• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 12

    Infeccion por virus de la policia

    Tengo infectado el portatil por segunda vez. He pasado el OTL y este es el reporte. Que hago ahora????? OTL logfile created on: 07/09/2012 20:09:20 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder ...

    1. #1
      Usuario Avatar de locadio2
      Registrado
      jun 2012
      Ubicación
      Barcelona
      Mensajes
      21

      Infeccion por virus de la policia

      Tengo infectado el portatil por segunda vez. He pasado el OTL y este es el reporte. Que hago ahora?????



      OTL logfile created on: 07/09/2012 20:09:20 - Run 2
      OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Administrator\Desktop
      Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.6001.18702)
      Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      1022,37 Mb Total Physical Memory | 802,56 Mb Available Physical Memory | 78,50% Memory free
      2,40 Gb Paging File | 2,33 Gb Available in Paging File | 96,82% Paging File free
      Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
      Drive C: | 67,80 Gb Total Space | 1,71 Gb Free Space | 2,53% Space Free | Partition Type: NTFS

      Computer Name: LAPTOPDELL | User Name: Administrator | Logged in as Administrator.
      Boot Mode: SafeMode | Scan Mode: Current user
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
      PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)


      ========== Modules (No Company Name) ==========


      ========== Win32 Services (SafeList) ==========

      SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
      SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
      SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
      SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
      SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
      SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
      SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
      SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
      SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
      SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
      SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
      SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
      SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
      SRV - (OMSCAN) -- C:\WINDOWS\system32\drivers\webc3sti.sys (Creative Technology Ltd.)


      ========== Driver Services (SafeList) ==========

      DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
      DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
      DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
      DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
      DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
      DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
      DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
      DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
      DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
      DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
      DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
      DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
      DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
      DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
      DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
      DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
      DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
      DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
      DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
      DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
      DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
      DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
      DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
      DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
      DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
      DRV - (ZSMC301b) -- C:\WINDOWS\system32\drivers\usbVM31b.sys (VM)
      DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
      DRV - (OMSCAN) -- C:\WINDOWS\system32\drivers\webc3sti.sys (Creative Technology Ltd.)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.es/ig/dell?hl=es&client=dell-row&channel=es&ibd=5070103
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.es/ig/dell?hl=es&client=dell-row&channel=es&ibd=5070103
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.es/ig/dell?hl=es&client=dell-row&channel=es&ibd=5070103
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://support.euro.dell.com/segment.asp?country=es&language=es
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.es/hws/sb/dell-row/es/side.html?channel=es
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.es/hws/sb/dell-row/es/side.html?channel=es
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.es/ig/dell?hl=es&client=dell-row&channel=es&ibd=5070103
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


      ========== FireFox ==========

      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
      FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
      FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/02 18:12:53 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/09/07 19:04:27 | 000,000,000 | ---D | M]


      O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
      O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
      O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
      O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120711192555.dll (McAfee, Inc.)
      O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
      O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
      O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
      O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
      O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
      O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
      O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
      O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
      O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
      O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
      O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
      O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
      O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
      O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (BIGDOG)
      O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
      O4 - HKLM..\Run: [CTSVolFE.exe] C:\Program Files\Creative\Mixer\CTSVolFE.exe (Creative Technology Ltd)
      O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
      O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
      O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
      O4 - HKLM..\Run: [PDF Converter Elite Print Dispatcher] C:\Program Files\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe (pdfconverter.com)
      O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
      O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
      O4 - HKLM..\Run: [WebCam 3 USB AutoLaunch] C:\WINDOWS\webc3lch.exe (Creative Technology Ltd.)
      O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
      O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Inicio rápido de Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TrayMin210.exe.lnk = C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe ()
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O8 - Extra context menu item: &Búsqueda en Google - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
      O8 - Extra context menu item: &Traducir palabra inglesa - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
      O8 - Extra context menu item: Instantánea de caché de la página - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
      O8 - Extra context menu item: Páginas similares - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
      O8 - Extra context menu item: Páginas vinculadas - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
      O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
      O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
      O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
      O16 - DPF: {7A953F4A-841C-4A4C-A7C1-40566070ECC2} http://www.pccwcc.com/yamamato/includes/DigitalkSIPCab.cab (DigitalkSIPCab Control)
      O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
      O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
      O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD24E8B3-D44E-4BCE-A48F-9F7432BF18EC}: DhcpNameServer = 80.58.61.250 80.58.61.254
      O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
      O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
      O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
      O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
      O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
      O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
      O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2005/12/06 02:43:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

      ========== Files/Folders - Created Within 30 Days ==========

      [2012/09/07 20:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee

      ========== Files - Modified Within 30 Days ==========

      [2012/09/07 20:05:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2012/09/07 19:59:00 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
      [2012/09/07 19:58:48 | 004,503,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\0tbpw.pad
      [2012/09/07 19:58:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
      [2012/09/07 19:56:08 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2012/09/07 18:56:41 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
      [2012/09/06 21:57:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
      [2012/09/06 21:32:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2012/09/03 21:44:23 | 000,000,017 | -H-- | M] () -- C:\WINDOWS\System32\servdat.slm
      [2012/09/03 18:48:19 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
      [2012/09/03 18:48:19 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
      [2012/09/03 18:48:18 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
      [2012/09/02 13:09:02 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
      [2012/08/16 10:33:28 | 000,357,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
      [2012/08/15 22:03:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
      [2012/08/15 17:59:15 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
      [2012/08/15 17:59:14 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

      ========== Files Created - No Company Name ==========

      [2012/09/06 21:55:24 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0tbpw.pad
      [2012/06/10 20:28:07 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uerddrms.zip
      [2012/02/16 12:51:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
      [2011/05/02 16:49:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
      [2010/10/12 17:16:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

      < End of report >

    2. #2
      Ex-Colaborador Avatar de Superlucas
      Registrado
      sep 2011
      Ubicación
      Argentina
      Mensajes
      15.747

      Re: Infeccion por virus de la policia

      Hola locadio2 :

      Edita y saca tu log de OTL por favor

      • Descarga PoliFix 2.0.5
      • Ejecuta PoliFix.exe
      • Presiona el botón Analizar
      • Al finalizar mostrara un mensaje, presiona Aceptar para permitir el reinicio.

      Ubica el reporte en C:\Polifix.txt, copia y pega su contenido en tu próxima respuesta.

      Me comentas como va el problema
      Vas a correr o vas a pelear?- Muahy Thai

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de locadio2
      Registrado
      jun 2012
      Ubicación
      Barcelona
      Mensajes
      21

      Re: Infeccion por virus de la policia

      Que quieres decir con que edite y saque el log de OTL?????

      Ya corri el polifix y parece que se ha solucionado, pero el ordenador está muy lento.

      Como obtengo el informe del polifix?????

    4. #4
      Ex-Colaborador Avatar de Superlucas
      Registrado
      sep 2011
      Ubicación
      Argentina
      Mensajes
      15.747

      Re: Infeccion por virus de la policia

      Hola ,

      Precionas en el botón editar y borras todo lo relacionado con OTL.txt

      El informe se encuentra en C:\Polifix.txt
      Vas a correr o vas a pelear?- Muahy Thai

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de locadio2
      Registrado
      jun 2012
      Ubicación
      Barcelona
      Mensajes
      21

      Re: Infeccion por virus de la policia

      Te adjunto el informe de polifix......perdona mi ignorancia informatica, EDITAR donde lo encuentro??????


      //////////////////// PoliFix 2.0.6 By InfoSpyware ////////////////////

      Ejecutado Desde: C:\Documents and Settings\BELLOS\Desktop\polifix.exe
      Fecha: 07/09/2012 | Hora: 21:34:43
      Sistema Operativo: Windows XP De X86 Bits
      Modo De Arranque: Modo Normal
      Usuario: BELLOS | (Administrador)
      Version De Java 32: 6.0.330.3
      Punto de Restauracion: PoliFix_2.0.6


      =========================== Malwares Eliminados ===========================

      C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TrayMin210.exe.lnk
      C:\Documents and Settings\BELLOS\Local Settings\temp\ Archivos temporales No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\ Temp Files No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\.zylominstallertemp1178051621
      C:\Documents and Settings\BELLOS\Local Settings\temp\046B8660-AC03-4617-88A6-8A09B6D04D03
      C:\Documents and Settings\BELLOS\Local Settings\temp\1124213400001e68r0226g75dl
      C:\Documents and Settings\BELLOS\Local Settings\temp\1124213600001e680q0xwwpk6q
      C:\Documents and Settings\BELLOS\Local Settings\temp\14.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\15.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\16.dir No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\16.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\1802DC53-CFB1-4AD1-BAD9-6B7DDA822128
      C:\Documents and Settings\BELLOS\Local Settings\temp\1EB7DA80-4255-4EB2-BE28-4BDDC0DE233C
      C:\Documents and Settings\BELLOS\Local Settings\temp\37.dir
      C:\Documents and Settings\BELLOS\Local Settings\temp\41.dir
      C:\Documents and Settings\BELLOS\Local Settings\temp\53C640FE-8C9C-4099-A5A4-D6D78E7A6212
      C:\Documents and Settings\BELLOS\Local Settings\temp\53F32E1D-BAB0-7891-8D88-102104D43AB8
      C:\Documents and Settings\BELLOS\Local Settings\temp\5b09_appcompat.txt
      C:\Documents and Settings\BELLOS\Local Settings\temp\6B.dir
      C:\Documents and Settings\BELLOS\Local Settings\temp\6E488A08-3195-4534-AAAB-0E7006088CB8
      C:\Documents and Settings\BELLOS\Local Settings\temp\71E5D01B-BAB0-7891-AE8F-0B2B3DDBAE4E
      C:\Documents and Settings\BELLOS\Local Settings\temp\768FEDBC-9495-4CA5-BF8A-76138F40A8AF
      C:\Documents and Settings\BELLOS\Local Settings\temp\80C4329C-4C4C-4CFE-8ACC-0E2BB202F490
      C:\Documents and Settings\BELLOS\Local Settings\temp\aad874.mst
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC39.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC3A.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC3B.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC3C.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC3D.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC4F.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC50.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC52.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC55.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC56.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC57.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC58.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC59.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC5A.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC5B.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC5C.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC5D.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC5E.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC5F.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC60.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC61.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC62.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC63.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC64.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC65.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC66.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC67.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC68.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC69.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC6D.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC6E.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC71.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC72.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC73.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC74.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC75.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC76.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC77.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC78.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC79.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC7A.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC80.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AC81.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AcrD5A7.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\Adobe No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\Archivos temporales de Internet No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\ASKD6.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\AUCHECK_CORE.txt
      C:\Documents and Settings\BELLOS\Local Settings\temp\AUCHECK_PARSER.txt
      C:\Documents and Settings\BELLOS\Local Settings\temp\B0955A59-5580-4C52-AAAC-A4C0130481FE
      C:\Documents and Settings\BELLOS\Local Settings\temp\B6EF3ACB-7C7F-44AB-BAE8-65F8C89BA9C7
      C:\Documents and Settings\BELLOS\Local Settings\temp\cff8_appcompat.txt
      C:\Documents and Settings\BELLOS\Local Settings\temp\control.xml
      C:\Documents and Settings\BELLOS\Local Settings\temp\Corel PaintShop Photo Pro X3 No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\D.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\d481_appcompat.txt
      C:\Documents and Settings\BELLOS\Local Settings\temp\deploy2274345849925199771.dll
      C:\Documents and Settings\BELLOS\Local Settings\temp\Directorio temporal 1 para Consentimientos informados urología 7.zip No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\Directorio temporal 1 para Hermanos Valentini y Tia Maria.zip No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\Directorio temporal 1 para HS24971.ZIP No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\Directorio temporal 1 para HS40611.ZIP No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\Directorio temporal 1 para Step2Download.zip
      C:\Documents and Settings\BELLOS\Local Settings\temp\dw.log
      C:\Documents and Settings\BELLOS\Local Settings\temp\Excel8.0
      C:\Documents and Settings\BELLOS\Local Settings\temp\FABD7C49-5A93-4679-83E0-5FD2849D76F3 No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\fla62.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\fla69.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\fla6A.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\fwDumpFolder-1009363798 No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\Garmin Communicator Plug-In No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\ge10752 No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\ge11216 No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\ge4816 No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\ge5820 No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\ge5840 No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\ge5852 No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\ge6456 No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\ge9756 No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\hsperfdata_BELLOS
      C:\Documents and Settings\BELLOS\Local Settings\temp\ImageUploader_Temp No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\jar_cache5950454904519223094.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\java_install.log
      C:\Documents and Settings\BELLOS\Local Settings\temp\java_install_reg.log
      C:\Documents and Settings\BELLOS\Local Settings\temp\java_install_sp.log
      C:\Documents and Settings\BELLOS\Local Settings\temp\jinstall.cfg
      C:\Documents and Settings\BELLOS\Local Settings\temp\jre-6u33-windows-i586-iftw.exe
      C:\Documents and Settings\BELLOS\Local Settings\temp\jusched.log
      C:\Documents and Settings\BELLOS\Local Settings\temp\MessengerCache
      C:\Documents and Settings\BELLOS\Local Settings\temp\msohtml No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\msohtml1 No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\OIS No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\om210.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\om2C.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\om2D.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\om2F.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\outlook logging
      C:\Documents and Settings\BELLOS\Local Settings\temp\pdfconverter.com No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\Perflib_Perfdata_15c.dat
      C:\Documents and Settings\BELLOS\Local Settings\temp\Perflib_Perfdata_8cc.dat
      C:\Documents and Settings\BELLOS\Local Settings\temp\Perflib_Perfdata_9e0.dat
      C:\Documents and Settings\BELLOS\Local Settings\temp\Perflib_Perfdata_a6c.dat
      C:\Documents and Settings\BELLOS\Local Settings\temp\Polifix
      C:\Documents and Settings\BELLOS\Local Settings\temp\qtplugin.log
      C:\Documents and Settings\BELLOS\Local Settings\temp\SHREDDER.tmp No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\SkypeSetup.exe
      C:\Documents and Settings\BELLOS\Local Settings\temp\synchronize.log
      C:\Documents and Settings\BELLOS\Local Settings\temp\TWAIN.LOG
      C:\Documents and Settings\BELLOS\Local Settings\temp\Twain001.Mtx
      C:\Documents and Settings\BELLOS\Local Settings\temp\Twunk001.MTX
      C:\Documents and Settings\BELLOS\Local Settings\temp\Twunk002.MTX
      C:\Documents and Settings\BELLOS\Local Settings\temp\VBE
      C:\Documents and Settings\BELLOS\Local Settings\temp\VGX64.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\VGX65.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\WER1ee4.dir00
      C:\Documents and Settings\BELLOS\Local Settings\temp\WER4bc7.dir00
      C:\Documents and Settings\BELLOS\Local Settings\temp\WERaaab.dir00 No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\WERe650.dir00
      C:\Documents and Settings\BELLOS\Local Settings\temp\WERfbdf.dir00 No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\Windows Live Toolbar
      C:\Documents and Settings\BELLOS\Local Settings\temp\Word8.0
      C:\Documents and Settings\BELLOS\Local Settings\temp\wpbt0.dll
      C:\Documents and Settings\BELLOS\Local Settings\temp\WPDNSE No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\wrd806dc.~lk
      C:\Documents and Settings\BELLOS\Local Settings\temp\{31B3CF08-F0EB-4E89-8B37-7491559D44AB} No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\{34D72C13-ED1A-4DA9-9476-331EEBCA72C7} No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\{3BC99094-ECE8-4173-B5F3-0853D1CDAED1} No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\{59446F60-82F3-4B40-B33E-D6CADE31361D} No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\{649944D1-BF93-4242-9CE8-D2DB5CC95AB0} No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\{928598C3-187B-4DDB-8C0F-FF5D96688A92} No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\{BABC1854-3A76-40A4-829C-30619124A181} No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\{E1CBDD33-21A2-476A-AC82-931605322DE2} No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\{ECE31D91-7C8D-4E72-9B65-68612B74DAAE} No se pudo Borrar
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DF101D.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DF1597.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DF2874.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DF2890.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DF29E4.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DF325.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DF3982.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DF5CE9.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DF643.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DF6791.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DF6E50.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DF7013.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DF98EE.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DFB7A6.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DFD31B.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DFE681.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~DFEBE.tmp
      C:\Documents and Settings\BELLOS\Local Settings\temp\~WRD3765.doc
      C:\Documents and Settings\BELLOS\Start Menu\Programs\Startup\ctfmon.lnk
      HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | load


      ============================= Poli-Heurística =============================


      ================================== Startup ================================

      HKLM - Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe
      HKLM - Run: [SigmatelSysTrayApp] - stsystra.exe
      HKLM - Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      HKLM - Run: [Dell QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe
      HKLM - Run: [ATICCC] - "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
      HKLM - Run: [Broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe
      HKLM - Run: [CTSVolFE.exe] - "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
      HKLM - Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe
      HKLM - Run: [ISUSPM Startup] - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      HKLM - Run: [ISUSScheduler] - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      HKLM - Run: [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      HKLM - Run: [PCMService] - "C:\Program Files\Dell\MediaDirect\PCMService.exe"
      HKLM - Run: [WebCam 3 USB AutoLaunch] - webc3lch.exe
      HKLM - Run: [BigDogPath] - C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
      HKLM - Run: [PDF Converter Elite Print Dispatcher] - C:\Program Files\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe
      HKLM - Run: [BlackBerryAutoUpdate] - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
      HKLM - Run: [RoxWatchTray] - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
      HKLM - Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
      HKLM - Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      HKLM - Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      HKLM - Run: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime
      HKLM - Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
      HKLM - Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      HKCU - Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
      HKCU - Run: [ModemOnHold] - C:\Program Files\NetWaiting\netWaiting.exe
      HKCU - Run: [MSMSGS] - "C:\Program Files\Messenger\msmsgs.exe" /background
      HKCU - Run: [OM2_Monitor] - "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
      HKCU - Run: [ISUSPM] - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      HKCU - Run: [updateMgr] - "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      HKCU - Run: [cdloader] - "C:\Documents and Settings\BELLOS\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
      HKCU - Run: [Corel Photo Downloader] - "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
      HKCU - Run: [uerddrmsfcbjuyv] - C:\Documents and Settings\All Users\Application Data\uerddrms.exe
      Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Administrador de servicios.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
      Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
      Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Inicio rápido de Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


      ============================ Scan Suplementario ===========================

      C:\Documents and Settings\All Users\Application Data\0008F9243E.sys
      C:\Documents and Settings\All Users\Application Data\0700AC0EA8.sys
      C:\Documents and Settings\All Users\Application Data\0tbpw.pad
      C:\Documents and Settings\All Users\Application Data\Adobe
      C:\Documents and Settings\All Users\Application Data\Apple
      C:\Documents and Settings\All Users\Application Data\Apple Computer
      C:\Documents and Settings\All Users\Application Data\Corel
      C:\Documents and Settings\All Users\Application Data\CyberLink
      C:\Documents and Settings\All Users\Application Data\Dell
      C:\Documents and Settings\All Users\Application Data\desktop.ini
      C:\Documents and Settings\All Users\Application Data\Downloaded Installations
      C:\Documents and Settings\All Users\Application Data\EPSON
      C:\Documents and Settings\All Users\Application Data\GARMIN
      C:\Documents and Settings\All Users\Application Data\Google
      C:\Documents and Settings\All Users\Application Data\Google Updater
      C:\Documents and Settings\All Users\Application Data\GTek
      C:\Documents and Settings\All Users\Application Data\InstallShield
      C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
      C:\Documents and Settings\All Users\Application Data\magicJack
      C:\Documents and Settings\All Users\Application Data\McAfee
      C:\Documents and Settings\All Users\Application Data\McAfee.com
      C:\Documents and Settings\All Users\Application Data\Microsoft
      C:\Documents and Settings\All Users\Application Data\PC Suite
      C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
      C:\Documents and Settings\All Users\Application Data\Research In Motion
      C:\Documents and Settings\All Users\Application Data\Roxio
      C:\Documents and Settings\All Users\Application Data\SiteAdvisor
      C:\Documents and Settings\All Users\Application Data\Skype
      C:\Documents and Settings\All Users\Application Data\Skype Extras
      C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
      C:\Documents and Settings\All Users\Application Data\Sonic
      C:\Documents and Settings\All Users\Application Data\Sun
      C:\Documents and Settings\All Users\Application Data\TEMP
      C:\Documents and Settings\All Users\Application Data\UDL
      C:\Documents and Settings\All Users\Application Data\uerddrms.zip
      C:\Documents and Settings\All Users\Application Data\Ulead Systems
      C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
      C:\Documents and Settings\All Users\Application Data\WLInstaller
      C:\Documents and Settings\All Users\Application Data\Zylom
      C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
      C:\Documents and Settings\BELLOS\Application Data\Adobe
      C:\Documents and Settings\BELLOS\Application Data\AdobeUM
      C:\Documents and Settings\BELLOS\Application Data\APLI
      C:\Documents and Settings\BELLOS\Application Data\Apple Computer
      C:\Documents and Settings\BELLOS\Application Data\ATI
      C:\Documents and Settings\BELLOS\Application Data\Babylon
      C:\Documents and Settings\BELLOS\Application Data\Blackberry Desktop
      C:\Documents and Settings\BELLOS\Application Data\com.acrobat.createpdf.CreatePDFDesktop
      C:\Documents and Settings\BELLOS\Application Data\ContentGuard
      C:\Documents and Settings\BELLOS\Application Data\Corel
      C:\Documents and Settings\BELLOS\Application Data\CyberLink
      C:\Documents and Settings\BELLOS\Application Data\Datalayer
      C:\Documents and Settings\BELLOS\Application Data\desktop.ini
      C:\Documents and Settings\BELLOS\Application Data\EPSON
      C:\Documents and Settings\BELLOS\Application Data\GARMIN
      C:\Documents and Settings\BELLOS\Application Data\Google
      C:\Documents and Settings\BELLOS\Application Data\Gtek
      C:\Documents and Settings\BELLOS\Application Data\Identities
      C:\Documents and Settings\BELLOS\Application Data\InstallShield
      C:\Documents and Settings\BELLOS\Application Data\IRCAD
      C:\Documents and Settings\BELLOS\Application Data\Leadertech
      C:\Documents and Settings\BELLOS\Application Data\Macromedia
      C:\Documents and Settings\BELLOS\Application Data\McAfee
      C:\Documents and Settings\BELLOS\Application Data\Microsoft
      C:\Documents and Settings\BELLOS\Application Data\mjusbsp
      C:\Documents and Settings\BELLOS\Application Data\Mozilla
      C:\Documents and Settings\BELLOS\Application Data\Nokia
      C:\Documents and Settings\BELLOS\Application Data\Nokia Multimedia Player
      C:\Documents and Settings\BELLOS\Application Data\PC Suite
      C:\Documents and Settings\BELLOS\Application Data\Research In Motion
      C:\Documents and Settings\BELLOS\Application Data\Roxio
      C:\Documents and Settings\BELLOS\Application Data\Skype
      C:\Documents and Settings\BELLOS\Application Data\skypePM
      C:\Documents and Settings\BELLOS\Application Data\Sonic
      C:\Documents and Settings\BELLOS\Application Data\SopCast
      C:\Documents and Settings\BELLOS\Application Data\Sun
      C:\Documents and Settings\BELLOS\Application Data\TVU Networks
      C:\Documents and Settings\BELLOS\Application Data\U3
      C:\Documents and Settings\BELLOS\Application Data\Ulead Systems
      C:\Documents and Settings\BELLOS\Application Data\VideoLAN
      C:\Documents and Settings\BELLOS\Application Data\Windows Live Writer
      C:\Documents and Settings\BELLOS\Application Data\Zylom


      ========================== 07/09/2012 - 21:35:34 ==========================

    6. #6
      Ex-Colaborador Avatar de Superlucas
      Registrado
      sep 2011
      Ubicación
      Argentina
      Mensajes
      15.747

      Re: Infeccion por virus de la policia

      Hola ,

      Descarga OTM by Oltimer y lo copias al escritorio
      Dale doble clic en el icono de OTM para poder abrirlo
      Copiar el texto que se encuentra dentro del recuadrado de abajo, y pegar el texto en el marco izquierdo de OTMoveIt llamado "Paste instruccions for items to be moved ".

      Código:
      :files
      C:\Documents and Settings\BELLOS\Local Settings\temp\16.dir
      C:\Documents and Settings\All Users\Application Data\0008F9243E.sys
      C:\Documents and Settings\All Users\Application Data\0700AC0EA8.sys
      C:\Documents and Settings\All Users\Application Data\0tbpw.pad
      C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
      :commands
      [resethosts]
      [emptytemp]
      [createrestorepoint]
      Presiona sobre el boton Moveit! para empezar el proceso de eliminación, posiblemente se le pida reiniciar la pc tenemos que ponerle a Si! ya que es fundamental para eliminar los archivos .

      Los resultados aparecen despues del reinicio en C: \ _ OTM\MovedFiles\***_***.log (Donde sale "***_***" es la fecha y hora). Tenes que pegarme el informe de OTM en tu próxima respuesta.

      Nota: Es posible que note archivos u carpetas visibles en el escritorio y/o en otro apartado del sistema, esto es normal, al finalizar los procedimientos, todo volverá a la normalidad.
      Tenes un zoologico de malware en tu pc.


      Descarga TDSSKiller.zip a tu escritorio.
      Desconecta tu ordenador de Internet (Desconecta el cable).
      • Descomprime el archivo tdsskiller.zip
      • Ejecuta el archivo TDSSKiller.exe Si usas Vista o 7 presiona clic derecho ejecutar como administrador.
      • Presiona clic sobre
      • Marca también las casillas:

      • Presiona clic sobre el botón

        .
      • TDSSKiller comenzara a analizar el equipo.
      • Si el equipo no está infectado:
      • Mostrara
      • No threats found.
      • Presiona clic sobre el botón "Close"
      • Si el equipo está infectado:
      • Mostrara:
      • Threats detected.
      • Select action for found objects:

      • Malware object, high risk. La acción predeterminada es "Cure" o "Delete".
      • Suspicious object, medium risk. Usa siempre la opción "Skip"
      • El programa selecciona de forma automática la acción a tomar.
      • Presiona clic sobre el botón "Continue"
      • Para desinfectar correctamente el Sistema, puede solicitarle reiniciar el equipo.
      • Presiona clic sobre el botón

      • Abre el reporte de TDSSKiller, ubicado en C:\TDSSKiller.x.xx.x_xx.xx.xxxx_xx.xx.xx_log.txt, donde "x.xx.x_xx.xx.xxxx_xx.xx.xx" son versión, fecha y hora.
      • Copia y pega su contenido en tu próxima respuesta.
      Última edición por Superlucas fecha: 07/09/12 a las 16:22:48
      Vas a correr o vas a pelear?- Muahy Thai

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de locadio2
      Registrado
      jun 2012
      Ubicación
      Barcelona
      Mensajes
      21

      Re: Infeccion por virus de la policia

      Listo ya pasé el OTM (adjunto el informe).

      Ahora ejecuto el TDSSKiller??????


      All processes killed
      ========== FILES ==========
      File/Folder C:\Documents and Settings\BELLOS\Local Settings\temp\16.dir not found.
      C:\Documents and Settings\All Users\Application Data\0008F9243E.sys moved successfully.
      C:\Documents and Settings\All Users\Application Data\0700AC0EA8.sys moved successfully.
      C:\Documents and Settings\All Users\Application Data\0tbpw.pad moved successfully.
      C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys moved successfully.
      ========== COMMANDS ==========
      C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
      HOSTS file reset successfully

      [EMPTYTEMP]

      User: Administrator
      ->Temp folder emptied: 949847 bytes
      ->Temporary Internet Files folder emptied: 33170 bytes

      User: All Users

      User: BELLOS
      ->Temp folder emptied: 401 bytes
      ->Temporary Internet Files folder emptied: 348542119 bytes
      ->Java cache emptied: 82507465 bytes
      ->Flash cache emptied: 16948859 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 33170 bytes
      ->Flash cache emptied: 0 bytes

      User: LocalService
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 33170 bytes
      ->Flash cache emptied: 0 bytes

      User: NetworkService
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 33170 bytes

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32\dllcache .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 2787662 bytes
      %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 28771300 bytes
      %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
      RecycleBin emptied: 103483411 bytes

      Total Files Cleaned = 557,00 mb

      Restore point Set: OTM Restore Point

      OTM by OldTimer - Version 3.1.21.0 log created on 09072012_224317

    8. #8
      Ex-Colaborador Avatar de Superlucas
      Registrado
      sep 2011
      Ubicación
      Argentina
      Mensajes
      15.747

      Re: Infeccion por virus de la policia

      Hola ,

      Si, Ejecuta Tdsskiller
      Vas a correr o vas a pelear?- Muahy Thai

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de locadio2
      Registrado
      jun 2012
      Ubicación
      Barcelona
      Mensajes
      21

      Re: Infeccion por virus de la policia

      Ya pase el TDSSKiller ---> No THREATS FOUND......como se cual es la version, fecha y hora para conseguir el informe?????

    10. #10
      Ex-Colaborador Avatar de Superlucas
      Registrado
      sep 2011
      Ubicación
      Argentina
      Mensajes
      15.747

      Re: Infeccion por virus de la policia

      Hola ,

      Abre el reporte de TDSSKiller, ubicado en C:\TDSSKiller.x.xx.x_xx.xx.xxxx_xx.xx.xx_log.txt, donde "x.xx.x_xx.xx.xxxx_xx.xx.xx" son versión, fecha y hora.( Tendrías que tener un solo informe) abrís y pegas todo el contenido acá
      Vas a correr o vas a pelear?- Muahy Thai

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo