• Registrarse
  • Iniciar sesión


  • Página 2 de 2 PrimeroPrimero 12
    Resultados 11 al 15 de 15

    Virus de la policía

    Resumen del tema: Virus de la policía - Le he dado al enlace para descargar el OTL y todavía sigue "pensando"......

      
    1. #11
      Usuario Avatar de sigbert
      Registrado
      feb 2012
      Ubicación
      Sanlúcar
      Mensajes
      17

      Re: Virus de la policía

      Le he dado al enlace para descargar el OTL y todavía sigue "pensando"...

    2. #12
      Moderador Gral.
      Avatar de Javierhf
      Registrado
      jun 2006
      Ubicación
      España - Madrid
      Mensajes
      15.795

      Re: Virus de la policía

      Bien ahora te falta el informe/log de OTL.

      Para el tema de los ficheros que tienes con el locked revisa estos pasos :
      Mayo 2012: El día 5 nos llega la primer variante del nuevo Ransom.Win32.Rannoh que encripta los archivos del equipo infectado añadiendo la palabra “locked-” antes del nombre del archivo y 4 caracteres aleatorios después de la extensión original del archivo, que los convierten en archivos inutilizables. Kaspersky Labs libera la utilidad gratuita llamada: RannohDecryptor con la cual podemos desencriptar los archivos.
      Saludos.

      Editado***********

      Pues intenta con otro navegador, porque yo acabo de probar y se descarga perfectamente.

      O prueba a descargarlo desde un equipo limpio y lo trasladas con un usb.

      Última edición por Javierhf fecha: 15/06/12 a las 14:49:34
      ~ Estaré ausente del 15 de Agosto al 1 de Septiembre. ~

      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #13
      Usuario Avatar de sigbert
      Registrado
      feb 2012
      Ubicación
      Sanlúcar
      Mensajes
      17

      Re: Virus de la policía

      Ojú, he pasado primero lo de las fotos y ha encontrado 6 mil y pico. Después desde Safari sí he podido descargar el OTL y aquí está el informe:

      OTL logfile created on: 15/06/2012 21:35:34 - Run 1
      OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\JAVI\Downloads
      64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      3,99 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 54,26% Memory free
      7,98 Gb Paging File | 6,12 Gb Available in Paging File | 76,70% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
      Drive C: | 225,02 Gb Total Space | 26,56 Gb Free Space | 11,80% Space Free | Partition Type: NTFS
      Drive D: | 225,02 Gb Total Space | 72,03 Gb Free Space | 32,01% Space Free | Partition Type: NTFS
      Drive I: | 930,18 Gb Total Space | 143,95 Gb Free Space | 15,48% Space Free | Partition Type: NTFS

      Computer Name: JAVI-PC | User Name: JAVI | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - [2012/06/15 20:58:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\JAVI\Downloads\OTL.exe
      PRC - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      PRC - [2012/02/18 08:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
      PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
      PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
      PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
      PRC - [2010/08/04 14:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
      PRC - [2010/06/29 19:26:30 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
      PRC - [2010/06/01 17:09:52 | 001,268,808 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
      PRC - [2010/05/27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
      PRC - [2010/03/24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
      PRC - [2010/03/11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
      PRC - [2010/03/11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
      PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Archivos de programa\Acer\Acer Updater\UpdaterService.exe
      PRC - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
      PRC - [2009/12/09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
      PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe


      ========== Modules (No Company Name) ==========

      MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
      MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
      MOD - [2010/08/04 14:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
      MOD - [2010/08/04 11:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll


      ========== Win32 Services (SafeList) ==========

      SRV:64bit: - [2011/10/18 15:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
      SRV:64bit: - [2011/10/18 15:23:24 | 000,208,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
      SRV:64bit: - [2011/10/18 15:23:06 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
      SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
      SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv)
      SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
      SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
      SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
      SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
      SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
      SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
      SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
      SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
      SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
      SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
      SRV - [2011/03/17 16:39:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Archivos de programa\McAfee\VirusScan\mcods.exe -- (McODS)
      SRV - [2010/09/22 1810 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
      SRV - [2010/09/21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
      SRV - [2010/08/19 18:43:23 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Archivos de programa\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64) Cyberlink RichVideo64 Service(CRVS)
      SRV - [2010/06/02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
      SRV - [2010/05/27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
      SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
      SRV - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Archivos de programa\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
      SRV - [2010/01/15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
      SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
      SRV - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
      SRV - [2009/12/09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
      SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
      SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


