• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 12

    Virus guardia civil y que tengo que pagar 100 € (con intrusion a la webcam)

    Hola: He tenido un problema con el ordenador. Me ha salido una ventana que ocupa toda la pantalla diciendo que mi IP esta bloqueada, por parte de la guardia civil por uso o compartir material ...

    1. #1
      Usuario Avatar de UnknowledgePers
      Registrado
      sep 2012
      Ubicación
      Alicante
      Mensajes
      6

      Malware Virus guardia civil y que tengo que pagar 100 € (con intrusion a la webcam)

      Hola:
      He tenido un problema con el ordenador. Me ha salido una ventana que ocupa toda la pantalla diciendo que mi IP esta bloqueada, por parte de la guardia civil por uso o compartir material con derechos de autor o visitar/compartir material pedófilo y que tengo q pagar 100 €. Vamos, el conocido virus de la guardia civil (o de la policia). Necesito saber paso a paso lo q tengo q hacer y q necesito. Me han recomendado este foro y q escriba un nuevo tema, debido a q puede q sea un version nueva del virus, por lo q las soluciones anteriormente dadas pueden no ser utiles.
      Espero sus respuestas.

      Si necesitais mas informacion o una captura de pantalla, decidmelo.
      Saludos.

    2. #2
      Usuario Avatar de Carlos96
      Registrado
      sep 2011
      Ubicación
      colombia
      Mensajes
      212

      Mensaje re: Virus guardia civil y que tengo que pagar 100 € (con intrusion a la webcam)

      Hola UnknowledgePers


      Mira, te dejo este tema que ya esta solucionado espero que se solucione tu problema.

      Virus policia-guardia civil (Solucionado)



    3. #3
      Usuario Avatar de UnknowledgePers
      Registrado
      sep 2012
      Ubicación
      Alicante
      Mensajes
      6

      Re: Virus guardia civil y que tengo que pagar 100 € (con intrusion a la webcam)

      Ya segui los pasos de ese tema y ya no me sale el mensaje ni me bloquea el ordenador, gracias.
      Muy grande este foro.

    4. #4
      Usuario Avatar de Carlos96
      Registrado
      sep 2011
      Ubicación
      colombia
      Mensajes
      212

      Mensaje Re: Virus guardia civil y que tengo que pagar 100 € (con intrusion a la webcam)

      Ok, UnknowledgePers

      Entonces ya puedes dar el tema por solucionado.


    5. #5
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.711

      Re: Virus guardia civil y que tengo que pagar 100 € (con intrusion a la webcam)

      Buenas y con Permiso.

      Antes de que deis el tema por terminado y solucionado, sigue los pasos que se indican en esta guía >> Eliminar Virus de la Policía (Ransomware)

      Y cuando termines de pasar el Polifix, nos pones el informe que encontraras en C:\Polifix.txt

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #6
      Usuario Avatar de UnknowledgePers
      Registrado
      sep 2012
      Ubicación
      Alicante
      Mensajes
      6

      Re: Virus guardia civil y que tengo que pagar 100 € (con intrusion a la webcam)

      Aqui va el informe:

      //////////////////// PoliFix 2.0.6 By InfoSpyware ////////////////////

      Ejecutado Desde: C:\Users\Pepe\Downloads\polifix.exe
      Fecha: 03/09/2012 | Hora: 09:43:04
      Sistema Operativo: Windows Vista De X86 Bits
      Modo De Arranque: Modo Normal
      Usuario: Pepe | (Administrador)
      Version De Java 32: 7.0.50.5


      =========================== Malwares Eliminados ===========================

      C:\Users\Pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
      HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | load


      ============================= Poli-Heurística =============================


      ================================== Startup ================================

      HKLM - Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      HKLM - Run: [UCam_Menu] - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
      HKLM - Run: [QPService] - "C:\Program Files\HP\QuickPlay\QPService.exe"
      HKLM - Run: [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      HKLM - Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      HKLM - Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      HKLM - Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      HKLM - Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      HKLM - Run: [egui] - "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      HKLM - Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe
      HKLM - Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
      HKLM - Run: [Persistence] - C:\Windows\system32\igfxpers.exe
      HKLM - Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
      HKLM - Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
      HKLM - Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      HKLM - Run: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      HKLM - Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      HKCU - Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      HKCU - Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      HKCU - Run: [MsnMsgr] - "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      HKCU - Run: [TomTomHOME.exe] - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
      HKCU - Run: [Google Update] - "C:\Users\Pepe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
      HKCU - Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe
      Startup: C:\Users\Pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Herramienta de búsqueda de soportes de Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe


      ============================ Scan Suplementario ===========================

      C:\ProgramData\Adobe
      C:\ProgramData\AOL
      C:\ProgramData\AOL OCP
      C:\ProgramData\Application Data
      C:\ProgramData\Atheros
      C:\ProgramData\Brother
      C:\ProgramData\CanonBJ
      C:\ProgramData\CanonIJ
      C:\ProgramData\CanonIJEGV
      C:\ProgramData\CanonIJEPPEX
      C:\ProgramData\CanonIJFax
      C:\ProgramData\CanonIJMyPrinter
      C:\ProgramData\CanonIJPLM
      C:\ProgramData\CanonIJScan
      C:\ProgramData\CanonIJSolutionMenu
      C:\ProgramData\CyberLink
      C:\ProgramData\Datos de programa
      C:\ProgramData\Desktop
      C:\ProgramData\Documentos
      C:\ProgramData\Documents
      C:\ProgramData\Easybits GO
      C:\ProgramData\EBP
      C:\ProgramData\Escritorio
      C:\ProgramData\ESET
      C:\ProgramData\Favorites
      C:\ProgramData\Favoritos
      C:\ProgramData\Hewlett-Packard
      C:\ProgramData\HP
      C:\ProgramData\HPSSUPPLY
      C:\ProgramData\hpzinstall.log
      C:\ProgramData\Menú Inicio
      C:\ProgramData\Microsoft
      C:\ProgramData\Microsoft Help
      C:\ProgramData\Mozilla
      C:\ProgramData\MSScanAppDataDir
      C:\ProgramData\nud0repor.pad
      C:\ProgramData\Office Genuine Advantage
      C:\ProgramData\PDFC
      C:\ProgramData\Plantillas
      C:\ProgramData\Samsung
      C:\ProgramData\Skype
      C:\ProgramData\Skype Extras
      C:\ProgramData\Start Menu
      C:\ProgramData\Sun
      C:\ProgramData\Symantec
      C:\ProgramData\Templates
      C:\ProgramData\TomTom
      C:\ProgramData\Viewpoint
      C:\ProgramData\WildTangent
      C:\ProgramData\WindowsSearch
      C:\ProgramData\WLInstaller
      C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
      C:\ProgramData\{F7FA198E-66FE-45C8-B642-164FBCCA8098}
      C:\Users\Pepe\AppData\Roaming\Adobe
      C:\Users\Pepe\AppData\Roaming\Brother
      C:\Users\Pepe\AppData\Roaming\Canon
      C:\Users\Pepe\AppData\Roaming\CyberLink
      C:\Users\Pepe\AppData\Roaming\GHISLER
      C:\Users\Pepe\AppData\Roaming\go
      C:\Users\Pepe\AppData\Roaming\Hewlett-Packard
      C:\Users\Pepe\AppData\Roaming\HP
      C:\Users\Pepe\AppData\Roaming\Identities
      C:\Users\Pepe\AppData\Roaming\Image Zone Express
      C:\Users\Pepe\AppData\Roaming\InstallShield
      C:\Users\Pepe\AppData\Roaming\IrfanView
      C:\Users\Pepe\AppData\Roaming\ITTerritory
      C:\Users\Pepe\AppData\Roaming\Macromedia
      C:\Users\Pepe\AppData\Roaming\Magic Academy
      C:\Users\Pepe\AppData\Roaming\Microsoft
      C:\Users\Pepe\AppData\Roaming\Mozilla
      C:\Users\Pepe\AppData\Roaming\OpenOffice.org
      C:\Users\Pepe\AppData\Roaming\PlayFirst
      C:\Users\Pepe\AppData\Roaming\Printer Info Cache
      C:\Users\Pepe\AppData\Roaming\Samsung
      C:\Users\Pepe\AppData\Roaming\Skype
      C:\Users\Pepe\AppData\Roaming\skypePM
      C:\Users\Pepe\AppData\Roaming\Sony Corporation
      C:\Users\Pepe\AppData\Roaming\Symantec
      C:\Users\Pepe\AppData\Roaming\Template
      C:\Users\Pepe\AppData\Roaming\TomTom
      C:\Users\Pepe\AppData\Roaming\uTorrent
      C:\Users\Pepe\AppData\Roaming\vlc
      C:\Users\Pepe\AppData\Roaming\WildTangent
      C:\Users\Pepe\AppData\Roaming\winmain32
      C:\Users\Pepe\AppData\Roaming\WinRAR
      C:\Users\Pepe\AppData\Roaming\wklnhst.dat


      ========================== 03/09/2012 - 09:43:50 ==========================

    7. #7
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.711

      Re: Virus guardia civil y que tengo que pagar 100 € (con intrusion a la webcam)

      Ahora realiza estos procesos :
      • Descarga >> AT-Destroyer (Adwares/Toolbars-Destroyer) by @Infospyware.
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Ejecuta AT-Destroyer. (Si usas Windows Vista o 7 Presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • Aparecerá el Disclaimer, si estás de acuerdo, presiona SI para continuar.
      • Presiona sobre la opción 1 (Buscar y Destruir) para comenzar es escaneo.
      • AT-Destroyer desconectará el escritorio momentáneamente.
      • En caso de estar infectado, AT-Destroyer lo indicará con lineas rojas donde se haya encontrado la infección, sino, serán lineas verdes.
      • Una vez terminado el escaneo, podrás volver a ver el escritorio y se te abrirá un reporte, que deberás copiar en tu próxima respuesta comentando cómo funciona el sistema.(También lo puedes encontrar en C:\AT-Destroyer.log)
      • Inmediatamente debes Reiniciar el equipo.
      Y a continuación este otro, descarga >> OTL By OldTimer

      >>> Para Ejecutar OTL

      • Cerrar todos programas que tengas abiertos y hacer doble click en el ícono de OTL para ejecutarlo.
      • Dejarlo correr y esperar a que aparezca el menú de OTL..
      • Cuando salga el menú de OTL, debes cambiar debajo de: "Tipo de Análisis" poniendo Resultado Mínimo.
      • Marcar la casilla Analizar Todos.
      • Marcar las opciones: Buscar LOP y Buscar Purity.
      • Marcar las Opciones >> Omitir Archivos De Microsoft y Usar Listado de Compañías Reconocidas.
      • Copiar y Pegar las lineas del siguiente script bajo la casilla Análisis Personalizados/Código de Reparación:

        NOTA: No copiar la palabra Cita.
        netsvcs
        msconfig
        %SYSTEMDRIVE%\*.*
        CREATERESTOREPOINT
      • Por favor No cambies el resto de la configuración a menos que te lo solicitemos.


      • Presionar el botón .
      • Una vez que termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt. Éstos archivos estarán grabados en el mismo lugar donde OTL.exe fue descargado.
      • Copiar y pegar el contenido del archivo OTL.txt en tu próxima respuesta.



      Saludos, Javier.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de UnknowledgePers
      Registrado
      sep 2012
      Ubicación
      Alicante
      Mensajes
      6

      Re: Virus guardia civil y que tengo que pagar 100 € (con intrusion a la webcam)

      Informe AT-Destroyer:

      #################################################### A/T-Destroyer by InfoSpyware ############

      A/T-Destroyer 1.0.7 By Infospyware
      www.infospyware.com
      Fecha iniciada en el analisis 05/09/2012
      Hora iniciada en el analisis 10:45:40,21
      Usuario Actual : [C:\Users\Pepe]
      Sistema Operativo: Windows Vista (TM) Home Basic
      Service pack: Service Pack 2
      Arquitectura: Sistema operativo de 32 bits
      Versión Internet Explorer: 9.0.8112.16421
      Modo Actual: Modo Normal.
      Privilegios: [Pepe-Administrador]
      Versión Google Chrome: 21.0.1180.83
      Versión Mozilla Firefox: 15.0

      ====== Servicios Eliminados By A/T-Destroyer ======




      ====== Claves Eliminadas By A/T-Destroyer ======




      ====== Archivos/Carpetas Eliminados By A/T-Destroyer ======


      C:\Users\Pepe\Appdata\Local\d3d9caps.dat
      C:\Users\Pepe\Appdata\Local\GDIPFONTCACHEV1.DAT
      C:\Windows\System32\ezsidmv.dat


      ====== Información Extra ======


      -_-_-_-_-_-_-_-_ Configuraciones de internet Explorer -_-_-_-_-_-_-_-_
      "HKCU\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://www.google.com
      Local Page == C:\Windows\system32\blank.htm
      Default_Search_URL == http://www.google.com/ie
      Default_Page_URL == http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb

      "HKLM\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
      Local Page == C:\Windows\System32\blank.htm
      Default_Search_URL == http://go.microsoft.com/fwlink/?LinkId=54896
      Default_Page_URL == http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb


      "HKEY_USERS\S-1-5-21-3778969705-2300489048-968155267-1000\Software\Microsoft\Internet Explorer\Main"
      Start Page == http://www.google.com
      Search Page == http://www.google.com
      Local Page == C:\Windows\system32\blank.htm
      Default_Search_URL == http://www.google.com/ie
      Default_Page_URL == http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb


      -_-_-_-_-_-_-_-_ Configuraciones de Google Chrome-_-_-_-_-_-_-_-_
      "homepage": "http://www.google.com/",
      "homepage_changed": true,
      "homepage_is_newtabpage": false,
      -_-_-_-_-_-_-_-_ Configuraciones de Google Chrome-_-_-_-_-_-_-_-_
      "homepage": "http://www.google.com/",
      "homepage_changed": true,
      "homepage_is_newtabpage": false,


      -_-_-_-_-_-_-_-_ Configuraciones de mozilla Firefox -_-_-_-_-_-_-_-_
      user_pref("pref.browser.homepage.disable_button.current_page", false);
      user_pref("browser.startup.homepage", "http://google.com");




      ======= EOF =======

    9. #9
      Usuario Avatar de UnknowledgePers
      Registrado
      sep 2012
      Ubicación
      Alicante
      Mensajes
      6

      Re: Virus guardia civil y que tengo que pagar 100 € (con intrusion a la webcam)

      Análisis OTL:

      OTL logfile created on: 05/09/2012 11:07:18 - Run 1
      OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Pepe\Downloads
      Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      2,93 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 66,82% Memory free
      6,06 Gb Paging File | 5,16 Gb Available in Paging File | 85,09% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 289,71 Gb Total Space | 197,42 Gb Free Space | 68,14% Space Free | Partition Type: NTFS
      Drive D: | 8,38 Gb Total Space | 0,00 Gb Free Space | 0,04% Space Free | Partition Type: NTFS

      Computer Name: PEPE1 | User Name: Pepe | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\Pepe\Downloads\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
      PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
      PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
      PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
      PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
      PRC - C:\Windows\System32\wercon.exe (Microsoft Corporation)
      PRC - C:\Windows\explorer.exe (Microsoft Corporation)
      PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
      PRC - C:\Windows\SMINST\BLService.exe ()
      PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)


      ========== Modules (No Company Name) ==========

      MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
      MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
      MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
      MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
      MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
      MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
      MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()


      ========== Services (SafeList) ==========

      SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
      SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
      SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
      SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
      SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
      SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
      SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
      DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
      DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
      DRV - (epfwtdir) -- C:\Windows\System32\drivers\epfwtdir.sys ()
      DRV - (easdrv) -- C:\Windows\System32\drivers\easdrv.sys (ESET)
      DRV - (eamon) -- C:\Windows\System32\drivers\eamon.sys (ESET)
      DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
      DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
      DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
      DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
      DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
      DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
      DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
      DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
      IE - HKLM\..\SearchScopes,DefaultScope = {1DCA1E62-41C1-4D6E-862A-4D3D9BA97822}
      IE - HKLM\..\SearchScopes\{1DCA1E62-41C1-4D6E-862A-4D3D9BA97822}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1127&query={searchTerms}&invocationType=tb50hpcnnbie7-es-es
      IE - HKLM\..\SearchScopes\{81F42952-F5E4-431B-9CA2-2513275BA73B}: "URL" = http://es.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913937

