• Registrarse
  • Iniciar sesión


  • Resultados 1 al 7 de 7

    utilizado el polifix.exe sin resultados

    hola, buenas noches. Tal vez me puedan ayudar y estaría muy agradecido: Tengo el virus de la policia y no lo he podido desalojar con el polifix.exe. Lo tengo incrustado en un portatil con win ...

    1. #1
      Usuario Avatar de lekeitiano
      Registrado
      abr 2008
      Ubicación
      bilbo
      Mensajes
      17

      Triste utilizado el polifix.exe sin resultados

      hola, buenas noches.
      Tal vez me puedan ayudar y estaría muy agradecido:

      Tengo el virus de la policia y no lo he podido desalojar con el polifix.exe.
      Lo tengo incrustado en un portatil con win Vista 32 en un perfil de usuario que no es el administrador. En el perfil administrador windows parece que corre perfectamente y sin el virus (y eso desde el principio). Pero en el otro usuario está infectado. He corrido el polifix desde un pendrive, dandome el mensaje del Java runtime unas cuantas veces, sin resultado. adjunto el último polifix.txt:

      //////////////////// PoliFix 2.0.6 By InfoSpyware ////////////////////

      Ejecutado Desde: F:\polifix.exe
      Fecha: 10/09/2012 | Hora: 22:52:12
      Sistema Operativo: Windows Vista De X86 Bits
      Modo De Arranque: Modo Seguro
      Usuario: Xxxxx | (Administrador)
      Version De Java 32: 7.0.50.5


      =========================== Malwares Eliminados ===========================



      ============================= Poli-Heurística =============================


      ================================== Startup ================================

      HKLM - Run: [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      HKLM - Run: [BkupTray] - "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
      HKLM - Run: [RtHDVCpl] - RtHDVCpl.exe
      HKLM - Run: [Skytel] - Skytel.exe
      HKLM - Run: [PLFSetI] - C:\Windows\PLFSetI.exe
      HKLM - Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      HKLM - Run: [LManager] - C:\PROGRA~1\LAUNCH~1\LManager.exe
      HKLM - Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
      HKLM - Run: [eRecoveryService] -
      HKLM - Run: [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      HKLM - Run: [ProductReg] - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
      HKLM - Run: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      HKLM - Run: [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
      HKLM - Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      HKLM - Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
      HKLM - Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe
      HKLM - Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
      HKLM - Run: [Persistence] - C:\Windows\system32\igfxpers.exe
      HKLM - Run: [] -
      HKLM - Run: [ApnUpdater] - "C:\Program Files\Ask.com\Updater\Updater.exe"
      HKLM - Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      HKCU - Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      HKCU - Run: [DAEMON Tools Lite] - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
      HKCU - Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program

      Files\McAfee Security Scan\3.0.207\SSScheduler.exe
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program

      Files\Office2000\Office\OSA9.EXE


      ============================ Scan Suplementario ===========================

      C:\ProgramData\Adobe
      C:\ProgramData\Apple
      C:\ProgramData\Apple Computer
      C:\ProgramData\Application Data
      C:\ProgramData\Avira
      C:\ProgramData\Corel
      C:\ProgramData\DAEMON Tools Lite
      C:\ProgramData\Datos de programa
      C:\ProgramData\Desktop
      C:\ProgramData\Documentos
      C:\ProgramData\Documents
      C:\ProgramData\Escritorio
      C:\ProgramData\eSobi
      C:\ProgramData\ezsidmv.dat
      C:\ProgramData\Favorites
      C:\ProgramData\Favoritos
      C:\ProgramData\Google
      C:\ProgramData\InterVideo
      C:\ProgramData\KGyGaAvL.sys
      C:\ProgramData\LightScribe
      C:\ProgramData\McAfee
      C:\ProgramData\McAfee Security Scan
      C:\ProgramData\Menú Inicio
      C:\ProgramData\Microsoft
      C:\ProgramData\Microsoft Help
      C:\ProgramData\Panda Security
      C:\ProgramData\Partner
      C:\ProgramData\Plantillas
      C:\ProgramData\SiteAdvisor
      C:\ProgramData\Skype
      C:\ProgramData\Start Menu
      C:\ProgramData\Sun
      C:\ProgramData\Templates
      C:\ProgramData\WindowsSearch
      C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
      C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
      C:\Users\Xxxxx\AppData\Roaming\Adobe
      C:\Users\Xxxxx\AppData\Roaming\Apple Computer
      C:\Users\Xxxxx\AppData\Roaming\Corel
      C:\Users\Xxxxx\AppData\Roaming\DAEMON Tools Lite
      C:\Users\Xxxxx\AppData\Roaming\FreeAudioPack
      C:\Users\Xxxxx\AppData\Roaming\Google
      C:\Users\Xxxxx\AppData\Roaming\GRETECH
      C:\Users\Xxxxx\AppData\Roaming\Identities
      C:\Users\Xxxxx\AppData\Roaming\ImgBurn
      C:\Users\Xxxxx\AppData\Roaming\InterVideo
      C:\Users\Xxxxx\AppData\Roaming\Lost Marble
      C:\Users\Xxxxx\AppData\Roaming\Macromedia
      C:\Users\Xxxxx\AppData\Roaming\Microsoft
      C:\Users\Xxxxx\AppData\Roaming\Microsoft Web Folders
      C:\Users\Xxxxx\AppData\Roaming\Mozilla
      C:\Users\Xxxxx\AppData\Roaming\Panda Security
      C:\Users\Xxxxx\AppData\Roaming\Skype
      C:\Users\Xxxxx\AppData\Roaming\skypePM
      C:\Users\Xxxxx\AppData\Local\Temp\IEC2A2B.tmp
      C:\Users\Xxxxx\AppData\Local\Temp\NaturePack01.wmv


      ========================== 10/09/2012 - 22:52:14 ==========================


      Si necesitan más datos, por favor haganmelo saber,
      Mil gracias

    2. #2
      FS-Admin
      Avatar de @MarceloRivero
      Registrado
      ene 2005
      Ubicación
      Miami
      Mensajes
      40.914

      Re: utilizado el polifix.exe sin resultados

      Hola lekeitiano,

      La infección la tienes en el usuario administrador o en otro te comento porque PoliFix ahí corrió sobre ese usuario y no se si sea el infectado y no puede ver la infección o es que esta en otro usuario a la cual no tiene acceso...

      Genera y peganos un reporte de OTL en este mismo mensaje, pero es muy importante que todas las acciones sean sobre el usuario infectado.



      Salu2
      Marcelo Rivero
      Microsoft MVP Enterprise Security.



      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de lekeitiano
      Registrado
      abr 2008
      Ubicación
      bilbo
      Mensajes
      17

      Re: utilizado el polifix.exe sin resultados

      Hola, El Piedra y gracias por contestar.

      La infección está sobre el usuario que NO es el administrador.
      El Polifix lo corrí tanto en uno como en otro (el adjuntado es el del último polifix corrido sobre el admor).
      Pero, como el usuario infectado no es el del administrador, al intentar ejecutar el diskpart me dice que tengo que entrar como admor. y también al ejecutar el polifix desde el pendrive. Así que, no sé si al final el polifix se ejecuta sobre el usuario infectado.
      Esta noche realizaré lo del OTL, pero tendré que entrar como administrador sino no me dejará ejecutar ningún programa, no?

      Un saludo y muchas gracias

    4. #4
      Usuario Avatar de lekeitiano
      Registrado
      abr 2008
      Ubicación
      bilbo
      Mensajes
      17

      Re: utilizado el polifix.exe sin resultados

      hola,
      paso a continuación el reporte del Polifix, volcado en principio sobre el usuario infectado (aunque el sistema me obliga a ingresar contraseña de admor), o sea no sé al final si lo hace o no:

      //////////////////// PoliFix 2.0.6 By InfoSpyware ////////////////////

      Ejecutado Desde: G:\polifix.exe
      Fecha: 11/09/2012 | Hora: 19:40:50
      Sistema Operativo: Windows Vista De X86 Bits
      Modo De Arranque: Modo Seguro
      Usuario: xabier | (Administrador)
      Version De Java 32: 7.0.50.5