      ========== Driver Services (SafeList) ==========

      DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
      DRV:64bit: - [2011/10/15 14:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
      DRV:64bit: - [2011/10/15 14:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
      DRV:64bit: - [2011/10/15 14:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
      DRV:64bit: - [2011/10/15 14:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
      DRV:64bit: - [2011/10/15 14:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
      DRV:64bit: - [2011/10/15 14:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
      DRV:64bit: - [2011/10/15 14:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
      DRV:64bit: - [2011/10/15 14:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
      DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
      DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
      DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
      DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
      DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
      DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
      DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
      DRV:64bit: - [2010/06/22 00:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
      DRV:64bit: - [2010/03/04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
      DRV:64bit: - [2009/12/09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
      DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
      DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
      DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
      DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
      DRV:64bit: - [2009/06/10 22:35:46 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
      DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
      DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
      DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
      DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
      DRV:64bit: - [2009/06/03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
      DRV:64bit: - [2009/06/03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
      DRV:64bit: - [2009/06/03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
      DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
      DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.internetvodafone.es
      IE - HKLM\..\URLSearchHook: {db131c55-60c8-4adc-84dc-9e76ab06e2dc} - No CLSID value found
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
      IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851619


      IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



      IE - HKU\S-1-5-21-4265445844-64563216-3127659485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
      IE - HKU\S-1-5-21-4265445844-64563216-3127659485-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
      IE - HKU\S-1-5-21-4265445844-64563216-3127659485-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
      IE - HKU\S-1-5-21-4265445844-64563216-3127659485-1000\..\URLSearchHook: {db131c55-60c8-4adc-84dc-9e76ab06e2dc} - No CLSID value found
      IE - HKU\S-1-5-21-4265445844-64563216-3127659485-1000\..\SearchScopes,DefaultScope = {8E2B8F67-0575-4B9D-ACB4-641D51DD6E7A}
      IE - HKU\S-1-5-21-4265445844-64563216-3127659485-1000\..\SearchScopes\{54BD235F-CFC1-499D-B998-FD86ABBAB6C1}: "URL" = http://es.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
      IE - HKU\S-1-5-21-4265445844-64563216-3127659485-1000\..\SearchScopes\{8E2B8F67-0575-4B9D-ACB4-641D51DD6E7A}: "URL" = http://start.funmoods.com/results.php?f=4&a=grupo&q={searchTerms}
      IE - HKU\S-1-5-21-4265445844-64563216-3127659485-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851619
      IE - HKU\S-1-5-21-4265445844-64563216-3127659485-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKU\S-1-5-21-4265445844-64563216-3127659485-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


      ========== FireFox ==========

      FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
      FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/24 21:18:16 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/03/09 09:01:40 | 000,000,000 | ---D | M]

      [2012/02/05 13:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JAVI\AppData\Roaming\mozilla\Firefox\extensions
      [2012/02/05 13:34:58 | 000,000,000 | ---D | M] (uTorrentBar_ES Community Toolbar) -- C:\Users\JAVI\AppData\Roaming\mozilla\Firefox\extensions\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}
      [2012/04/08 17:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

