• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 17

    Virus Ukash con foto y todo

    Hola a todos, he visto en el foro los temas de este tedioso virus, he probado con el polifix y lo que recomiendan en algunas soluciones, ya que con esas no me habian funcionado decidi ...

    1. #1
      Usuario Avatar de catyuska85
      Registrado
      jul 2009
      Ubicación
      las palmas
      Mensajes
      19

      Malware Virus Ukash con foto y todo

      Hola a todos, he visto en el foro los temas de este tedioso virus, he probado con el polifix y lo que recomiendan en algunas soluciones, ya que con esas no me habian funcionado decidi hacerle una pasada al pc con otl.exe, y ver si me podian indicar donde esta el fallo, he de comentarles que este pc tiene la cuenta de administrador y otra de invitado, en la de administrador todo bien, pero la cuenta de invitado me sale el pantallazo con foto incluida desde la webcam, este es el reporte del otl.exe, espero que me puedan ayudar, y que no vuelva a aparecer mas xD lo habia conseguido en intentos anteriores pero al final seguia saliendo, sin mas preámbulos el reporte y gracias por adelantado :

      ra OTL logfile created on: 07/04/2013 23:09:20 - Run 1
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\usuario\Downloads
      Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      1,97 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,89% Memory free
      3,93 Gb Paging File | 2,79 Gb Available in Paging File | 71,00% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 465,66 Gb Total Space | 421,03 Gb Free Space | 90,41% Space Free | Partition Type: NTFS

      Computer Name: USUARIO-PC | User Name: usuario | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

      ========== Processes (SafeList) ==========

      PRC - [2013/04/07 23:08:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\usuario\Downloads\OTL.exe
      PRC - [2012/09/13 01:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Archivos de programa\Logitech\LWS\Webcam Software\LWS.exe
      PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
      PRC - [2010/11/20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe
      PRC - [2010/11/20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
      PRC - [2009/07/14 02:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe


      ========== Modules (No Company Name) ==========

      MOD - [2013/03/11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Users\usuario\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
      MOD - [2013/03/11 01:22:05 | 012,662,224 | ---- | M] () -- C:\Users\usuario\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
      MOD - [2013/03/11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Users\usuario\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
      MOD - [2013/03/11 01:21:18 | 000,596,944 | ---- | M] () -- C:\Users\usuario\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
      MOD - [2013/03/11 01:21:18 | 000,124,368 | ---- | M] () -- C:\Users\usuario\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll
      MOD - [2013/03/11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Users\usuario\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
      MOD - [2012/09/13 01:38:52 | 007,955,304 | ---- | M] () -- C:\Archivos de programa\Logitech\LWS\Webcam Software\QTGui4.dll
      MOD - [2012/09/13 01:38:52 | 000,341,352 | ---- | M] () -- C:\Archivos de programa\Logitech\LWS\Webcam Software\QTXml4.dll
      MOD - [2012/09/13 01:38:52 | 000,127,336 | ---- | M] () -- C:\Archivos de programa\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
      MOD - [2012/09/13 01:38:52 | 000,028,008 | ---- | M] () -- C:\Archivos de programa\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
      MOD - [2012/09/13 01:38:44 | 002,144,104 | ---- | M] () -- C:\Archivos de programa\Logitech\LWS\Webcam Software\QTCore4.dll


      ========== Services (SafeList) ==========

      SRV - [2013/03/14 00:11:11 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
      SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Archivos de programa\Skype\Updater\Updater.exe -- (SkypeUpdate)
      SRV - [2010/11/20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
      SRV - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)
      SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
      SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
      SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
      SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
      SRV - [2003/07/28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


      ========== Driver Services (SafeList) ==========

      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
      DRV - [2012/09/21 20:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
      DRV - [2012/09/21 20:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
      DRV - [2011/01/10 19:16:16 | 000,018,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)
      DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
      DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
      DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
      DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
      DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
      DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
      DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
      DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
      DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
      DRV - [2009/07/13 23:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
      DRV - [2006/12/05 12:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fissa.com/es/?s=h&c=1210028959&suid=EyxL9Zhsj&d=8&pid=
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?ocid=iehp
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ES
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 23 BC 02 AF ED CC 01 [binary data]
      IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}: "URL" = http://www.fissa.com/es/results/?s=b&c=1210028959&suid=EyxL9Zhsj&d=8&pid=&q={searchTerms}
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


      ========== FireFox ==========

      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\usuario\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\usuario\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/25 13:55:50 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

