- *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
- *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.

Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Salu2

**papitayranita** · 01/06/12, 07:50:10

Wenas,el reporte de combofix es el siguiente:

ComboFix 12-06-01.01 - Daniel 01/06/2012 12:52:44.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.3839.2589 [GMT 2:00]
Running from: c:\users\Daniel\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender
c:\users\Daniel\AppData\Local\39524c4e\U
c:\users\Daniel\AppData\Local\39524c4e\U\80000000.@
c:\users\Daniel\AppData\Roaming\froot
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Defender
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Daniel\Documents\Internet Explorer.lnk
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-06-01 11:03 . 2012-06-01 11:23 -------- d-----w- c:\users\Daniel\AppData\Local\temp
2012-06-01 11:03 . 2012-06-01 11:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-01 05:39 . 2012-06-01 05:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-01 05:38 . 2012-06-01 05:38 -------- d-----w- c:\program files (x86)\Oracle
2012-06-01 05:38 . 2012-04-04 16:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-29 21:28 . 2012-05-30 23:29 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-05-29 13:23 . 2012-05-29 13:23 -------- d-----w- c:\users\Daniel\.WebSigner
2012-05-19 07:39 . 2012-05-19 12:44 -------- d-----w- c:\programdata\F4D561F30003F13B001EBA2AB4EB2367
2012-05-11 10:09 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 10:09 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 10:09 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 10:09 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 10:09 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 10:09 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 10:08 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 10:08 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 10:08 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 10:08 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 10:08 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 10:08 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 10:08 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 07:40 . 2012-06-01 02:56 -------- d-----w- c:\users\Marco
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-16 11:54 . 2012-04-16 11:54 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-16 11:54 . 2011-06-02 15:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2012-03-01 19:10 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 09:19 . 2009-08-18 19:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-03-27 09:19 . 2009-08-18 18:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-08 22:19 . 2012-03-08 22:19 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-08 22:19 . 2012-03-08 22:19 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-08 22:19 . 2012-03-08 22:19 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-08 22:19 . 2012-03-08 22:19 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-08 22:19 . 2012-03-08 22:19 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-08 22:19 . 2012-03-08 22:19 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-08 22:19 . 2012-03-08 22:19 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-08 22:19 . 2012-03-08 22:19 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-08 22:19 . 2012-03-08 22:19 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-08 22:19 . 2012-03-08 22:19 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-08 22:19 . 2012-03-08 22:19 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-08 22:19 . 2012-03-08 22:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-08 22:19 . 2012-03-08 22:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-08 22:19 . 2012-03-08 22:19 448512 ----a-w- c:\windows\system32\html.iec
2012-03-08 22:19 . 2012-03-08 22:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-08 22:19 . 2012-03-08 22:19 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-08 22:19 . 2012-03-08 22:19 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-08 22:19 . 2012-03-08 22:19 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-08 22:19 . 2012-03-08 22:19 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-08 22:19 . 2012-03-08 22:19 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-08 22:19 . 2012-03-08 22:19 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-08 22:19 . 2012-03-08 22:19 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-08 22:19 . 2012-03-08 22:19 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-08 22:19 . 2012-03-08 22:19 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-08 22:19 . 2012-03-08 22:19 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-08 22:19 . 2012-03-08 22:19 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-08 22:19 . 2012-03-08 22:19 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-08 22:19 . 2012-03-08 22:19 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-08 22:19 . 2012-03-08 22:19 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-08 22:19 . 2012-03-08 22:19 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-08 22:19 . 2012-03-08 22:19 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-08 22:19 . 2012-03-08 22:19 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-08 22:19 . 2012-03-08 22:19 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-08 22:19 . 2012-03-08 22:19 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-07 15:05 . 2012-02-29 22:14 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-21 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 253088]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-03-22 2421384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [x]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-15 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 11:54]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1001Core.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 13:30]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1001UA.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 13:30]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1003Core.job
- c:\users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 10:00]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1003UA.job
- c:\users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 10:00]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1005Core.job
- c:\users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 10:00]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1005UA.job
- c:\users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 10:00]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1006Core.job
- c:\users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 10:00]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625829785-3437948206-3064859591-1006UA.job
- c:\users\Marco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 10:00]
.
2012-05-28 c:\windows\Tasks\HPCeeScheduleForDaniel.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.
.
--------- x86-64 -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wusb54gv2svc
rpskt
w200mdm
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.es/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Buscar en la web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 62.42.230.24 62.42.63.52
DPF: {61FA0CB0-0806-46EA-B784-0F843285BA23} - hxxp://estaticosak1.tuenti.com/client_apps/3_TuentiPhotoUploader.31740.cab
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\mvrnnw1e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=
FF - prefs.js: network.proxy.http - 64.66.192.61
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{DB131C55-60C8-4ADC-84DC-9E76AB06E2DC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
AddRemove-JClic - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Java\jre7\bin\javaws.exe
c:\program files (x86)\Java\jre7\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2012-06-01 13:28:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-01 11:28
.
Pre-Run: 168.894.042.112 bytes libres
Post-Run: 171.726.409.728 bytes libres
.
- - End Of File - - CF338A10729D692B92ECFD875FFC30A0

Ahora parece que todo va bien,menos el internet explorer,ya que el boton derecho del raton no funciona en dicho programa,no podia ni pegar el reporte de combofix asi que e usado el chrome.¿Es esto normal?
Y por ultimo,¿como desinstalo combofix?¿debo actualizar java para no tener mas problemas con el virus de la sgae-policia?
Muchas gracias por tu ayuda

Virus sgae-policia

Herramientas

Virus sgae-policia

Re: Virus sgae-policia

Re: Virus sgae-policia

Re: Virus sgae-policia

Re: Virus sgae-policia