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
      IE - HKCU\..\SearchScopes,DefaultScope = {4780FE30-95EF-42DF-AECD-3412F65A42F8}
      IE - HKCU\..\SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2EAA}: "URL" = http://www.pucuy.com/google?q={searchTerms}&sa=Search&cx=partner-pub-3546861938806019:fn51rv5o9ne&cof=FORID%3A10&ie=UTF-8&hl=es
      IE - HKCU\..\SearchScopes\{1DCA1E62-41C1-4D6E-862A-4D3D9BA97822}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1127&query={searchTerms}&invocationType=tb50hpcnnbie7-es-es
      IE - HKCU\..\SearchScopes\{1F5E4D85-ADE4-4F96-AE7C-755247A1B6FF}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{4780FE30-95EF-42DF-AECD-3412F65A42F8}: "URL" = http://www.google.es/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
      IE - HKCU\..\SearchScopes\{81F42952-F5E4-431B-9CA2-2513275BA73B}: "URL" = http://es.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913937
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.startup.homepage: "http://google.com"
      FF - prefs.js..extensions.enabledAddons: [email protected]:2.3.0
      FF - prefs.js..extensions.enabledAddons: [email protected]:1.5
      FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
      FF - prefs.js..extensions.enabledItems: [email protected]:2.2.0.1
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
      FF - prefs.js..extensions.enabledItems: [email protected]:1.3.1
      FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
      FF - prefs.js..keyword.URL: "http://google.com"
      FF - user.js - File not found

      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
      FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
      FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pepe\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pepe\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/04 20:08:44 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/03 09:48:12 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/04 20:08:44 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/03 09:48:12 | 000,000,000 | ---D | M]

      [2010/08/15 13:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pepe\AppData\Roaming\mozilla\Extensions
      [2010/08/15 13:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pepe\AppData\Roaming\mozilla\Extensions\[email protected]
      [2012/05/02 14:46:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pepe\AppData\Roaming\mozilla\Firefox\Profiles\zc42lkln.default\extensions
      [2010/06/25 08:24:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pepe\AppData\Roaming\mozilla\Firefox\Profiles\zc42lkln.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
      [2010/03/29 14:18:08 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Pepe\AppData\Roaming\mozilla\Firefox\Profiles\zc42lkln.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
      [2012/01/02 18:49:48 | 000,000,000 | ---D | M] (Diccionari catalÃ* (valenciÃ*)) -- C:\Users\Pepe\AppData\Roaming\mozilla\Firefox\Profiles\zc42lkln.default\extensions\[email protected]
      [2011/05/11 1712 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Users\Pepe\AppData\Roaming\mozilla\Firefox\Profiles\zc42lkln.default\extensions\[email protected]
      [2012/09/03 11:37:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
      [2012/09/04 20:08:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
      [2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
      [2012/09/04 20:08:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
      [2012/07/24 08:45:11 | 000,003,882 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
      [2012/06/25 15:54:13 | 000,001,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
      [2010/03/29 18:45:38 | 000,000,615 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pucuy.xml
      [2012/09/04 20:08:38 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
      [2012/06/25 15:54:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
      [2012/06/25 15:54:13 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
      CHR - homepage: http://www.google.com/
      CHR - Extension: No name found = C:\Users\Pepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
      CHR - Extension: No name found = C:\Users\Pepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
      CHR - Extension: No name found = C:\Users\Pepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

      O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: ::1 localhost
      O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
      O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
      O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
      O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
      O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
      O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
      O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
      O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
      O13 - gopher Prefix: missing
      O15 - HKCU\..Trusted Domains: antena3.com ([www] https in Trusted sites)
      O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
      O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04EEFB7A-5E27-4714-9E94-B31A1A7FB619}: DhcpNameServer = 192.168.100.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04EEFB7A-5E27-4714-9E94-B31A1A7FB619}: NameServer = 80.58.61.250,80.58.61.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99337EB3-CB78-4302-8A6F-6FE25F85691F}: NameServer = 80.58.61.250,80.58.61.254
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
      O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

      NetSvcs: FastUserSwitchingCompatibility - File not found
      NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
      NetSvcs: Nla - File not found
      NetSvcs: Ntmssvc - File not found
      NetSvcs: NWCWorkstation - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: SRService - File not found
      NetSvcs: WmdmPmSp - File not found
      NetSvcs: LogonHours - File not found
      NetSvcs: PCAudit - File not found
      NetSvcs: helpsvc - File not found
      NetSvcs: uploadmgr - File not found
      NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)


      CREATERESTOREPOINT
      System Restore Service not available.

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/09/05 10:45:37 | 000,036,864 | ---- | C] (NirSoft) -- C:\Windows\nircmd.exe
      [2012/09/05 10:42:34 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{A622DC5C-9DBC-419B-88B8-5FE66DA229C4}
      [2012/09/04 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{2F0EB8A8-35C8-4178-9260-95985D5DCE7B}
      [2012/09/03 10:11:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
      [2012/09/03 09:43:02 | 000,000,000 | ---D | C] -- C:\_PoliFix
      [2012/09/03 09:41:16 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{5BEBD4BE-05FA-434D-A7DB-4B41779A8467}
      [2012/09/02 17:27:13 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{B355DAF7-263C-45A7-A99B-5BDB86582CC2}
      [2012/09/02 17:25:42 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{FCCE085E-F6AF-44AA-87B9-51AFD45592D8}
      [2012/09/01 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Pepe\Documents\Youcam
      [2012/08/31 09:24:20 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{60086C97-9CFA-406A-AB20-17A9536F69F1}
      [2012/08/30 08:32:17 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{8DCD3A76-769C-4852-9C34-AA049E985D75}
      [2012/08/29 11:37:00 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{17E39395-CD15-4329-B9C1-DFB28E70E16A}
      [2012/08/28 08:46:39 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{82AF6365-0DEA-44FE-9B58-346D64F56AB8}
      [2012/08/27 09:13:09 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{002522CF-C2F1-415F-BD54-DBECA71F1217}
      [2012/08/26 12:44:48 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{BA9166B9-6DFE-4179-AF25-930EFE8512CD}
      [2012/08/25 08:38:23 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{9E06ACB9-B027-4B1A-A330-F1DD303878A6}
      [2012/08/24 11:56:35 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{5E7EEA0B-40F4-44F3-9E68-5A825084DFF9}
      [2012/08/23 21:58:10 | 000,000,000 | ---D | C] -- C:\Users\Pepe\Desktop\2012_08_23
      [2012/08/23 1750 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{2F1C6768-0463-4353-AB11-EA058D2A32E7}
      [2012/08/21 20:09:26 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{DF976392-172F-41B8-B0B8-9541E8485FBD}
      [2012/08/20 15:24:40 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{505C8CA1-A212-4A5F-86E4-17D212BE771E}
      [2012/08/17 0950 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{F9DC158D-CF02-461B-90FD-2E181FBD04CC}
      [2012/08/17 0943 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{9192ED18-6C78-4A85-A8C7-3A8E19EC9515}
      [2012/08/16 09:07:41 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{41CFDB61-05F3-4E2F-A016-C8228F259FDC}
      [2012/08/15 19:02:55 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{8FF3DE85-8D6C-48EF-B1C3-5BB6E9EAA64F}
      [2012/08/15 19:02:51 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{9CC00FA5-F11F-42F7-BE00-B65FE484F4B7}
      [2012/08/14 09:03:31 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{3CEE3FBD-2F39-43C5-9842-60B7D817521C}
      [2012/08/14 09:02:54 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{83D169AB-E098-4914-92C9-DE657C6102DD}
      [2012/08/13 09:06:37 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{FB053E0F-0704-47A8-A097-C5E461A9F516}
      [2012/08/13 09:06:32 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{78113DFE-1986-4E5D-B19C-79D83C9B9C09}
      [2012/08/11 10:27:28 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{88CB1116-A99A-4021-B725-21E314110DF7}
      [2012/08/11 10:27:22 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{BE781DE7-A423-4CB4-9452-2D4A4FF57FAD}
      [2012/08/10 09:16:38 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{7FEB3AA3-8A4A-4D82-A10C-47EAC2A670DE}
      [2012/08/10 09:16:29 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{CB4AEFDA-04B6-4C41-AC35-73956E5E12DB}
      [2012/08/09 08:58:33 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{D989A197-85C8-4BE5-8D32-89D58BADE630}
      [2012/08/09 08:58:11 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{138A9724-5B79-42B9-A42E-4246CEA3414F}
      [2012/08/08 11:13:10 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{0F93D96B-247A-4E56-828F-C0BCE1F2F0F6}
      [2012/08/08 11:13:03 | 000,000,000 | ---D | C] -- C:\Users\Pepe\AppData\Local\{E36A2F51-C321-489C-AA6E-CEA09C54E3D4}

      ========== Files - Modified Within 30 Days ==========

      [2012/09/05 11:09:15 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2012/09/05 11:05:10 | 000,133,632 | ---- | M] () -- C:\Users\Pepe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/09/05 11:03:36 | 000,000,286 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
      [2012/09/05 11:03:21 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/09/05 11:03:21 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/09/05 11:03:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/09/05 11:03:09 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
      [2012/09/05 10:58:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3778969705-2300489048-968155267-1000UA.job
      [2012/09/05 10:58:49 | 000,002,037 | ---- | M] () -- C:\Users\Pepe\Desktop\Google Chrome.lnk
      [2012/09/03 09:48:12 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
      [2012/09/03 09:39:46 | 000,361,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
      [2012/09/02 19:54:34 | 000,296,830 | ---- | M] () -- C:\Users\Pepe\Documents\cc_20120902_195409.reg
      [2012/09/02 17:25:15 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
      [2012/09/01 18:29:37 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3778969705-2300489048-968155267-1000Core.job

      ========== Files Created - No Company Name ==========

      [2012/09/05 10:45:37 | 000,069,660 | ---- | C] () -- C:\Windows\Fart.exe
      [2012/09/05 10:45:37 | 000,022,528 | ---- | C] () -- C:\Windows\AT-Uninstall.exe
      [2012/09/05 10:45:37 | 000,011,776 | ---- | C] () -- C:\Windows\Colous.exe
      [2012/09/02 19:54:14 | 000,296,830 | ---- | C] () -- C:\Users\Pepe\Documents\cc_20120902_195409.reg
      [2012/09/01 18:39:44 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
      [2012/08/10 18:45:54 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
      [2012/08/10 18:45:54 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
      [2011/01/29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
      [2011/01/29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
      [2011/01/29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
      [2011/01/29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
      [2009/01/14 21:58:16 | 000,000,658 | ---- | C] () -- C:\Users\Pepe\AppData\Roaming\wklnhst.dat
      [2008/12/26 16:47:37 | 000,133,632 | ---- | C] () -- C:\Users\Pepe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

      ========== LOP Check ==========

      [2012/01/14 10:47:04 | 000,000,000 | ---D | M] -- C:\Users\Pepe\AppData\Roaming\Canon
      [2008/12/23 23:25:09 | 000,000,000 | ---D | M] -- C:\Users\Pepe\AppData\Roaming\GHISLER
      [2011/06/26 17:23:50 | 000,000,000 | ---D | M] -- C:\Users\Pepe\AppData\Roaming\go
      [2011/01/10 21:26:58 | 000,000,000 | ---D | M] -- C:\Users\Pepe\AppData\Roaming\Image Zone Express
      [2012/02/16 22:22:35 | 000,000,000 | ---D | M] -- C:\Users\Pepe\AppData\Roaming\IrfanView
      [2010/06/16 11:27:51 | 000,000,000 | ---D | M] -- C:\Users\Pepe\AppData\Roaming\ITTerritory
      [2009/01/08 20:34:29 | 000,000,000 | ---D | M] -- C:\Users\Pepe\AppData\Roaming\Magic Academy
      [2010/06/27 18:53:55 | 000,000,000 | ---D | M] -- C:\Users\Pepe\AppData\Roaming\OpenOffice.org
      [2009/02/24 10:19:58 | 000,000,000 | ---D | M] -- C:\Users\Pepe\AppData\Roaming\PlayFirst
      [2010/04/28 14:42:32 | 000,000,000 | ---D | M] -- C:\Users\Pepe\AppData\Roaming\Printer Info Cache
      [2012/08/10 13:52:33 | 000,000,000 | ---D | M] -- C:\Users\Pepe\AppData\Roaming\Samsung
      [2009/02/23 22:57:45 | 000,000,000 | ---D | M] -- C:\Users\Pepe\AppData\Roaming\Template
      [2010/08/15 13:27:13 | 000,000,000 | ---D | M] -- C:\Users\Pepe\AppData\Roaming\TomTom
      [2012/06/06 13:23:05 | 000,000,000 | ---D | M] -- C:\Users\Pepe\AppData\Roaming\uTorrent
      [2010/04/09 14:45:57 | 000,000,000 | -HSD | M] -- C:\Users\Pepe\AppData\Roaming\winmain32
      [2012/09/05 11:02:33 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2012/09/05 10:46:51 | 000,002,844 | ---- | M] () -- C:\AT-Destroyer.txt
      [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
      [2009/04/11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
      [2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
      [2012/09/05 11:03:09 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
      [2008/12/21 16:13:49 | 000,000,377 | -H-- | M] () -- C:\IPH.PH
      [2012/09/05 11:03:08 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys
      [2012/09/03 09:43:50 | 000,006,184 | ---- | M] () -- C:\PoliFix.txt
      [2012/09/05 10:45:40 | 000,000,136 | ---- | M] () -- C:\prueba.txt