      =========================== Malwares Eliminados ===========================



      ============================= Poli-Heurística =============================


      ================================== Startup ================================

      HKLM - Run: [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      HKLM - Run: [BkupTray] - "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
      HKLM - Run: [RtHDVCpl] - RtHDVCpl.exe
      HKLM - Run: [Skytel] - Skytel.exe
      HKLM - Run: [PLFSetI] - C:\Windows\PLFSetI.exe
      HKLM - Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      HKLM - Run: [LManager] - C:\PROGRA~1\LAUNCH~1\LManager.exe
      HKLM - Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
      HKLM - Run: [eRecoveryService] -
      HKLM - Run: [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      HKLM - Run: [ProductReg] - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
      HKLM - Run: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      HKLM - Run: [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
      HKLM - Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      HKLM - Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe"
      HKLM - Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe
      HKLM - Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
      HKLM - Run: [Persistence] - C:\Windows\system32\igfxpers.exe
      HKLM - Run: [] -
      HKLM - Run: [ApnUpdater] - "C:\Program Files\Ask.com\Updater\Updater.exe"
      HKLM - Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      HKCU - Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      HKCU - Run: [DAEMON Tools Lite] - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
      HKCU - Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Office2000\Office\OSA9.EXE


      ============================ Scan Suplementario ===========================

      C:\ProgramData\Adobe
      C:\ProgramData\Apple
      C:\ProgramData\Apple Computer
      C:\ProgramData\Application Data
      C:\ProgramData\Avira
      C:\ProgramData\Corel
      C:\ProgramData\DAEMON Tools Lite
      C:\ProgramData\Datos de programa
      C:\ProgramData\Desktop
      C:\ProgramData\Documentos
      C:\ProgramData\Documents
      C:\ProgramData\Escritorio
      C:\ProgramData\eSobi
      C:\ProgramData\ezsidmv.dat
      C:\ProgramData\Favorites
      C:\ProgramData\Favoritos
      C:\ProgramData\Google
      C:\ProgramData\InterVideo
      C:\ProgramData\KGyGaAvL.sys
      C:\ProgramData\LightScribe
      C:\ProgramData\McAfee
      C:\ProgramData\McAfee Security Scan
      C:\ProgramData\Menú Inicio
      C:\ProgramData\Microsoft
      C:\ProgramData\Microsoft Help
      C:\ProgramData\Panda Security
      C:\ProgramData\Partner
      C:\ProgramData\Plantillas
      C:\ProgramData\SiteAdvisor
      C:\ProgramData\Skype
      C:\ProgramData\Start Menu
      C:\ProgramData\Sun
      C:\ProgramData\Templates
      C:\ProgramData\WindowsSearch
      C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
      C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
      C:\Users\xabier\AppData\Roaming\Adobe
      C:\Users\xabier\AppData\Roaming\Apple Computer
      C:\Users\xabier\AppData\Roaming\Corel
      C:\Users\xabier\AppData\Roaming\DAEMON Tools Lite
      C:\Users\xabier\AppData\Roaming\FreeAudioPack
      C:\Users\xabier\AppData\Roaming\Google
      C:\Users\xabier\AppData\Roaming\GRETECH
      C:\Users\xabier\AppData\Roaming\Identities
      C:\Users\xabier\AppData\Roaming\ImgBurn
      C:\Users\xabier\AppData\Roaming\InterVideo
      C:\Users\xabier\AppData\Roaming\Lost Marble
      C:\Users\xabier\AppData\Roaming\Macromedia
      C:\Users\xabier\AppData\Roaming\Microsoft
      C:\Users\xabier\AppData\Roaming\Microsoft Web Folders
      C:\Users\xabier\AppData\Roaming\Mozilla
      C:\Users\xabier\AppData\Roaming\Panda Security
      C:\Users\xabier\AppData\Roaming\Skype
      C:\Users\xabier\AppData\Roaming\skypePM
      C:\Users\xabier\AppData\Local\Temp\IEC2A2B.tmp
      C:\Users\xabier\AppData\Local\Temp\NaturePack01.wmv


      ========================== 11/09/2012 - 19:40:51 ==========================

      También el reporte del OTL (lo he puesto a a nalizar con archivos de 90 dias).:


      OTL logfile created on: 11/09/2012 19:53:29 - Run 1
      OTL by OldTimer - Version 3.2.61.3 Folder = G:\
      Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
      Internet Explorer (Version = 7.0.6001.18000)
      Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      1,93 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 82,77% Memory free
      4,09 Gb Paging File | 3,91 Gb Available in Paging File | 95,54% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 69,65 Gb Total Space | 1,17 Gb Free Space | 1,68% Space Free | Partition Type: NTFS
      Drive D: | 69,64 Gb Total Space | 42,92 Gb Free Space | 61,63% Space Free | Partition Type: NTFS
      Drive G: | 14,92 Gb Total Space | 13,40 Gb Free Space | 89,80% Space Free | Partition Type: NTFS

      Computer Name: MIREN1 | User Name: xabier | Logged in as Administrator.
      Boot Mode: SafeMode | Scan Mode: Current user
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

      ========== Processes (SafeList) ==========

      PRC - [2012/09/11 19:46:05 | 000,600,064 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
      PRC - [2008/01/21 04:33:22 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe


      ========== Modules (No Company Name) ==========


      ========== Services (SafeList) ==========

      SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Archivos de programa\Skype\Updater\Updater.exe -- (SkypeUpdate)
      SRV - [2011/07/29 15:17:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
      SRV - [2011/06/17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Archivos de programa\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
      SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
      SRV - [2008/03/21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Archivos de programa\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
      SRV - [2008/01/21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
      SRV - [2008/01/21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
      SRV - [2008/01/16 09:56:40 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Archivos de programa\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
      SRV - [2007/12/06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
      SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Archivos de programa\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
      SRV - [2007/02/13 02:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Archivos de programa\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
      SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Archivos de programa\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
      SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
      SRV - [2006/04/14 10:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
      SRV - [2006/04/14 10:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
      SRV - [2006/04/14 10:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
      SRV - [2005/10/14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


      ========== Driver Services (SafeList) ==========

      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
      DRV - [2011/07/29 15:17:27 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
      DRV - [2011/07/29 15:17:27 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
      DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
      DRV - [2009/11/08 14:30:04 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
      DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys -- (avgio)
      DRV - [2008/08/15 04:37:08 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
      DRV - [2008/06/30 15:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
      DRV - [2008/04/15 20:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
      DRV - [2008/04/08 20:46:02 | 000,043,736 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
      DRV - [2008/03/21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
      DRV - [2007/12/26 08:23:10 | 000,017,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TpChoice.sys -- (TpChoice)
      DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
      DRV - [2006/11/29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
      DRV - [2004/06/10 10:42:38 | 000,015,429 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sacm2A.sys -- (USBCM)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c0a&s=2&o=vb32&d=1008&m=extensa_5230
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.elpartidodehoy.es/
      IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c0a&s=2&o=vb32&d=1008&m=extensa_5230
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.elpartidodehoy.es/
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
      IE - HKCU\..\SearchScopes,DefaultScope = {78562930-2FBE-474E-B335-5EEB9C31E2A7}
      IE - HKCU\..\SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2E3B}: "URL" = http://search.elpartidodehoy.es/results.php?Keywords={searchTerms}
      IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=V-pN0WcgqA50Fo9Iu8hPHw8WxFE?q={searchTerms}
      IE - HKCU\..\SearchScopes\{78562930-2FBE-474E-B335-5EEB9C31E2A7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_es
      IE - HKCU\..\SearchScopes\{C3CD744D-2FAE-4640-8297-16B5DA423104}: "URL" = http://search.littlefighter2-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

      ========== FireFox ==========

      FF - prefs.js..browser.startup.homepage: "http://search.elpartidodehoy.es"
      FF - prefs.js..extensions.enabledAddons: [email protected]:3.14.1.100013
      FF - prefs.js..extensions.enabledItems: [email protected]:3.11.2.15576
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15
      FF - prefs.js..extensions.enabledItems: [email protected]:1.0
      FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
      FF - user.js - File not found

      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/11 22:31:57 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/11 22:31:55 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/22 22:56:56 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/11/22 22:56:56 | 000,000,000 | ---D | M]

      [2009/03/09 00:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xabier\AppData\Roaming\mozilla\Extensions
      [2011/02/12 19:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xabier\AppData\Roaming\mozilla\Firefox\Profiles\2u3lmkcm.default\extensions
      [2009/09/05 00:41:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xabier\AppData\Roaming\mozilla\Firefox\Profiles\2u3lmkcm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
      [2012/08/08 01:46:20 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\xabier\AppData\Roaming\mozilla\Firefox\Profiles\2u3lmkcm.default\extensions\[email protected]
      [2012/05/31 08:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
      [2012/05/31 08:44:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Archivos de programa\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
      [2011/11/21 06:24:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
      [2011/11/21 03:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
      [2011/11/21 03:36:35 | 000,003,996 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
      [2011/11/21 03:36:35 | 000,001,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
      [2011/11/21 03:36:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
      [2011/11/21 03:36:35 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - homepage: http://www.google.com
      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
      CHR - homepage: http://www.google.com
      CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
      CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
      CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
      CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
      CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
      CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
      CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
      CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
      CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
      CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
      CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
      CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
      CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
      CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
      CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
      CHR - plugin: Default Plug-in (Enabled) = default_plugin
      CHR - Extension: YouTube = C:\Users\xabier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
      CHR - Extension: B\u00FAsqueda de Google = C:\Users\xabier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
      CHR - Extension: Skype Click to Call = C:\Users\xabier\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
      CHR - Extension: Gmail = C:\Users\xabier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

      O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: ::1 localhost
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
      O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O2 - BHO: (Little Fighter 2 Toolbar Helper) - {AE90C38C-97CF-4696-B290-C7973DC9675E} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll File not found
      O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask)
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
      O3 - HKLM\..\Toolbar: (Little Fighter 2 Toolbar) - {C3CD744D-2FAE-4640-8297-16B5DA423104} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll File not found
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKCU\..\Toolbar\WebBrowser: (Little Fighter 2 Toolbar) - {C3CD744D-2FAE-4640-8297-16B5DA423104} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll File not found
      O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask)
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
      O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
      O4 - HKLM..\Run: [ePower_DMC] C:\Archivos de programa\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
      O4 - HKLM..\Run: [eRecoveryService] File not found
      O4 - HKLM..\Run: [LManager] C:\Archivos de programa\Launch Manager\LManager.exe (Dritek System Inc.)
      O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
      O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
      O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
      O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
      O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
      O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
      O13 - gopher Prefix: missing
      O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
      O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 10.5.1)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.142.144.66 192.168.0.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D80F39D-B66F-4B7D-9EA8-FA72003A7CDB}: DhcpNameServer = 212.142.144.66 192.168.0.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F813D6F-2C97-43F1-9DC6-5D8E450325C5}: DhcpNameServer = 212.142.144.66 212.142.144.98
      O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Common Files\Skype\Skype4COM.dll (Skype Technologies)
      O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
      O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
      O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
      O31 - SafeBoot: UseAlternatShell - 1
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

      ========== Files/Folders - Created Within 90 Days ==========

      [2012/09/10 22:38:13 | 000,000,000 | ---D | C] -- C:\_PoliFix
      [2012/08/16 20:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
      [2012/08/08 0246 | 000,000,000 | ---D | C] -- C:\Users\xabier\AppData\Local\Macromedia
      [2012/08/08 0217 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
      [2012/08/08 0217 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
      [2012/08/04 11:36:57 | 000,000,000 | ---D | C] -- C:\Users\xabier\NTI-Shadow
      [2012/07/08 16:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
      [2012/07/08 16:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
      [2012/07/08 16:11:11 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
      [2012/07/08 16:11:11 | 000,687,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
      [2012/07/08 16:11:11 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
      [2012/07/08 1619 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
      [2012/07/08 1619 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
      [2002/03/11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
      [2002/03/11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files - Modified Within 90 Days ==========

      [2012/09/11 19:53:08 | 000,730,772 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
      [2012/09/11 19:53:08 | 000,642,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2012/09/11 19:53:08 | 000,156,740 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
      [2012/09/11 19:53:08 | 000,120,982 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2012/09/11 19:48:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/09/11 19:43:59 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2012/09/11 19:42:31 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
      [2012/09/11 19:42:27 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/09/11 19:42:27 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/09/10 23:50:12 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2012/09/05 17:56:33 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
      [2012/08/30 17:39:01 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
      [2012/08/16 20:04:05 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
      [2012/08/16 20:04:05 | 000,001,951 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
      [2012/08/08 0217 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
      [2012/08/08 0217 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
      [2012/07/08 16:09:28 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
      [2012/07/08 16:09:27 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2012/06/04 16:21:49 | 000,000,466 | ---- | C] () -- C:\Windows\Disney.ini
      [2012/06/04 16:20:38 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
      [2012/06/04 16:20:38 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
      [2012/06/04 16:20:38 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
      [2010/11/22 22:14:49 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
      [2010/06/04 20:54:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
      [2009/06/23 09:16:49 | 000,024,576 | ---- | C] () -- C:\Users\xabier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2009/03/08 16:37:05 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
      [2009/01/09 22:23:12 | 124,219,031 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
      [2009/01/09 22:15:02 | 000,000,336 | ---- | C] () -- C:\Program Files\setup.ini
      [2009/01/09 22:15:00 | 009,782,272 | ---- | C] () -- C:\Program Files\openofficeorg30.msi
      [2008/12/17 12:17:14 | 000,426,776 | ---- | C] () -- C:\Program Files\setup.exe

      < End of report >

      Gracias por su tiempo!!
      Un saludo

    5. #5
      Usuario Avatar de lekeitiano
      Registrado
      abr 2008
      Ubicación
      bilbo
      Mensajes
      17

      Pregunta Re: utilizado el polifix.exe sin resultados

      Hola,
      espero que no esté cavandome mi propia fosa por autoenviarme otro mensaje, pero es que, lo siento de verdad, llevo 3 días esperando alguna respuesta desde el último reporte que hice --del polifix y OTL-- . No me tomen por impaciente, sino por desesperado,
      Un saludo al sufrido Staff

    6. #6
      FS-Admin
      Avatar de @MarceloRivero
      Registrado
      ene 2005
      Ubicación
      Miami
      Mensajes
      40.914

      Re: utilizado el polifix.exe sin resultados

      Hola, lamento la demora en mi respuesta, pero estoy con mucho trabajo...

      En tu caso el problema que veo es que tanto PoliFix como OTL lo estas ejecutando sobre el usuario administrador del equipo que está limpio, por lo que no sale ninguna infección reportada en este...

      Tendrías que intentar entrar directamente al usuario infectado.

      Si ese usuario infectado no tiene permisos de Administrador, puede que te sea más fácil, entrar al disco, salvar los archivos y borrar ese y crear un nuevo usuario.

      Lo otro que podes probar es pasarle directamente un LiveCD de Panda o Kaspersky como se recomienda en este sector:



      Prueba y nos cuentas...


      Salu2
      Marcelo Rivero
      Microsoft MVP Enterprise Security.



      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de lekeitiano
      Registrado
      abr 2008
      Ubicación
      bilbo
      Mensajes
      17

      Re: utilizado el polifix.exe sin resultados

      hola,
      misteriosamente, la infección policiaca del usuario problemático ha desaparecido. El otro día cuando pase el polifix y el OTL y expuse los reportes, todavía asomaba la chepa el maldito invasor. Pero, hoy tres días después parece como si se hubiera esfumado.
      De todas formas le he pasado el panda cloud security y os reporto lo que ha encontrado. No sé si pasarle más antivirus....:

      Malware. FILE: C:\PROGRAM FILES\WINDS PRO2\ROM\TOOLS\GAMEXP\GAMEXP.EXE to be deleted.

      Malware. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programas\WinDS PRO2\Game XP.lnk to be deleted.

      Malware. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDS PRO2\Game XP.lnk to be deleted.

      Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[SHOWSUPERHIDDEN] to be changed to: 1

      Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0