• Registrarse
  • Iniciar sesión


  • Página 2 de 2 PrimeroPrimero 12
    Resultados 11 al 19 de 19

    virus de la policia federal quiero eliminarlo

    este es el reporte de polifix, pendiente el de usbfix //////////////////// PoliFix 2.0.8.2 By InfoSpyware //////////////////// Ejecutado Desde: C:\Users\Miguel\Downloads\polifix.exe Fecha: 17/04/2013 | Hora: 22:31:01 Sistema Operativo: Windows 7 De X64 Bits Modo De Arranque: Modo ...

    1. #11
      Usuario Avatar de migeneg
      Registrado
      sep 2006
      Ubicación
      torreon coahuila
      Mensajes
      16

      Re: virus de la policia federal quieroeliminarlo

      este es el reporte de polifix, pendiente el de usbfix

      //////////////////// PoliFix 2.0.8.2 By InfoSpyware ////////////////////

      Ejecutado Desde: C:\Users\Miguel\Downloads\polifix.exe
      Fecha: 17/04/2013 | Hora: 22:31:01
      Sistema Operativo: Windows 7 De X64 Bits
      Modo De Arranque: Modo Normal
      Usuario: Miguel | (Administrador)
      Version De Java 32: 7.0.170.2
      Version De Java 64: 7.0.170.2
      Punto de Restauracion: PoliFix_2.0.8.2


      =========================== Malwares Eliminados ===========================



      ============================= Poli-Heurística =============================


      ================================== Startup ================================

      HKLM64 - Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
      HKLM64 - Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe
      HKLM64 - Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
      HKLM64 - Run: [Persistence] - C:\Windows\system32\igfxpers.exe
      HKLM64 - Run: [ETDWare] - %ProgramFiles%\Elantech\ETDCtrl.exe
      HKLM64 - Run: [fssui] - "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
      HKLM64 - Run: [Zune Launcher] - "C:\Program Files\Zune\ZuneLauncher.exe"
      HKLM - Run: [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
      HKLM - Run: [CLMLServer] - "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
      HKLM - Run: [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
      HKLM - Run: [UpdatePDRShortCut] - "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
      HKLM - Run: [UpdatePPShortCut] - "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
      HKLM - Run: [UpdatePSTShortCut] - "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
      HKLM - Run: [UCam_Menu] - "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
      HKLM - Run: [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      HKLM - Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      HKLM - Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
      HKLM - Run: [RemoteControl8] - "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
      HKLM - Run: [PDVD8LanguageShortcut] - "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
      HKLM - Run: [NokiaInternetModem_AppStart.exe] - "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe"
      HKLM - Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      HKLM - Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      HKLM - Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      HKLM - Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      HKLM - Run: [TkBellExe] - "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
      HKLM - Run: [PSUAMain] - "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
      HKLM - Run: [Panda Security URL Filtering] - "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"


      ============================ Scan Suplementario ===========================

      C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
      C:\ProgramData\Adobe
      C:\ProgramData\Apple
      C:\ProgramData\Apple Computer
      C:\ProgramData\Application Data
      C:\ProgramData\AVS4YOU
      C:\ProgramData\Babylon
      C:\ProgramData\blekko toolbars
      C:\ProgramData\boost_interprocess
      C:\ProgramData\Browser Manager
      C:\ProgramData\Common Files
      C:\ProgramData\CyberLink
      C:\ProgramData\Desktop
      C:\ProgramData\Documents
      C:\ProgramData\Favorites
      C:\ProgramData\FileCure
      C:\ProgramData\FullRemove.exe
      C:\ProgramData\Google
      C:\ProgramData\Hewlett-Packard
      C:\ProgramData\HP
      C:\ProgramData\HP Photo Creations
      C:\ProgramData\McAfee
      C:\ProgramData\MFAData
      C:\ProgramData\Microsoft
      C:\ProgramData\Microsoft Help
      C:\ProgramData\Moyea
      C:\ProgramData\Mozilla
      C:\ProgramData\Norton
      C:\ProgramData\NortonInstaller
      C:\ProgramData\ntuser.pol
      C:\ProgramData\OberonGameConsole
      C:\ProgramData\Panda Security
      C:\ProgramData\Panda Security URL Filtering
      C:\ProgramData\ParetoLogic
      C:\ProgramData\Partner
      C:\ProgramData\Real
      C:\ProgramData\RealNetworks
      C:\ProgramData\Research In Motion
      C:\ProgramData\SAMSUNG
      C:\ProgramData\SiteAdvisor
      C:\ProgramData\Skype
      C:\ProgramData\Start Menu
      C:\ProgramData\Sun
      C:\ProgramData\Symantec
      C:\ProgramData\Temp
      C:\ProgramData\Templates
      C:\ProgramData\TVU Networks
      C:\ProgramData\VirtualizedApplications
      C:\ProgramData\Visan
      C:\ProgramData\WinClon
      C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
      C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
      C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
      C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
      C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
      C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
      C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
      C:\Users\Miguel\AppData\Roaming\Adobe
      C:\Users\Miguel\AppData\Roaming\Apple Computer
      C:\Users\Miguel\AppData\Roaming\Babylon
      C:\Users\Miguel\AppData\Roaming\CyberLink
      C:\Users\Miguel\AppData\Roaming\f8
      C:\Users\Miguel\AppData\Roaming\funkitron
      C:\Users\Miguel\AppData\Roaming\Google
      C:\Users\Miguel\AppData\Roaming\Identities
      C:\Users\Miguel\AppData\Roaming\InstallShield
      C:\Users\Miguel\AppData\Roaming\Macromedia
      C:\Users\Miguel\AppData\Roaming\Media Center Programs
      C:\Users\Miguel\AppData\Roaming\Microsoft
      C:\Users\Miguel\AppData\Roaming\Mozilla
      C:\Users\Miguel\AppData\Roaming\Panda Security
      C:\Users\Miguel\AppData\Roaming\PPT2Video
      C:\Users\Miguel\AppData\Roaming\raidcall
      C:\Users\Miguel\AppData\Roaming\Real
      C:\Users\Miguel\AppData\Roaming\RealNetworks
      C:\Users\Miguel\AppData\Roaming\Research In Motion
      C:\Users\Miguel\AppData\Roaming\Rim.Desktop.Exception.log
      C:\Users\Miguel\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
      C:\Users\Miguel\AppData\Roaming\Rim.DesktopHelper.Exception.log
      C:\Users\Miguel\AppData\Roaming\Rim.Transcoder.Exception.log
      C:\Users\Miguel\AppData\Roaming\Rovio
      C:\Users\Miguel\AppData\Roaming\Skype
      C:\Users\Miguel\AppData\Roaming\skype.dat
      C:\Users\Miguel\AppData\Roaming\skype.ini
      C:\Users\Miguel\AppData\Roaming\SoftGrid Client
      C:\Users\Miguel\AppData\Roaming\tiger-k
      C:\Users\Miguel\AppData\Roaming\TP
      C:\Users\Miguel\AppData\Roaming\Visan
      C:\Users\Miguel\AppData\Roaming\vlc
      C:\Users\Miguel\AppData\Roaming\Windows Live Writer
      C:\Users\Miguel\AppData\Roaming\WinRAR
      C:\Users\Miguel\AppData\Local\Temp\~DFEE39A2FE71F06160.TMP
      C:\Users\Miguel\AppData\Local\Temp\~nsu.tmp


      ========================== 17/04/2013 - 22:31:48 ==========================

    2. #12
      Ex-Colaborador Avatar de Superlucas
      Registrado
      sep 2011
      Ubicación
      Argentina
      Mensajes
      15.747

      Re: virus de la policia federal quieroeliminarlo

      Hola,

      Borra el siguiente archivo : C:\ProgramData\FullRemove.exe

      • Descarga AdwCleaner en el equipo infectado
      • Copia en el escritorio el programa AdwCleaner y lo ejecutas
      • Una Vez abierto le das a Supresión/Delete y esperas que termine su trabajo.
      • Se va a abrir un reporte donde muestra lo que detecto, lo copias y lo pegas acá.
      • En caso de que no se abra el reporte lo buscas en C:\AdwCleaner[R1].txt


      Te recomiendo instalar WinlockLess para que no vuelva a suceder: Manual de WinLockLess

      PD: Falta el informe de Usbfix
      Vas a correr o vas a pelear?- Muahy Thai

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #13
      Usuario Avatar de migeneg
      Registrado
      sep 2006
      Ubicación
      torreon coahuila
      Mensajes
      16

      Re: virus de la policia federal quieroeliminarlo

      envio el eporte del adwcleaner

      # AdwCleaner v2.200 - Fichero creado el 18/04/2013 a 14:52:08
      # Actualizado el 02/04/2013 por Xplode
      # Sistema operativo : Windows 7 Home Premium (64 bits)
      # Usuario : Miguel - MIGUEL-PC
      # Modo de inicio : Normal
      # Ejecutado desde : C:\Users\Miguel\Downloads\adwcleaner.exe
      # Opción [Supresión]


      ***** [Servicios] *****


      ***** [Ficheros / Carpetas] *****

      Carpeta Suprimido : C:\Program Files (x86)\vShare
      Carpeta Suprimido : C:\ProgramData\Babylon
      Carpeta Suprimido : C:\ProgramData\blekko toolbars
      Carpeta Suprimido : C:\ProgramData\boost_interprocess
      Carpeta Suprimido : C:\ProgramData\Browser Manager
      Carpeta Suprimido : C:\ProgramData\Partner
      Carpeta Suprimido : C:\Users\Miguel\AppData\Local\Ilivid Player
      Carpeta Suprimido : C:\Users\Miguel\AppData\LocalLow\BabylonToolbar
      Carpeta Suprimido : C:\Users\Miguel\AppData\LocalLow\vShare
      Carpeta Suprimido : C:\Users\Miguel\AppData\Roaming\Babylon
      Fichero Suprimido : C:\user.js
      Fichero Suprimido : C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
      Fichero Suprimido : C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences

      ***** [Registro] *****

      Clave Supprimida : HKCU\Software\BrowserMngr
      Clave Supprimida : HKCU\Software\DataMngr
      Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
      Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
      Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
      Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
      Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
      Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}
      Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
      Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
      Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
      Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
      Clave Supprimida : HKCU\Software\Softonic
      Clave Supprimida : HKCU\Software\vShare
      Clave Supprimida : HKCU\Software\aedd8fb039e812
      Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
      Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
      Clave Supprimida : HKLM\Software\Babylon
      Clave Supprimida : HKLM\Software\BrowserMngr
      Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
      Clave Supprimida : HKLM\SOFTWARE\Classes\Prod.cap
      Clave Supprimida : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
      Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
      Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
      Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
      Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
      Clave Supprimida : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
      Clave Supprimida : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
      Clave Supprimida : HKLM\SOFTWARE\Classes\vShare.PugiObj
      Clave Supprimida : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
      Clave Supprimida : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
      Clave Supprimida : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\aedd8fb039e812
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
      Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
      Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
      Clave Supprimida : HKLM\SOFTWARE\DataMngr
      Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
      Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
      Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
      Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
      Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
      Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
      Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
      Valor Supprimida : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
      Valor Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
      Valor Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
      Valor Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
      Valor Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

      ***** [Navegadores] *****

      -\\ Internet Explorer v9.0.8112.16476

      [OK] El registro no contiene ninguna entrada ilegítima.

      -\\ Mozilla Firefox v20.0.1 (es-MX)

      Fichero : C:\Users\Miguel\AppData\Roaming\Mozilla\Firefox\Profiles\clovvdxq.default\prefs.js

      C:\Users\Miguel\AppData\Roaming\Mozilla\Firefox\Profiles\clovvdxq.default\user.js ... Suprimido !

      [OK] El fichero no contiene ninguna entrada ilegítima.

      -\\ Google Chrome v26.0.1410.64

      Fichero : C:\Users\Miguel\AppData\Local\Google\Chrome\User Data\Default\Preferences

      [OK] El fichero no contiene ninguna entrada ilegítima.

      *************************

      AdwCleaner[S1].txt - [9069 octets] - [18/04/2013 14:52:08]

      ########## EOF - C:\AdwCleaner[S1].txt - [9129 octets] ##########

      P.D. sigue pendiente el informe de Usbfix

      saludos.

    4. #14
      Usuario Avatar de migeneg
      Registrado
      sep 2006
      Ubicación
      torreon coahuila
      Mensajes
      16

      Re: virus de la policia federal quieroeliminarlo

      este es el reporte de polifix, pendiente el de usbfix

      //////////////////// PoliFix 2.0.8.2 By InfoSpyware ////////////////////

      Ejecutado Desde: C:\Users\Miguel\Downloads\polifix.exe
      Fecha: 17/04/2013 | Hora: 22:31:01
      Sistema Operativo: Windows 7 De X64 Bits
      Modo De Arranque: Modo Normal
      Usuario: Miguel | (Administrador)
      Version De Java 32: 7.0.170.2
      Version De Java 64: 7.0.170.2
      Punto de Restauracion: PoliFix_2.0.8.2


      =========================== Malwares Eliminados ===========================



      ============================= Poli-Heurística =============================


      ================================== Startup ================================

      HKLM64 - Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
      HKLM64 - Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe
      HKLM64 - Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
      HKLM64 - Run: [Persistence] - C:\Windows\system32\igfxpers.exe
      HKLM64 - Run: [ETDWare] - %ProgramFiles%\Elantech\ETDCtrl.exe
      HKLM64 - Run: [fssui] - "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
      HKLM64 - Run: [Zune Launcher] - "C:\Program Files\Zune\ZuneLauncher.exe"
      HKLM - Run: [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
      HKLM - Run: [CLMLServer] - "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
      HKLM - Run: [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
      HKLM - Run: [UpdatePDRShortCut] - "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
      HKLM - Run: [UpdatePPShortCut] - "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
      HKLM - Run: [UpdatePSTShortCut] - "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
      HKLM - Run: [UCam_Menu] - "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
      HKLM - Run: [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      HKLM - Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      HKLM - Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
      HKLM - Run: [RemoteControl8] - "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
      HKLM - Run: [PDVD8LanguageShortcut] - "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
      HKLM - Run: [NokiaInternetModem_AppStart.exe] - "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe"
      HKLM - Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      HKLM - Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      HKLM - Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      HKLM - Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      HKLM - Run: [TkBellExe] - "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
      HKLM - Run: [PSUAMain] - "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
      HKLM - Run: [Panda Security URL Filtering] - "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"


      ============================ Scan Suplementario ===========================

      C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
      C:\ProgramData\Adobe
      C:\ProgramData\Apple
      C:\ProgramData\Apple Computer
      C:\ProgramData\Application Data
      C:\ProgramData\AVS4YOU
      C:\ProgramData\Babylon
      C:\ProgramData\blekko toolbars
      C:\ProgramData\boost_interprocess
      C:\ProgramData\Browser Manager
      C:\ProgramData\Common Files
      C:\ProgramData\CyberLink
      C:\ProgramData\Desktop
      C:\ProgramData\Documents
      C:\ProgramData\Favorites
      C:\ProgramData\FileCure
      C:\ProgramData\FullRemove.exe
      C:\ProgramData\Google
      C:\ProgramData\Hewlett-Packard
      C:\ProgramData\HP
      C:\ProgramData\HP Photo Creations
      C:\ProgramData\McAfee
      C:\ProgramData\MFAData
      C:\ProgramData\Microsoft
      C:\ProgramData\Microsoft Help
      C:\ProgramData\Moyea
      C:\ProgramData\Mozilla
      C:\ProgramData\Norton
      C:\ProgramData\NortonInstaller
      C:\ProgramData\ntuser.pol
      C:\ProgramData\OberonGameConsole
      C:\ProgramData\Panda Security
      C:\ProgramData\Panda Security URL Filtering
      C:\ProgramData\ParetoLogic
      C:\ProgramData\Partner
      C:\ProgramData\Real
      C:\ProgramData\RealNetworks
      C:\ProgramData\Research In Motion
      C:\ProgramData\SAMSUNG
      C:\ProgramData\SiteAdvisor
      C:\ProgramData\Skype
      C:\ProgramData\Start Menu
      C:\ProgramData\Sun
      C:\ProgramData\Symantec
      C:\ProgramData\Temp
      C:\ProgramData\Templates
      C:\ProgramData\TVU Networks
      C:\ProgramData\VirtualizedApplications
      C:\ProgramData\Visan
      C:\ProgramData\WinClon
      C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
      C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
      C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
      C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
      C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
      C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
      C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
      C:\Users\Miguel\AppData\Roaming\Adobe
      C:\Users\Miguel\AppData\Roaming\Apple Computer
      C:\Users\Miguel\AppData\Roaming\Babylon
      C:\Users\Miguel\AppData\Roaming\CyberLink
      C:\Users\Miguel\AppData\Roaming\f8
      C:\Users\Miguel\AppData\Roaming\funkitron
      C:\Users\Miguel\AppData\Roaming\Google
      C:\Users\Miguel\AppData\Roaming\Identities
      C:\Users\Miguel\AppData\Roaming\InstallShield
      C:\Users\Miguel\AppData\Roaming\Macromedia
      C:\Users\Miguel\AppData\Roaming\Media Center Programs
      C:\Users\Miguel\AppData\Roaming\Microsoft
      C:\Users\Miguel\AppData\Roaming\Mozilla
      C:\Users\Miguel\AppData\Roaming\Panda Security
      C:\Users\Miguel\AppData\Roaming\PPT2Video
      C:\Users\Miguel\AppData\Roaming\raidcall
      C:\Users\Miguel\AppData\Roaming\Real
      C:\Users\Miguel\AppData\Roaming\RealNetworks
      C:\Users\Miguel\AppData\Roaming\Research In Motion
      C:\Users\Miguel\AppData\Roaming\Rim.Desktop.Exception.log
      C:\Users\Miguel\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
      C:\Users\Miguel\AppData\Roaming\Rim.DesktopHelper.Exception.log
      C:\Users\Miguel\AppData\Roaming\Rim.Transcoder.Exception.log
      C:\Users\Miguel\AppData\Roaming\Rovio
      C:\Users\Miguel\AppData\Roaming\Skype
      C:\Users\Miguel\AppData\Roaming\skype.dat
      C:\Users\Miguel\AppData\Roaming\skype.ini
      C:\Users\Miguel\AppData\Roaming\SoftGrid Client
      C:\Users\Miguel\AppData\Roaming\tiger-k
      C:\Users\Miguel\AppData\Roaming\TP
      C:\Users\Miguel\AppData\Roaming\Visan
      C:\Users\Miguel\AppData\Roaming\vlc
      C:\Users\Miguel\AppData\Roaming\Windows Live Writer
      C:\Users\Miguel\AppData\Roaming\WinRAR
      C:\Users\Miguel\AppData\Local\Temp\~DFEE39A2FE71F06160.TMP
      C:\Users\Miguel\AppData\Local\Temp\~nsu.tmp


      ========================== 17/04/2013 - 22:31:48 ==========================

    5. #15
      Ex-Colaborador Avatar de Superlucas
      Registrado
      sep 2011
      Ubicación
      Argentina
      Mensajes
      15.747

      Re: virus de la policia federal quieroeliminarlo

      Hola,

      Abri AdwCleaner y dale a desistalar

      Por favor, pega el informe de Usbfix

      Salu2
      Vas a correr o vas a pelear?- Muahy Thai

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #16
      Usuario Avatar de migeneg
      Registrado
      sep 2006
      Ubicación
      torreon coahuila
      Mensajes
      16

      Re: virus de la policia federal quieroeliminarlo

      ya lo desinstale, el reporte de usbfix, te lo pego mas tarde, la usb la tengo en casa, muchas gracias.

    7. #17
      Ex-Colaborador Avatar de Superlucas
      Registrado
      sep 2011
      Ubicación
      Argentina
      Mensajes
      15.747

      Re: virus de la policia federal quieroeliminarlo

      Hola,

      Por acá lo esperamos
      Vas a correr o vas a pelear?- Muahy Thai

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #18
      Usuario Avatar de codingav
      Registrado
      ene 2013
      Ubicación
      México
      Mensajes
      3

      Re: virus de la policia federal quieroeliminarlo

      Cita Originalmente publicado por Superlucas Ver Mensaje
      Hola,

      Borra el siguiente archivo : C:\ProgramData\FullRemove.exe

      • Descarga AdwCleaner en el equipo infectado
      • Copia en el escritorio el programa AdwCleaner y lo ejecutas
      • Una Vez abierto le das a Supresión/Delete y esperas que termine su trabajo.
      • Se va a abrir un reporte donde muestra lo que detecto, lo copias y lo pegas acá.
      • En caso de que no se abra el reporte lo buscas en C:\AdwCleaner[R1].txt


      Te recomiendo instalar WinlockLess para que no vuelva a suceder: Manual de WinLockLess

      PD: Falta el informe de Usbfix
      Que haríamos sin usted?? gracias por ayudarnos a todos los que recurrimos a esta pagina

    9. #19
      Ex-Colaborador Avatar de Superlucas
      Registrado
      sep 2011
      Ubicación
      Argentina
      Mensajes
      15.747

      Re: virus de la policia federal quieroeliminarlo

      Cita Originalmente publicado por codingav Ver Mensaje
      Que haríamos sin usted?? gracias por ayudarnos a todos los que recurrimos a esta pagina
      Gracias
      Vas a correr o vas a pelear?- Muahy Thai

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 2 de 2 PrimeroPrimero 12