      O1 HOSTS File: ([2012/02/28 19:51:05 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: ::1 localhost
      O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Archivos de programa\Common Files\McAfee\SystemCore\ScriptSn.20120308221747.dll (McAfee, Inc.)
      O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
      O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
      O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
      O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll (Funmoods BHO)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120308221747.dll (McAfee, Inc.)
      O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
      O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
      O2 - BHO: (no name) - {db131c55-60c8-4adc-84dc-9e76ab06e2dc} - No CLSID value found.
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
      O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
      O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
      O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
      O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
      O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (Funmoods)
      O3 - HKLM\..\Toolbar: (no name) - {db131c55-60c8-4adc-84dc-9e76ab06e2dc} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
      O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
      O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
      O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
      O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
      O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
      O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
      O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
      O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
      O7 - HKU\S-1-5-21-4265445844-64563216-3127659485-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O7 - HKU\S-1-5-21-4265445844-64563216-3127659485-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.1)
      O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} https://www.cert.fnmt.es/content/pages_std/ficheros_apps_usuarios/capicom.cab (Settings Class)
      O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www2.agenciatributaria.gob.es/ES13/h/CACTIVEX.CAB (AeatCtl Class)
      O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.1)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7713CF6-844D-4533-A480-60B612F539CC}: DhcpNameServer = 192.168.0.1 192.168.0.1
      O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
      O18:64bit: - Protocol\Handler\ipp - No CLSID value found
      O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
      O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
      O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Archivos de programa\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
      O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
      O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35:64bit: - HKLM\..comfile [open] -- "%1" %*
      O35:64bit: - HKLM\..exefile [open] -- "%1" %*
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
      O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/06/15 19:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
      [2012/06/08 11:18:36 | 000,000,000 | ---D | C] -- C:\Users\JAVI\Documents\Carpeta sin título
      [2012/06/07 18:52:17 | 000,274,432 | ---- | C] (Nexal Corporation) -- C:\Windows\SysWow64\NCSPI832.DLL
      [2012/06/07 18:51:44 | 000,072,192 | ---- | C] (Corel Corporation Limited) -- C:\Windows\SysWow64\WPAUTO8.DLL
      [2012/06/07 18:51:42 | 000,000,000 | ---D | C] -- C:\MyFiles
      [2012/06/07 13:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
      [2012/06/06 22:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
      [2012/06/06 16:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
      [2012/06/06 16:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
      [2012/06/06 16:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
      [2012/06/04 20:57:33 | 000,000,000 | ---D | C] -- C:\Users\JAVI\AppData\Local\{94368D8A-3B9A-4ABE-89B7-9B4E47A04855}
      [2012/06/04 20:57:23 | 000,000,000 | ---D | C] -- C:\Users\JAVI\AppData\Local\Windows Live
      [2012/06/04 20:57:23 | 000,000,000 | ---D | C] -- C:\Users\JAVI\AppData\Local\{9D9E6877-65FF-448F-AF99-23F53DBBE42B}
      [2012/06/04 20:57:04 | 000,000,000 | ---D | C] -- C:\Users\JAVI\AppData\Local\{A37E7A84-7C23-44DB-BDCD-483924A84C64}
      [2012/06/02 19:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
      [2012/06/02 19:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
      [2012/06/02 19:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
      [2012/06/02 19:53:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
      [2012/06/02 19:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
      [2012/06/02 19:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
      [2012/06/02 19:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
      [2012/06/02 19:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

      ========== Files - Modified Within 30 Days ==========

      [2012/06/15 21:38:22 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
      [2012/06/15 21:34:23 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2012/06/15 20:56:20 | 001,557,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
      [2012/06/15 20:56:20 | 000,704,276 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
      [2012/06/15 20:56:20 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
      [2012/06/15 20:56:20 | 000,138,016 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
      [2012/06/15 20:56:20 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
      [2012/06/15 20:51:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2012/06/15 19:53:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/06/15 19:53:26 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/06/15 19:45:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/06/15 19:45:52 | 3214,233,600 | -HS- | M] () -- C:\hiberfil.sys
      [2012/06/14 1609 | 000,384,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
      [2012/06/07 18:53:54 | 000,001,007 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
      [2012/06/07 18:53:41 | 000,000,869 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Director de aplicaciones de escritorio Corel 8.LNK
      [2012/06/06 08:31:27 | 000,005,093 | ---- | M] () -- C:\ESZ1LP41.MD5
      [2012/06/02 20:03:59 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
      [2012/06/02 19:53:54 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
      [2012/05/28 18:23:43 | 000,001,095 | ---- | M] () -- C:\Users\JAVI\Documentos - Acceso directo.lnk
      [2012/05/21 00:17:55 | 000,022,070 | ---- | M] () -- C:\Users\JAVI\Documents\modelo046.pdf