      < End of report >

    10. #10
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.711

      Re: Virus guardia civil y que tengo que pagar 100 € (con intrusion a la webcam)

      Ejecuta de nuevo OTL.exe

      Copia y Pega el código que está dentro del recuadro de abajo en la sección Análisis Personalizado / Código de Reparación.

      Código:
      :OTL
      DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
      DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
      DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
      IE - HKLM\..\SearchScopes\{1DCA1E62-41C1-4D6E-862A-4D3D9BA97822}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1127&query={searchTerms}&invocationT ype=tb50hpcnnbie7-es-es
      IE - HKLM\..\SearchScopes\{81F42952-F5E4-431B-9CA2-2513275BA73B}: "URL" = http://es.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true &x=true&y=true&partner=hp&partnerId=96913937
      IE - HKCU\..\SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2EAA}: "URL" = http://www.pucuy.com/google?q={searchTerms}&sa=Search&cx=partner-pub-3546861938806019:fn51rv5o9ne&cof=FORID%3A10&ie=UTF-8&hl=es
      IE - HKCU\..\SearchScopes\{1DCA1E62-41C1-4D6E-862A-4D3D9BA97822}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1127&query={searchTerms}&invocationT ype=tb50hpcnnbie7-es-es
      IE - HKCU\..\SearchScopes\{81F42952-F5E4-431B-9CA2-2513275BA73B}: "URL" = http://es.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true &x=true&y=true&partner=hp&partnerId=96913937
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
      FF - user.js - File not found
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
      [2012/06/25 15:54:13 | 000,001,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
      [2010/03/29 18:45:38 | 000,000,615 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pucuy.xml
      [2012/09/04 20:08:38 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
      [2012/06/25 15:54:13 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml
      O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
      O13 - gopher Prefix: missing
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
      O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012/09/02 17:25:15 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
      [2009/01/14 21:58:16 | 000,000,658 | ---- | C] () -- C:\Users\Pepe\AppData\Roaming\wklnhst.dat
      
      :Files
      ipconfig /flushdns /c
      ipconfig /renew /c
      
      :Commands
      [PURITY]
      [EMPTYFLASH]
      [EMPTYTEMP]
      [RESETHOSTS]
      Presiona el Botón Reparar para lanzar la eliminación. Después presionas en OK.

      OTL va a Reiniciar el ordenador para completar la eliminación.

      Guardas el nuevo reporte generado, y lo copias y pegas en tu próxima respuesta.

      Antes de contestarnos revisa/actualiza tu versión de Java(Muy Importante) >> Descarga gratuita del software de Java

      Ya que las infecciones y re-infecciones vienen, entre otras causas por >> El virus de la policía aprovecha un exploit de Java "in-the-wild" el secreto su éxito

      Y cuando nos contestes dinos que versión de Java se ha quedado instalada >> ¿Cómo puedo comprobar si Java funciona en mi equipo?

      Recuerda ponernos el log de OTL, y dinos también que versión de Java tienes ahora y como sigue el ordenador, en relación al problema planteado.

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo