• Registrarse
  • Iniciar sesión


  • Resultados 1 al 3 de 3

    Virus "Policia Nacional"

    Hola!!! Resulta que un amigo se a topado con este famoso malware. Leiendo por aqui e visto que se soluciona facilmente via OTL asi que le e pedido que me pase el .txt. Haber si ...

    1. #1
      Usuario Avatar de begget
      Registrado
      mar 2012
      Ubicación
      Euskadi
      Mensajes
      2

      [Solucionado] Virus "Policia Nacional"

      Hola!!!

      Resulta que un amigo se a topado con este famoso malware. Leiendo por aqui e visto que se soluciona facilmente via OTL asi que le e pedido que me pase el .txt. Haber si alguien me pede ayudar




      Código:
      OTL logfile created on: 27/10/2012 14:27:20 - Run 2
      OTL by OldTimer - Version 3.2.69.0     Folder = J:\
      Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.6001.19088)
      Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy
       
      3,25 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 66,67% Memory free
      6,70 Gb Paging File | 5,83 Gb Available in Paging File | 87,09% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]
       
      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 452,70 Gb Total Space | 225,18 Gb Free Space | 49,74% Space Free | Partition Type: NTFS
      Drive D: | 13,06 Gb Total Space | 1,80 Gb Free Space | 13,82% Space Free | Partition Type: NTFS
      Drive J: | 7,45 Gb Total Space | 7,35 Gb Free Space | 98,60% Space Free | Partition Type: NTFS
       
      Computer Name: FAMILIA1 | User Name: Familia | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
       
      ========== Processes (SafeList) ==========
       
      PRC - J:\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      PRC - C:\Program Files\Norton 360\Engine\6.4.0.9\ccsvchst.exe (Symantec Corporation)
      PRC - C:\Windows\explorer.exe (Microsoft Corporation)
      PRC - C:\Windows\System32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)
       
       
      ========== Modules (No Company Name) ==========
       
       
      ========== Services (SafeList) ==========
       
      SRV - (WSearch) -- C:\Windows\system32\SearchIndexer.exe /Embedding File not found
      SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 File not found
      SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
      SRV - (N360) -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe (Symantec Corporation)
      SRV - (appdrvrem01) -- C:\Windows\System32\appdrvrem01.exe (Protection Technology)
      SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
      SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
      SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
      SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
      SRV - (libusbd) -- C:\Windows\System32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)
       
       
      ========== Driver Services (SafeList) ==========
       
      DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
      DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
      DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
      DRV - (nmwcdc) -- system32\drivers\ccdcmbo.sys File not found
      DRV - (nmwcd) -- system32\drivers\ccdcmb.sys File not found
      DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
      DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found
      DRV - (atlj0206) --  File not found
      DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121005.002\BHDrvx86.sys (Symantec Corporation)
      DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121026.032\NAVEX15.SYS (Symantec Corporation)
      DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121026.032\NAVENG.SYS (Symantec Corporation)
      DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
      DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
      DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
      DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121027.001\IDSvix86.sys (Symantec Corporation)
      DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys (Symantec Corporation)
      DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys (Symantec Corporation)
      DRV - (ccSet_N360) -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys (Symantec Corporation)
      DRV - (appdrv01) -- C:\Windows\System32\drivers\appdrv01.sys (Protection Technology)
      DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys (Symantec Corporation)
      DRV - (SYMTDIv) -- C:\Windows\System32\drivers\N360\0604000.009\symtdiv.sys (Symantec Corporation)
      DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys (Symantec Corporation)
      DRV - (SymDS) -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys (Symantec Corporation)
      DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
      DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
      DRV - (PCDSRVC{4F253FFC-7957E8FC-06000000}_0) -- c:\Program Files\PC-Doctor for Windows\pcdsrvc.pkms (PC-Doctor, Inc.)
      DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
      DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
      DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys ()
      DRV - (WLAN_USB) -- C:\Windows\System32\drivers\WLANUSB.sys (Red Inalámbrica Local)
       
       
      ========== Standard Registry (SafeList) ==========
       
       
      ========== Internet Explorer ==========
       
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
      IE - HKLM\..\SearchScopes,DefaultScope = {0753E0C1-F795-44D1-824D-04A0CB004A0C}
      IE - HKLM\..\SearchScopes\{0753E0C1-F795-44D1-824D-04A0CB004A0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1127&query={searchTerms}&invocationType=tb50hpcndtie7-es-es
      IE - HKLM\..\SearchScopes\{982EFCC5-0FF7-48B6-867A-C79755235FF4}: "URL" = http://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
      IE - HKLM\..\SearchScopes\{BDEAD927-79AA-4569-A6AF-2FCFDAD8CC70}: "URL" = http://es.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913937
       
       
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
       
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
       
       
       
      IE - HKU\S-1-5-21-1527468036-1273008986-830992328-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
      IE - HKU\S-1-5-21-1527468036-1273008986-830992328-1000\..\SearchScopes,DefaultScope = {0753E0C1-F795-44D1-824D-04A0CB004A0C}
      IE - HKU\S-1-5-21-1527468036-1273008986-830992328-1000\..\SearchScopes\{96B6CCF2-A665-4D13-937F-480A786B374F}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=es_ES&apn_ptnrs=U3&apn_dtid=OSJ111YYES&apn_uid=F0D4385C-869B-4725-B7DD-F5BCD9E3DFA0&apn_sauid=F8B092CC-70E7-4592-9A07-B13ACE0A8A95
      IE - HKU\S-1-5-21-1527468036-1273008986-830992328-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
       
      ========== FireFox ==========
       
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
      FF - user.js - File not found
       
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
      FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
       
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011/09/20 22:18:06 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/09/23 13:46:55 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012/10/27 13:58:33 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/29 11:08:18 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/13 10:09:43 | 000,000,000 | ---D | M]
       
      [2012/05/02 14:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familia.Familia1\AppData\Roaming\mozilla\Extensions
      [2012/06/14 19:54:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familia.Familia1\AppData\Roaming\mozilla\Firefox\Profiles\p0w1w4cd.default\extensions
      [2012/06/14 19:54:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Familia.Familia1\AppData\Roaming\mozilla\Firefox\Profiles\p0w1w4cd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
      [2011/07/30 11:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
      [2010/10/20 15:36:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
      [2011/07/30 11:52:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
      [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
      [2010/07/23 02:30:59 | 000,003,996 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
      [2010/07/23 02:30:59 | 000,000,751 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
      [2010/07/23 02:30:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
      [2010/07/23 02:30:59 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml
       
      O1 HOSTS File: ([2011/12/15 18:07:56 | 000,439,180 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1       localhost
      O1 - Hosts: ::1             localhost
      O1 - Hosts: 127.0.0.1	www.007guard.com
      O1 - Hosts: 127.0.0.1	007guard.com
      O1 - Hosts: 127.0.0.1	008i.com
      O1 - Hosts: 127.0.0.1	www.008k.com
      O1 - Hosts: 127.0.0.1	008k.com
      O1 - Hosts: 127.0.0.1	www.00hq.com
      O1 - Hosts: 127.0.0.1	00hq.com
      O1 - Hosts: 127.0.0.1	010402.com
      O1 - Hosts: 127.0.0.1	www.032439.com
      O1 - Hosts: 127.0.0.1	032439.com
      O1 - Hosts: 127.0.0.1	www.0scan.com
      O1 - Hosts: 127.0.0.1	0scan.com
      O1 - Hosts: 127.0.0.1	1000gratisproben.com
      O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
      O1 - Hosts: 127.0.0.1	1001namen.com
      O1 - Hosts: 127.0.0.1	www.1001namen.com
      O1 - Hosts: 127.0.0.1	100888290cs.com
      O1 - Hosts: 127.0.0.1	www.100888290cs.com
      O1 - Hosts: 127.0.0.1	www.100sexlinks.com
      O1 - Hosts: 127.0.0.1	100sexlinks.com
      O1 - Hosts: 127.0.0.1	10sek.com
      O1 - Hosts: 127.0.0.1	www.10sek.com
      O1 - Hosts: 127.0.0.1	www.1-2005-search.com
      O1 - Hosts: 15106 more lines...
      O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
      O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
      O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
      O3 - HKU\S-1-5-21-1527468036-1273008986-830992328-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
      O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
      O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
      O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
      O4 - HKU\S-1-5-21-1527468036-1273008986-830992328-1000..\Run: [HPADVISOR]  File not found
      O4 - Startup: C:\Users\Familia.Familia1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
      O13 - gopher Prefix: missing
      O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
      O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91B90BC3-153C-4823-8C67-9823CD5F4C1B}: DhcpNameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6962CA6-437F-4C8A-A648-03A223AFB52E}: DhcpNameServer = 80.58.61.250 80.58.61.254
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O24 - Desktop WallPaper: C:\Users\Familia.Familia1\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
      O24 - Desktop BackupWallPaper: C:\Users\Familia.Familia1\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
       
      CREATERESTOREPOINT
      Restore point Set: OTL Restore Point
       
      ========== Files/Folders - Created Within 30 Days ==========
       
      [2012/10/27 12:08:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
      [2012/10/13 10:09:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
      [5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
       
      ========== Files - Modified Within 30 Days ==========
       
      [2012/10/27 14:25:33 | 000,000,478 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{03AB0C60-9536-4CEF-9816-9D7A3E6C6452}.job
      [2012/10/27 14:25:33 | 000,000,448 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1676A995-3189-4A8C-B200-80306671817E}.job
      [2012/10/27 14:02:28 | 000,676,598 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
      [2012/10/27 14:02:28 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2012/10/27 14:02:28 | 000,133,064 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
      [2012/10/27 14:02:28 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2012/10/27 14:00:00 | 083,023,306 | ---- | M] () -- C:\ProgramData\netdislw.pad
      [2012/10/27 13:59:54 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2012/10/27 13:58:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
      [2012/10/27 13:58:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
      [2012/10/27 13:58:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2012/10/27 13:58:08 | 3488,849,920 | -HS- | M] () -- C:\hiberfil.sys
      [2012/10/27 12:08:57 | 000,000,778 | ---- | M] () -- C:\Users\Familia.Familia1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
      [2012/10/27 11:37:03 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2012/10/21 18:10:12 | 000,002,551 | ---- | M] () -- C:\Users\Familia.Familia1\Desktop\Microsoft Office Word 2007.lnk
      [2012/10/16 20:44:35 | 000,010,074 | ---- | M] () -- C:\Windows\System32\drivers\N360\0604000.009\VT20121008.022
      [2012/10/16 14:31:34 | 002,082,511 | ---- | M] () -- C:\Windows\System32\drivers\N360\0604000.009\Cat.DB
      [2012/10/16 14:31:22 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
      [2012/10/12 20:13:58 | 000,018,432 | ---- | M] () -- C:\Users\Familia.Familia1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/10/10 18:45:52 | 000,519,522 | ---- | M] () -- C:\Users\Familia.Familia1\Desktop\DSC01396.JPG
      [5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
       
      ========== Files Created - No Company Name ==========
       
      [2012/10/27 12:08:57 | 000,000,778 | ---- | C] () -- C:\Users\Familia.Familia1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
      [2012/10/27 12:08:55 | 083,023,306 | ---- | C] () -- C:\ProgramData\netdislw.pad
      [2012/10/25 19:40:18 | 000,000,448 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{1676A995-3189-4A8C-B200-80306671817E}.job
      [2012/10/10 18:44:30 | 000,519,522 | ---- | C] () -- C:\Users\Familia.Familia1\Desktop\DSC01396.JPG
      [2012/09/23 13:33:15 | 000,173,273 | ---- | C] () -- C:\ProgramData\1348399872.bdinstall.bin
      [2012/03/24 11:34:24 | 000,018,432 | ---- | C] () -- C:\Users\Familia.Familia1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/02/14 20:25:21 | 000,002,261 | ---- | C] () -- C:\Users\Familia.Familia1\.powerupdate.user.properties
      [2011/10/20 12:48:02 | 000,022,706 | ---- | C] () -- C:\ProgramData\1319107682.bdinstall.bin
      [2011/10/20 12:48:02 | 000,000,088 | ---- | C] () -- C:\ProgramData\1319107682.4868.bin
      [2011/09/20 23:40:51 | 000,175,599 | ---- | C] () -- C:\ProgramData\1316551538.bdinstall.bin
      [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
      [2011/02/15 19:39:33 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
       
      ========== ZeroAccess Check ==========
       
      [2006/11/02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/07 22:37:37 | 000,615,424 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
       
      ========== LOP Check ==========
       
      [2010/11/16 21:29:18 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\2K Sports
      [2011/06/18 20:43:36 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\9136136
      [2010/04/30 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\BitComet
      [2009/12/25 13:09:38 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\BitDefender
      [2010/11/16 21:12:29 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\DAEMON Tools Lite
      [2010/04/29 21:59:08 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\Datalayer
      [2010/08/16 20:01:10 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\FreeAudioPack
      [2010/08/16 20:46:05 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\FreeCDRipper
      [2011/04/01 15:20:23 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\Itsyuh
      [2011/02/09 20:10:13 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\Leadertech
      [2010/04/29 21:58:44 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\Nokia
      [2010/04/29 21:51:51 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\PC Suite
      [2011/03/26 11:44:44 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\Qooma
      [2011/09/20 22:48:54 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\QuickScan
      [2011/04/02 10:20:11 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\Samsung
      [2011/12/02 05:38:40 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\Systweak
      [2011/04/25 23:52:30 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\The Creative Assembly
      [2010/01/16 14:26:15 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\WinBatch
      [2009/12/25 12:46:46 | 000,000,000 | ---D | M] -- C:\Users\Familia\AppData\Roaming\_MDLogs
      [2012/05/11 13:33:40 | 000,000,000 | ---D | M] -- C:\Users\Familia.Familia1\AppData\Roaming\Afre
      [2011/12/15 19:38:18 | 000,000,000 | ---D | M] -- C:\Users\Familia.Familia1\AppData\Roaming\Bitdefender
      [2012/03/28 13:45:33 | 000,000,000 | ---D | M] -- C:\Users\Familia.Familia1\AppData\Roaming\CmapTools
      [2012/05/11 13:33:40 | 000,000,000 | ---D | M] -- C:\Users\Familia.Familia1\AppData\Roaming\Hiuvy
      [2012/09/23 14:46:04 | 000,000,000 | ---D | M] -- C:\Users\Familia.Familia1\AppData\Roaming\Omyb
      [2012/07/24 21:40:42 | 000,000,000 | ---D | M] -- C:\Users\Familia.Familia1\AppData\Roaming\Pro Cycling Manager 2011
      [2011/12/15 19:38:23 | 000,000,000 | ---D | M] -- C:\Users\Familia.Familia1\AppData\Roaming\Systweak
      [2011/12/17 12:44:16 | 000,000,000 | ---D | M] -- C:\Users\Familia.Familia1\AppData\Roaming\The Creative Assembly
       
      ========== Purity Check ==========
       
       
       
      ========== Custom Scans ==========
       
      < %SYSTEMDRIVE%\*.* >
      [2010/05/28 09:56:12 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
      [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
      [2012/09/23 13:31:27 | 000,698,143 | ---- | M] () -- C:\bdlog.txt
      [2008/01/21 04:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
      [2009/07/07 22:00:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
      [2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
      [2011/10/20 12:38:46 | 000,000,500 | ---- | M] () -- C:\FINIS_IT.TXT
      [2012/10/27 13:58:08 | 3488,849,920 | -HS- | M] () -- C:\hiberfil.sys
      [2012/10/27 13:58:06 | 3802,480,640 | -HS- | M] () -- C:\pagefile.sys
      [2009/07/07 13:33:10 | 000,000,349 | ---- | M] () -- C:\updatedatfix.log
      [2008/08/26 14:37:52 | 000,000,458 | ---- | M] () -- C:\Windows Sidebar
       
      ========== Alternate Data Streams ==========
       
      @Alternate Data Stream - 16 bytes -> C:\Windows\tasks\User_Feed_Synchronization-{03AB0C60-9536-4CEF-9816-9D7A3E6C6452}.job:BDU
      
      < End of report >
      Muchas gracias de antemano
      Última edición por begget fecha: 28/10/12 a las 08:00:30

    2. #2
      Ex-Colaborador Avatar de Xtreme Hero
      Registrado
      dic 2010
      Ubicación
      España
      Mensajes
      9.014

      Re: Virus "Policia Nacional"

      Hola begget Bienvenido a infospyware

      Realiza lo indicado en esta guía: Eliminar Virus de la Policía (Ransomware)

      Nos traes el reporte de Polifix y cómo funciona el sistema.

      Salu2
      Lucha Hasta El Final

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de begget
      Registrado
      mar 2012
      Ubicación
      Euskadi
      Mensajes
      2

      Re: Virus "Policia Nacional"

      Cita Originalmente publicado por Xtreme Hero Ver Mensaje
      Hola begget Bienvenido a infospyware

      Realiza lo indicado en esta guía: Eliminar Virus de la Policía (Ransomware)

      Nos traes el reporte de Polifix y cómo funciona el sistema.

      Salu2
      Muchas gracias Xtreme Hero!!

      Ya e hablado con mi amigo y me a dicho que el ordenador ya se a reinciado correctamente, despues de hacer lo que decia la pagina que me as facilitado.

      Saludos