      ========== Files Created - No Company Name ==========

      [2012/06/07 18:53:41 | 000,000,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Director de aplicaciones de escritorio Corel 8.LNK
      [2012/06/07 18:52:18 | 000,119,808 | ---- | C] () -- C:\Windows\SysWow64\NCSPI8ES.DLL
      [2012/06/07 18:52:11 | 000,025,153 | ---- | C] () -- C:\Windows\CORELPF.LRS
      [2012/06/06 15:29:16 | 000,016,896 | ---- | C] () -- C:\Users\JAVI\AppData\Local\{1b4af70f-6473-468b-ce9e-dd035ac65872}\U\80000000.@
      [2012/06/06 15:29:13 | 000,022,016 | ---- | C] () -- C:\Users\JAVI\AppData\Local\{1b4af70f-6473-468b-ce9e-dd035ac65872}\U\800000cb.@
      [2012/06/06 15:29:11 | 000,001,648 | ---- | C] () -- C:\Users\JAVI\AppData\Local\{1b4af70f-6473-468b-ce9e-dd035ac65872}\U\00000001.@
      [2012/06/02 19:53:54 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
      [2012/05/31 23:33:05 | 000,001,832 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
      [2012/05/28 18:23:43 | 000,001,095 | ---- | C] () -- C:\Users\JAVI\Documentos - Acceso directo.lnk
      [2012/05/21 00:17:55 | 000,022,070 | ---- | C] () -- C:\Users\JAVI\Documents\modelo046.pdf
      [2012/01/10 23:52:02 | 000,002,048 | -HS- | C] () -- C:\Users\JAVI\AppData\Local\{1b4af70f-6473-468b-ce9e-dd035ac65872}\@
      [2011/11/20 12:11:29 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
      [2011/11/20 12:11:29 | 000,005,816 | ---- | C] () -- C:\Windows\UNWISE.INI
      [2011/04/25 09:02:18 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\ldf252.dll
      [2011/04/09 09:58:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
      [2011/04/09 00:41:44 | 001,584,450 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
      [2011/04/08 22:03:47 | 000,000,000 | ---- | C] () -- C:\Windows\longfile.INI
      [2011/04/08 22:03:45 | 001,371,436 | R--- | C] () -- C:\Windows\SysWow64\VBAR2132.DLL
      [2011/04/08 22:02:16 | 000,039,125 | ---- | C] () -- C:\Windows\iccsigs.dat
      [2011/04/08 22:02:09 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\scpext.dll
      [2011/04/08 21:57:31 | 000,000,047 | ---- | C] () -- C:\Windows\winhlp32.ini
      [2011/04/08 21:57:31 | 000,000,047 | ---- | C] () -- C:\Windows\winhelp.ini
      [2011/04/08 21:52:51 | 000,150,016 | ---- | C] () -- C:\Windows\CRLASP95.DLL
      [2011/04/08 21:52:25 | 000,017,552 | ---- | C] () -- C:\Windows\SysWow64\TTYTWIN.DRV
      [2011/04/08 21:52:02 | 000,022,480 | ---- | C] () -- C:\Windows\SysWow64\PFMAPI16.DLL
      [2011/04/08 21:52:02 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\PFMAPI32.DLL
      [2010/08/30 07:52:25 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

      ========== LOP Check ==========

      [2011/04/25 09:02:47 | 000,000,000 | ---D | M] -- C:\Users\JAVI\AppData\Roaming\ACD Systems
      [2012/04/01 16:09:49 | 000,000,000 | ---D | M] -- C:\Users\JAVI\AppData\Roaming\Canon
      [2012/02/09 23:14:29 | 000,000,000 | ---D | M] -- C:\Users\JAVI\AppData\Roaming\mkvtoolnix
      [2011/04/08 20:37:19 | 000,000,000 | ---D | M] -- C:\Users\JAVI\AppData\Roaming\OEM
      [2012/06/15 16:32:02 | 000,000,000 | ---D | M] -- C:\Users\JAVI\AppData\Roaming\SoftGrid Client
      [2012/02/09 22:32:19 | 000,000,000 | ---D | M] -- C:\Users\JAVI\AppData\Roaming\Systweak
      [2011/04/09 00:42:12 | 000,000,000 | ---D | M] -- C:\Users\JAVI\AppData\Roaming\TP
      [2012/02/12 01:28:00 | 000,000,000 | ---D | M] -- C:\Users\JAVI\AppData\Roaming\uTorrent
      [2011/04/09 12:51:21 | 000,000,000 | ---D | M] -- C:\Users\Patri\AppData\Roaming\OEM
      [2012/06/07 07:58:40 | 000,000,000 | ---D | M] -- C:\Users\Patri\AppData\Roaming\SoftGrid Client
      [2012/06/12 22:38:50 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2010/08/30 08:30:22 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
      [2012/06/06 08:31:27 | 000,005,093 | ---- | M] () \ESZ1LP41.MD5 -- C:\ESZ1LP41.MD5
      [2012/06/15 19:45:52 | 3214,233,600 | -HS- | M] () -- C:\hiberfil.sys
      [2012/03/01 18:52:49 | 000,000,080 | ---- | M] () -- C:\log.txt
      [2010/07/16 02:14:42 | 000,000,301 | ---- | M] () -- C:\LPCD.DAT
      [2012/06/15 19:45:54 | 4285,644,800 | -HS- | M] () -- C:\pagefile.sys
      [2012/06/06 16:33:18 | 000,285,552 | ---- | M] () -- C:\PoliFix-log.txt
      [2012/06/06 22:33:00 | 000,007,441 | ---- | M] () -- C:\PoliFix.txt
      [2012/06/15 21:24:12 | 001,827,274 | ---- | M] () -- C:\RannohDecryptor.1.1.0.0_15.06.2012_20.51.11_log.txt
      [2007/10/10 13:57:16 | 000,002,206 | ---- | M] () -- C:\RHDSetup.log
      [2012/04/08 17:02:31 | 000,000,050 | ---- | M] () -- C:\user.js

      < End of report >


      Por cierto, me sale una ventanita de estas de actualización de Java Disponible, pero me pone archivo "jucheck.exe" y editor comprobado "Oracle America Inc.". ¿Tengo que aceptar entonces siempre estas actualizaciones para intentar evitar que me salga más el virus? Gracias.

    4. #14
      Usuario Avatar de sigbert
      Registrado
      feb 2012
      Ubicación
      Sanlúcar
      Mensajes
      17

      Re: Virus de la policía

      Ah, veo también que ahora en la partición d (que era donde estaban las fotos afectadas), aparecen dos carpetas que antes no se veían (digo veían porque están como sombreadas):

      System Volume Information y $RECYCLE.BIN

      Y me pone acceso denegado en la primera, y dentro de la segunda hay una papelera de reciclaje en la que hay un OTL.txt, y otras carpetas sombreadas:

      S-1-5-20
      S-1-5-21-4265445844-64563216-3127659485-500
      S-1-5-21-4265445844-64563216-3127659485-1005

    5. #15
      Moderador Gral.
      Avatar de Javierhf
      Registrado
      jun 2006
      Ubicación
      España - Madrid
      Mensajes
      15.795

      Re: Virus de la policía

      Cita Originalmente publicado por sigbert Ver Mensaje
      Por cierto, me sale una ventanita de estas de actualización de Java Disponible, pero me pone archivo "jucheck.exe" y editor comprobado "Oracle America Inc.". ¿Tengo que aceptar entonces siempre estas actualizaciones para intentar evitar que me salga más el virus?
      Si correcto debes permitir que Java se actualice, porque las infecciones y re-infecciones vienen por :

      URL]http://www.forospyware.com/t418092.html#post1944626[/URL]

      Ah, veo también que ahora en la partición d (que era donde estaban las fotos afectadas), aparecen dos carpetas que antes no se veían (digo veían porque están como sombreadas):

      System Volume Information y $RECYCLE.BIN

      Y me pone acceso denegado en la primera, y dentro de la segunda hay una papelera de reciclaje en la que hay un OTL.txt, y otras carpetas sombreadas:

      S-1-5-20
      S-1-5-21-4265445844-64563216-3127659485-500
      S-1-5-21-4265445844-64563216-3127659485-1005
      Tod esto que ves y que antes no veías, es normal y no debe preocuparte, son carpetas del sistema.

      Si antes no lo veías, sera porque vuestro amigo, ha cambiado los parámetros de windows para que esto ahora, si se vea, revisa esto para saber como se consigue :

      Ver archivos ocultos en todos los Windows.

      Ademas por lo que se ve en el informe, ya no hay rastros de la infección de Polifix, por lo que entiendo, que ahora mismo puedes funcionar de forma normal con el equipo, y las fotos(archivos locked) ya las tienes correctas.

      Confirmanos si esto es correcto y cuando termines de actualizar Java, dinos que versión se ha quedado instalada.

      Saludos.
      ~ Estaré ausente del 15 de Agosto al 1 de Septiembre. ~

      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 2 de 2 PrimeroPrimero 12