      [2012/08/14 11:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
      [2011/09/29 08:12:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
      [2011/09/29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
      [2011/09/29 02:43:41 | 000,003,996 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
      [2011/09/29 02:43:41 | 000,001,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
      [2011/09/29 02:43:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
      [2011/09/29 02:43:41 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
      CHR - homepage: http://www.google.com/
      CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Users\usuario\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\usuario\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Users\usuario\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
      CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
      CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
      CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
      CHR - plugin: Google Update (Enabled) = C:\Users\usuario\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
      CHR - plugin: Default Plug-in (Enabled) = default_plugin
      CHR - Extension: YouTube = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
      CHR - Extension: \u2605 Chrome Extensions = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmbpbbnadaecbckmojfinokdnaegcafp\22.3.1229.79_0\
      CHR - Extension: B\u00FAsqueda de Google = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
      CHR - Extension: B\u00FAsqueda de Google = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
      CHR - Extension: Viderio = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifdhgolccnkcbgpclpngdpjfahlnalig\2.1_0\
      CHR - Extension: Link Protection = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfbanchahcmceflmmjecaodnbfglcf\1.0.3_0\
      CHR - Extension: Gmail = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

      O1 HOSTS File: ([2012/10/29 11:27:04 | 000,000,804 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre7\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
      O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
      O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
      O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
      O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
      O13 - gopher Prefix: missing
      O15 - HKCU\..Trusted Domains: fnmt.es ([]http in Sitios de confianza)
      O15 - HKCU\..Trusted Domains: fnmt.es ([]https in Sitios de confianza)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F5CF1D7-2AC6-4602-9133-5DC2C67094FA}: DhcpNameServer = 80.58.61.250 80.58.61.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{757E9DBA-81B2-47CB-A790-CA05C924161D}: DhcpNameServer = 212.40.224.73 62.42.230.24
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Common Files\Skype\Skype4COM.dll (Skype Technologies)
      O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      ========== Files/Folders - Created Within 90 Days ==========

      [2013/04/07 23:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
      [2013/04/07 23:06:11 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
      [2013/04/07 23:06:11 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
      [2013/04/07 23:05:38 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
      [2013/04/07 23:05:38 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
      [2013/04/07 23:05:38 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
      [2013/04/07 23:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java
      [2013/03/03 14:07:29 | 000,000,000 | ---D | C] -- C:\_PoliFix
      [2013/03/03 13:58:27 | 000,000,000 | R--D | C] -- C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
      [2013/02/12 14:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
      [2013/02/12 14:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
      [2013/02/12 12:25:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
      [2013/02/11 18:34:27 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Logitech® Webcam Software
      [2013/02/11 18:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
      [2013/02/11 18:31:26 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Roaming\Leadertech
      [2013/02/11 18:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
      [2013/02/11 18:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
      [2013/02/11 18:25:31 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
      [2013/02/11 18:25:31 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
      [2013/02/11 18:25:19 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
      [2013/02/11 18:25:19 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
      [2013/02/11 18:25:19 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
      [2013/02/11 18:25:10 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
      [2013/02/11 18:25:10 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
      [2013/02/11 18:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Viderio
      [2013/02/11 18:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\LinkProtection
      [2013/02/10 15:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
      [2013/01/31 1024 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\ElevatedDiagnostics
      [2013/01/30 15:59:16 | 000,000,000 | ---D | C] -- C:\Windows\PixArt
      [2013/01/30 15:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      [2013/01/30 15:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
      [2012/10/02 13:52:33 | 001,496,760 | ---- | C] (Aedge Performance BCN SL) -- C:\Program Files\MyPDFConverter-setup.exe
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files - Modified Within 90 Days ==========

      [2013/04/07 23:11:05 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2013/04/07 23:05:27 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
      [2013/04/07 23:05:27 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
      [2013/04/07 23:05:27 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
      [2013/04/07 23:05:27 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
      [2013/04/07 23:05:27 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
      [2013/04/07 23:05:27 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
      [2013/04/07 23:00:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2013/04/07 23:00:25 | 1582,686,208 | -HS- | M] () -- C:\hiberfil.sys
      [2013/04/07 08:13:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3955974185-1113007064-3405783095-1000UA.job
      [2013/03/31 01:13:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3955974185-1113007064-3405783095-1000Core.job
      [2013/03/18 08:15:57 | 000,002,380 | ---- | M] () -- C:\Users\usuario\Desktop\Google Chrome.lnk
      [2013/03/14 00:11:11 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
      [2013/03/14 00:11:11 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
      [2013/03/03 2115 | 000,017,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2013/03/03 2115 | 000,017,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2013/02/12 14:47:53 | 000,008,192 | ---- | M] () -- C:\shldr.mbr
      [2013/02/12 14:32:45 | 095,023,320 | ---- | M] () -- C:\ProgramData\4063716.pad
      [2013/02/12 14:17:02 | 000,002,809 | ---- | M] () -- C:\ProgramData\4063716.js
      [2013/02/12 14:00:29 | 000,707,200 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
      [2013/02/12 14:00:29 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2013/02/12 14:00:29 | 000,138,768 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
      [2013/02/12 14:00:29 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2013/02/11 18:29:58 | 000,001,582 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
      [2013/02/11 18:21:40 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
      [2013/02/11 18:21:40 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
      [2013/01/31 1036 | 000,001,107 | ---- | M] () -- C:\Users\usuario\Desktop\CIF Single Chip.lnk
      [2013/01/30 16:08:26 | 000,921,632 | ---- | M] () -- C:\PA207.DAT
      [2013/01/30 14:45:28 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
      [2013/01/30 14:32:51 | 000,002,574 | ---- | M] () -- C:\Users\usuario\Desktop\copia de cert dig.pfx
      [2013/01/30 14:20:57 | 000,099,436 | ---- | M] () -- C:\Users\usuario\Desktop\LORENZO CÁRDENES %2c YUNEIDA DEL PINO (2).pdf
      [2013/01/08 16:21:23 | 000,301,531 | ---- | M] () -- C:\Users\usuario\Desktop\Certificado_onCampus_4145.pdf
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2013/02/12 15:13:14 | 000,285,747 | ---- | C] () -- C:\shldr
      [2013/02/12 15:13:14 | 000,008,192 | ---- | C] () -- C:\shldr.mbr
      [2013/02/12 09:15:43 | 000,002,809 | ---- | C] () -- C:\ProgramData\4063716.js
      [2013/02/12 09:15:41 | 095,023,320 | ---- | C] () -- C:\ProgramData\4063716.pad
      [2013/02/11 18:29:58 | 000,001,582 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
      [2013/01/31 1036 | 000,001,107 | ---- | C] () -- C:\Users\usuario\Desktop\CIF Single Chip.lnk
      [2013/01/30 16:08:23 | 000,921,632 | ---- | C] () -- C:\PA207.DAT
      [2013/01/30 14:32:51 | 000,002,574 | ---- | C] () -- C:\Users\usuario\Desktop\copia de cert dig.pfx
      [2013/01/30 14:20:57 | 000,099,436 | ---- | C] () -- C:\Users\usuario\Desktop\LORENZO CÁRDENES %2c YUNEIDA DEL PINO (2).pdf
      [2013/01/08 16:21:23 | 000,301,531 | ---- | C] () -- C:\Users\usuario\Desktop\Certificado_onCampus_4145.pdf
      [2012/12/17 13:20:24 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
      [2012/10/02 13:54:09 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll
      [2012/09/21 20:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
      [2012/09/21 20:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
      [2012/09/21 20:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
      [2012/05/13 22:55:22 | 000,003,584 | ---- | C] () -- C:\Users\usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/02/03 12:06:18 | 000,000,067 | ---- | C] () -- C:\Windows\wininit.ini
      [2012/01/25 14:02:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
      [2012/01/25 13:59:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
      [2012/01/25 13:55:05 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
      [2012/01/25 13:55:05 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
      [2012/01/25 13:55:05 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
      [2012/01/25 13:55:04 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
      [2012/01/25 13:55:04 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
      [2012/01/25 13:46:47 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
      [2012/01/25 13:46:47 | 000,018,544 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
      [2012/01/25 13:45:46 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
      [2012/01/25 13:45:11 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
      [2012/01/25 13:45:11 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
      [2012/01/25 13:45:11 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
      [2012/01/25 13:45:11 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
      [2012/01/25 13:45:11 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
      [2012/01/25 13:45:11 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
      [2012/01/25 13:45:11 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
      [2012/01/25 13:43:06 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
      [2012/01/18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

      ========== ZeroAccess Check ==========

      [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 22:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      < End of report >

    2. #2
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: Virus Ukash con foto y todo

      Hola. Por Favor deja el reporte de PoliFix ubicado en C:\PoliFix.txt

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de catyuska85
      Registrado
      jul 2009
      Ubicación
      las palmas
      Mensajes
      19

      Re: Virus Ukash con foto y todo

      Muchisimas gracias por contestar aqui dejo el reporte de polifix:

      Ejecutado Desde: C:\Users\usuario\Downloads\polifix.exe
      Fecha: 07/04/2013 | Hora: 23:37:34
      Sistema Operativo: Windows 7 De X86 Bits
      Modo De Arranque: Modo Normal
      Usuario: usuario | (Administrador)
      Version De Java 32: 7.0.170.2
      Punto de Restauracion: PoliFix_2.0.8.2


      =========================== Malwares Eliminados ===========================

      C:\ProgramData\4063716.pad


      ============================= Poli-Heurística =============================


      ================================== Startup ================================

      HKLM - Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
      HKLM - Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      HKCU - Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe


      ============================ Scan Suplementario ===========================

      C:\ProgramData\4063716.js
      C:\ProgramData\Adobe
      C:\ProgramData\Application Data
      C:\ProgramData\AVS4YOU
      C:\ProgramData\boost_interprocess
      C:\ProgramData\CyberLink
      C:\ProgramData\Datos de programa
      C:\ProgramData\Desktop
      C:\ProgramData\Doctor Web
      C:\ProgramData\Documentos
      C:\ProgramData\Documents
      C:\ProgramData\Escritorio
      C:\ProgramData\Favorites
      C:\ProgramData\Favoritos
      C:\ProgramData\LogiShrd
      C:\ProgramData\Malwarebytes
      C:\ProgramData\Menú Inicio
      C:\ProgramData\Microsoft
      C:\ProgramData\NCH Software
      C:\ProgramData\Nero
      C:\ProgramData\Plantillas
      C:\ProgramData\Skype
      C:\ProgramData\Start Menu
      C:\ProgramData\Sun
      C:\ProgramData\Templates
      C:\Users\usuario\AppData\Roaming\Adobe
      C:\Users\usuario\AppData\Roaming\AVS4YOU
      C:\Users\usuario\AppData\Roaming\CyberLink
      C:\Users\usuario\AppData\Roaming\Dropbox
      C:\Users\usuario\AppData\Roaming\FissaSearch
      C:\Users\usuario\AppData\Roaming\Identities
      C:\Users\usuario\AppData\Roaming\Leadertech
      C:\Users\usuario\AppData\Roaming\Macromedia
      C:\Users\usuario\AppData\Roaming\Malwarebytes
      C:\Users\usuario\AppData\Roaming\Media Center Programs
      C:\Users\usuario\AppData\Roaming\Media Player Classic
      C:\Users\usuario\AppData\Roaming\Microsoft
      C:\Users\usuario\AppData\Roaming\Nero
      C:\Users\usuario\AppData\Roaming\OfferBox
      C:\Users\usuario\AppData\Roaming\OpenOffice.org
      C:\Users\usuario\AppData\Roaming\Skype
      C:\Users\usuario\AppData\Roaming\vlc
      C:\Users\usuario\AppData\Roaming\WinRAR
      C:\Users\usuario\AppData\Local\Temp\CRX_75DAF8CB7768
      C:\Users\usuario\AppData\Local\Temp\etilqs_aduvbQm3Tgml8pR
      C:\Users\usuario\AppData\Local\Temp\etilqs_CB58oQhbTFofPAg
      C:\Users\usuario\AppData\Local\Temp\etilqs_dyKy5WGmdQoatPk
      C:\Users\usuario\AppData\Local\Temp\etilqs_jRr3wJob68t5vQ1
      C:\Users\usuario\AppData\Local\Temp\etilqs_mubSYpI3Lrbd67w
      C:\Users\usuario\AppData\Local\Temp\etilqs_xHZpJlNsjDEDO93
      C:\Users\usuario\AppData\Local\Temp\FXSAPIDebugLogFile.txt
      C:\Users\usuario\AppData\Local\Temp\~DF6BC106ADEC8B8817.TMP


      ========================== 07/04/2013 - 23:38:17 ==========================



      Saludos

    4. #4
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: Virus Ukash con foto y todo

      Realiza lo siguiente desde la cuenta de Administrador

      Descarga OTL.exe by OldTimer a tu escritorio.
      • Cierra todos los programas y ventanas abiertas.

      • Ejecuta OTL.exe haciendo doble clic sobre el icono.

      • Configure lo siguiente dejando lo demas por defecto:

      • Marque la casilla Analizar Todos.

      • Cambie la opción Tipo de Análisis a Resultado Mínimo.

      • Marque las casillas:


        • Usar Listado de Compañías Reconocidas.
        • Omitir Archivos De Microsoft.
        • Buscar LOP.
        • Buscar Purity.


      • Copie y pegue el siguiente codigo en el recuadro

      • Código:
        netsvcs
        msconfig
        %SYSTEMDRIVE%\*.*
        CREATERESTOREPOINT
        
      • No modifique alguna otra configuración a menos que se le indique.

      • Presiona el botón No utilice el ordenador durante el análisis.

      • Cuando haya terminado, se abrirán dos (2) reportes:


      • OTL.Txt
      • Extras.Txt

      Nota: Los reportes quedan guardados en el mismo lugar donde OTL.exe fue ejecutado.
      Copia y pega únicamente el contenido del archivo OTL.txt en tu próxima respuesta.

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de catyuska85
      Registrado
      jul 2009
      Ubicación
      las palmas
      Mensajes
      19

      Re: Virus Ukash con foto y todo

      Aquí está el reporte tal y como se indicaba Saludos:

      OTL logfile created on: 08/04/2013 0:21:02 - Run 2
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\usuario\Downloads
      Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      1,97 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,87% Memory free
      3,93 Gb Paging File | 2,82 Gb Available in Paging File | 71,68% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 465,66 Gb Total Space | 420,86 Gb Free Space | 90,38% Space Free | Partition Type: NTFS

      Computer Name: USUARIO-PC | User Name: usuario | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\usuario\Downloads\OTL.exe (OldTimer Tools)
      PRC - C:\Archivos de programa\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
      PRC - C:\Windows\explorer.exe (Microsoft Corporation)
      PRC - C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
      PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
      PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)


      ========== Modules (No Company Name) ==========

      MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll ()
      MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll ()
      MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll ()
      MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll ()
      MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll ()
      MOD - C:\Archivos de programa\Logitech\LWS\Webcam Software\QTGui4.dll ()
      MOD - C:\Archivos de programa\Logitech\LWS\Webcam Software\QTXml4.dll ()
      MOD - C:\Archivos de programa\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
      MOD - C:\Archivos de programa\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
      MOD - C:\Archivos de programa\Logitech\LWS\Webcam Software\QTCore4.dll ()
      MOD - C:\Archivos de programa\Adobe\Reader 8.0\Reader\ViewerPS.dll ()


      ========== Services (SafeList) ==========

      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (SkypeUpdate) -- C:\Archivos de programa\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (WMPNetworkSvc) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
      SRV - (AppleChargerSrv) -- C:\Windows\System32\AppleChargerSrv.exe ()
      SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
      SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
      SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
      SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)
      SRV - (ose) -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV - (gdrv) -- C:\Windows\gdrv.sys File not found
      DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
      DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
      DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
      DRV - (AppleCharger) -- C:\Windows\System32\drivers\AppleCharger.sys ()
      DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
      DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
      DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
      DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
      DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
      DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
      DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
      DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
      DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
      DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)


      ========== Standard Registry (SafeList) ==========

    6. #6
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: Virus Ukash con foto y todo

      El reporte no esta completo.

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de catyuska85
      Registrado
      jul 2009
      Ubicación
      las palmas
      Mensajes
      19

      Re: Virus Ukash con foto y todo

      perdon fallo mio jejeje aqui esta el completo

      OTL logfile created on: 08/04/2013 0:40:07 - Run 2
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\usuario\Downloads
      Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      1,97 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 51,43% Memory free
      3,93 Gb Paging File | 2,71 Gb Available in Paging File | 69,04% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 465,66 Gb Total Space | 420,86 Gb Free Space | 90,38% Space Free | Partition Type: NTFS

      Computer Name: USUARIO-PC | User Name: usuario | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: All users
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Users\usuario\Downloads\OTL.exe (OldTimer Tools)
      PRC - C:\Archivos de programa\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
      PRC - C:\Windows\explorer.exe (Microsoft Corporation)
      PRC - C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
      PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
      PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)


      ========== Modules (No Company Name) ==========

      MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll ()
      MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll ()
      MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll ()
      MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll ()
      MOD - C:\Users\usuario\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll ()
      MOD - C:\Archivos de programa\Logitech\LWS\Webcam Software\QTGui4.dll ()
      MOD - C:\Archivos de programa\Logitech\LWS\Webcam Software\QTXml4.dll ()
      MOD - C:\Archivos de programa\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
      MOD - C:\Archivos de programa\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
      MOD - C:\Archivos de programa\Logitech\LWS\Webcam Software\QTCore4.dll ()


      ========== Services (SafeList) ==========

      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (SkypeUpdate) -- C:\Archivos de programa\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (WMPNetworkSvc) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
      SRV - (AppleChargerSrv) -- C:\Windows\System32\AppleChargerSrv.exe ()
      SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
      SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
      SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
      SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)
      SRV - (ose) -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


      ========== Driver Services (SafeList) ==========

      DRV - (gdrv) -- C:\Windows\gdrv.sys File not found
      DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
      DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
      DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
      DRV - (AppleCharger) -- C:\Windows\System32\drivers\AppleCharger.sys ()
      DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
      DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
      DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
      DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
      DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
      DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
      DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
      DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
      DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
      DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
      DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)


      ========== Standard Registry (All) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

      IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

      IE - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
      IE - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      IE - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Fissa search
      IE - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN España: Hotmail, Messenger, Outlook, Skype, y cuenta Microsoft
      IE - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ES
      IE - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 23 BC 02 AF ED CC 01 [binary data]
      IE - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
      IE - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\..\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}: "URL" = http://www.fissa.com/es/results/?s=b&c=1210028959&suid=EyxL9Zhsj&d=8&pid=&q={searchTerms}
      IE - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


      ========== FireFox ==========

      FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\usuario\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
      FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\usuario\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/25 13:55:50 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

      [2013/04/07 23:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
      [2012/01/25 13:55:50 | 000,000,000 | ---D | M] (Default) -- C:\Archivos de programa\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      [2011/09/29 08:12:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
      [2011/09/29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
      [2011/09/29 02:43:41 | 000,003,996 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
      [2011/09/29 02:43:41 | 000,001,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
      [2011/09/29 02:16:42 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
      [2011/09/29 02:43:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
      [2011/09/29 02:43:41 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml

      ========== Chrome ==========

      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
      CHR - homepage: Google
      CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
      CHR - plugin: Native Client (Enabled) = C:\Users\usuario\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\usuario\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
      CHR - plugin: Shockwave Flash (Enabled) = C:\Users\usuario\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
      CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
      CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
      CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
      CHR - plugin: Google Update (Enabled) = C:\Users\usuario\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
      CHR - plugin: Default Plug-in (Enabled) = default_plugin
      CHR - Extension: YouTube = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
      CHR - Extension: \u2605 Chrome Extensions = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmbpbbnadaecbckmojfinokdnaegcafp\22.3.1229.79_0\
      CHR - Extension: B\u00FAsqueda de Google = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
      CHR - Extension: Viderio = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifdhgolccnkcbgpclpngdpjfahlnalig\2.1_0\
      CHR - Extension: Link Protection = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfbanchahcmceflmmjecaodnbfglcf\1.0.3_0\
      CHR - Extension: Gmail = C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

      O1 HOSTS File: ([2012/10/29 11:27:04 | 000,000,804 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre7\bin\ssv.dll (Oracle Corporation)
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
      O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
      O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
      O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
      O7 - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O7 - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
      O7 - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
      O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
      O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
      O13 - gopher Prefix: missing
      O15 - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\..Trusted Domains: fnmt.es ([]http in Sitios de confianza)
      O15 - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\..Trusted Domains: fnmt.es ([]https in Sitios de confianza)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F5CF1D7-2AC6-4602-9133-5DC2C67094FA}: DhcpNameServer = 80.58.61.250 80.58.61.254
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{757E9DBA-81B2-47CB-A790-CA05C924161D}: DhcpNameServer = 212.40.224.73 62.42.230.24
      O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
      O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
      O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp - No CLSID value found
      O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
      O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Common Files\Skype\Skype4COM.dll (Skype Technologies)
      O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
      O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
      O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
      O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
      O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
      O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
      O31 - SafeBoot: AlternateShell - cmd.exe
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
      O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

      NetSvcs: FastUserSwitchingCompatibility - File not found
      NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
      NetSvcs: Nla - File not found
      NetSvcs: Ntmssvc - File not found
      NetSvcs: NWCWorkstation - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: SRService - File not found
      NetSvcs: WmdmPmSp - File not found
      NetSvcs: LogonHours - File not found
      NetSvcs: PCAudit - File not found
      NetSvcs: helpsvc - File not found
      NetSvcs: uploadmgr - File not found

      MsConfig - StartUpFolder: C:^Users^usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registro de productos.lnk - C:\Archivos de programa\Logitech\Ereg\eReg.exe - (Leader Technologies/Logitech)
      MsConfig - StartUpFolder: C:^Users^usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Archivos de programa\OpenOffice.org 3\program\quickstart.exe - ()
      MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
      MsConfig - StartUpReg: ares - hkey= - key= - File not found
      MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\usuario\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
      MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
      MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
      MsConfig - StartUpReg: Monitor - hkey= - key= - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
      MsConfig - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
      MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
      MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
      MsConfig - StartUpReg: RESTART_STICKY_NOTES - hkey= - key= - File not found
      MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
      MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
      MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
      MsConfig - State: "bootini" - 0
      MsConfig - State: "startup" - 2

      CREATERESTOREPOINT
      System Restore Service not available.

      ========== Files/Folders - Created Within 60 Days ==========

      [2013/04/07 23:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
      [2013/04/07 23:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java
      [2013/03/03 14:07:29 | 000,000,000 | ---D | C] -- C:\_PoliFix
      [2013/03/03 13:58:27 | 000,000,000 | R--D | C] -- C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
      [2013/02/12 14:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
      [2013/02/12 14:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
      [2013/02/12 12:25:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
      [2013/02/11 18:34:27 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Local\Logitech® Webcam Software
      [2013/02/11 18:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
      [2013/02/11 18:31:26 | 000,000,000 | ---D | C] -- C:\Users\usuario\AppData\Roaming\Leadertech
      [2013/02/11 18:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
      [2013/02/11 18:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
      [2013/02/11 18:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Viderio
      [2013/02/11 18:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\LinkProtection
      [2013/02/10 15:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
      [2012/10/02 13:52:33 | 001,496,760 | ---- | C] (Aedge Performance BCN SL) -- C:\Program Files\MyPDFConverter-setup.exe
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files - Modified Within 60 Days ==========

      [2013/04/08 00:37:38 | 000,130,224 | ---- | M] () -- C:\Users\usuario\Desktop\Sin título.jpg
      [2013/04/08 00:13:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3955974185-1113007064-3405783095-1000UA.job
      [2013/04/08 00:11:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2013/04/07 23:46:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2013/04/07 23:45:59 | 1582,686,208 | -HS- | M] () -- C:\hiberfil.sys
      [2013/04/07 23:14:02 | 000,002,380 | ---- | M] () -- C:\Users\usuario\Desktop\Google Chrome.lnk
      [2013/03/31 01:13:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3955974185-1113007064-3405783095-1000Core.job
      [2013/03/03 2115 | 000,017,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2013/03/03 2115 | 000,017,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2013/02/12 14:47:53 | 000,008,192 | ---- | M] () -- C:\shldr.mbr
      [2013/02/12 14:17:02 | 000,002,809 | ---- | M] () -- C:\ProgramData\4063716.js
      [2013/02/12 14:00:29 | 000,707,200 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
      [2013/02/12 14:00:29 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2013/02/12 14:00:29 | 000,138,768 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
      [2013/02/12 14:00:29 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2013/02/11 18:29:58 | 000,001,582 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2013/04/08 00:37:38 | 000,130,224 | ---- | C] () -- C:\Users\usuario\Desktop\Sin título.jpg
      [2013/02/12 15:13:14 | 000,285,747 | ---- | C] () -- C:\shldr
      [2013/02/12 15:13:14 | 000,008,192 | ---- | C] () -- C:\shldr.mbr
      [2013/02/12 09:15:43 | 000,002,809 | ---- | C] () -- C:\ProgramData\4063716.js
      [2013/02/11 18:29:58 | 000,001,582 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
      [2012/12/17 13:20:24 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
      [2012/10/02 13:54:09 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll
      [2012/09/21 20:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
      [2012/09/21 20:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
      [2012/09/21 20:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
      [2012/05/13 22:55:22 | 000,003,584 | ---- | C] () -- C:\Users\usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2012/02/03 12:06:18 | 000,000,067 | ---- | C] () -- C:\Windows\wininit.ini
      [2012/01/25 14:02:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
      [2012/01/25 13:59:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
      [2012/01/25 13:55:05 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
      [2012/01/25 13:55:05 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
      [2012/01/25 13:55:05 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
      [2012/01/25 13:55:04 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
      [2012/01/25 13:55:04 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
      [2012/01/25 13:46:47 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
      [2012/01/25 13:46:47 | 000,018,544 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
      [2012/01/25 13:45:46 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
      [2012/01/25 13:45:11 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
      [2012/01/25 13:45:11 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
      [2012/01/25 13:45:11 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
      [2012/01/25 13:45:11 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
      [2012/01/25 13:45:11 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
      [2012/01/25 13:45:11 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
      [2012/01/25 13:45:11 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
      [2012/01/25 13:43:06 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
      [2012/01/18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

      ========== ZeroAccess Check ==========

      [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 22:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== LOP Check ==========

      [2012/03/31 22:12:22 | 000,000,000 | ---D | M] -- C:\Users\Invitado\AppData\Roaming\OfferBox
      [2012/01/29 05:05:06 | 000,000,000 | ---D | M] -- C:\Users\Invitado\AppData\Roaming\OpenOffice.org
      [2012/01/25 14:45:20 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Dropbox
      [2012/10/02 13:54:16 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\FissaSearch
      [2013/02/11 18:31:26 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\Leadertech
      [2012/04/25 13:35:32 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\OfferBox
      [2012/01/28 12:29:37 | 000,000,000 | ---D | M] -- C:\Users\usuario\AppData\Roaming\OpenOffice.org

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
      [2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
      [2012/01/25 13:47:08 | 000,000,180 | ---- | M] () -- C:\csb.log
      [2013/04/07 23:45:59 | 1582,686,208 | -HS- | M] () -- C:\hiberfil.sys
      [2012/01/25 13:46:25 | 000,000,189 | ---- | M] () -- C:\Install.log
      [2013/01/30 16:08:26 | 000,921,632 | ---- | M] () -- C:\PA207.DAT
      [2013/04/07 23:46:02 | 2110,251,008 | -HS- | M] () -- C:\pagefile.sys
      [2013/04/07 23:38:17 | 000,003,040 | ---- | M] () -- C:\PoliFix.txt
      [2012/01/25 13:45:17 | 000,002,035 | ---- | M] () -- C:\RHDSetup.log
      [2013/02/12 15:14:59 | 000,003,617 | ---- | M] () -- C:\sh4_service.log
      [2012/11/02 16:23:54 | 000,285,747 | ---- | M] () -- C:\shldr
      [2013/02/12 14:47:53 | 000,008,192 | ---- | M] () -- C:\shldr.mbr
      [2012/01/25 14:02:33 | 000,008,646 | ---- | M] () -- C:\WPI_Log.txt

      < End of report >

    8. #8
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: Virus Ukash con foto y todo

      Ejecuta OTL.exe

      Copie y pegue el siguiente codigo en el recuadro

      Código:
      :OTL
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
      O7 - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O7 - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
      O7 - HKU\S-1-5-21-3955974185-1113007064-3405783095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
      [2013/04/08 00:37:38 | 000,130,224 | ---- | M] () -- C:\Users\usuario\Desktop\Sin título.jpg
      [2013/04/08 00:13:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3955974185-1113007064-3405783095-1000UA.job
      [2013/04/08 00:11:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
      [2013/03/31 01:13:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3955974185-1113007064-3405783095-1000Core.job
      [2013/02/12 14:17:02 | 000,002,809 | ---- | M] () -- C:\ProgramData\4063716.js
      
      
      :Commands
      [EMPTYTEMP]
      Presioná el Botón para lanzar la eliminación. Presionas OK.

      OTL va a Reiniciar el ordenador para completar la eliminación.

      Después del reinicio se abrirá un reporte.

      Deja el contenido en tu próxima respuesta.

      Entras en la cuenta de invitado y me comentas si continua el problema.

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de catyuska85
      Registrado
      jul 2009
      Ubicación
      las palmas
      Mensajes
      19

      Re: Virus Ukash con foto y todo

      Aqui esta. Por cierto nosé si se tenía que solucionar o no, igualmente me sigue saliendo.Saludos

      All processes killed
      ========== OTL ==========
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
      Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
      Registry value HKEY_USERS\S-1-5-21-3955974185-1113007064-3405783095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
      Registry value HKEY_USERS\S-1-5-21-3955974185-1113007064-3405783095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
      Registry value HKEY_USERS\S-1-5-21-3955974185-1113007064-3405783095-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
      C:\Users\usuario\Desktop\Sin título.jpg moved successfully.
      C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3955974185-1113007064-3405783095-1000UA.job moved successfully.
      C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
      C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3955974185-1113007064-3405783095-1000Core.job moved successfully.
      C:\ProgramData\4063716.js moved successfully.
      ========== COMMANDS ==========

      [EMPTYTEMP]

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Invitado
      ->Temp folder emptied: 2085114 bytes
      ->Temporary Internet Files folder emptied: 564893567 bytes
      ->Java cache emptied: 127321 bytes
      ->Flash cache emptied: 28474 bytes

      User: Javi&Pino 2
      ->Temp folder emptied: 1940193 bytes
      ->Temporary Internet Files folder emptied: 21876844 bytes
      ->Java cache emptied: 0 bytes
      ->Flash cache emptied: 506 bytes

      User: Public

      User: usuario
      ->Temp folder emptied: 34248 bytes
      ->Temporary Internet Files folder emptied: 2933983976 bytes
      ->Java cache emptied: 6832104 bytes
      ->Google Chrome cache emptied: 397002663 bytes
      ->Flash cache emptied: 42937 bytes

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 1500636 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 503472593 bytes
      %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50539 bytes
      %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
      RecycleBin emptied: 6003279891 bytes

      Total Files Cleaned = 9.954,00 mb


      OTL by OldTimer - Version 3.2.69.0 log created on 04082013_010425

      Files\Folders moved on Reboot...

      PendingFileRenameOperations files...

      Registry entries deleted on Reboot...

    10. #10
      Developer Avatar de Dany3j
      Registrado
      mar 2011
      Ubicación
      China
      Mensajes
      6.652

      Re: Virus Ukash con foto y todo

      Realiza lo siguiente:


      - Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
        • *Nota* No vuelvas a utilizar ComboFix ni ningun otro programa antivirus hasta que no te de una respuesta.

      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


      El reporte generado, se encuentra en C:\ComboFix.txt . Abrilo, seleccionas Todo y lo copias y pegas en Tu próxima respuesta.

      Me tope con un gato negro y tuve que desviarme por el camino largo.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo