• Registrarse
  • Iniciar sesión


  • Resultados 1 al 3 de 3

    Virus Policia 2014 (resistente a polifix y malware)

    Resumen del tema: Virus Policia 2014 (resistente a polifix y malware) - Hola! El año pasado ya me enviasteis la solució para el virus de la policía y funcionó. Ahora, le ha pasado lo mismo a un amigo, así que hemos ejecutado el otl.exe con las instrucciones ...

    1. #1
      Usuario Avatar de xanabundle
      Registrado
      jun 2012
      Ubicación
      Madrid
      Mensajes
      5

      Virus Policia 2014 (resistente a polifix y malware)

      Hola!

      El año pasado ya me enviasteis la solució para el virus de la policía y funcionó. Ahora, le ha pasado lo mismo a un amigo, así que hemos ejecutado el otl.exe con las instrucciones que me habías dado, y éste es el resultado del otl.txt:

      OTL logfile created on: 28/02/2014 20:19:05 - Run 3
      OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\JUANI SALVADOR\Desktop
      Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
      Internet Explorer (Version = 8.0.6001.18702)
      Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

      2,00 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 77,42% Memory free
      3,85 Gb Paging File | 3,05 Gb Available in Paging File | 79,33% Paging File free
      Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
      Drive C: | 53,19 Gb Total Space | 0,39 Gb Free Space | 0,73% Space Free | Partition Type: FAT32
      Drive D: | 53,69 Gb Total Space | 30,96 Gb Free Space | 57,67% Space Free | Partition Type: FAT32

      Computer Name: TONI | User Name: JUANI SALVADOR | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user
      Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

      ========== Processes (SafeList) ==========

      PRC - C:\Documents and Settings\JUANI SALVADOR\Desktop\OTL.exe (OldTimer Tools)
      PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      PRC - C:\Program Files\Panda Security\Panda Internet Security 2010\ApVxdWin.exe (Panda Security, S.L.)
      PRC - C:\Program Files\Panda Security\Panda Internet Security 2010\PAVSRV51.EXE (Panda Security, S.L.)
      PRC - C:\Program Files\Panda Security\Panda Internet Security 2010\AVENGINE.EXE (Panda Security, S.L.)
      PRC - C:\Program Files\Panda Security\Panda Internet Security 2010\psksvc.exe (Panda Security, S.L.)
      PRC - C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrlS.exe (Panda Security, S.L.)
      PRC - C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe (Panda Security, S.L.)
      PRC - C:\Program Files\Panda Security\Panda Internet Security 2010\PavBckPT.exe (Panda Security, S.L.)
      PRC - C:\Program Files\Panda Security\Panda Internet Security 2010\WebProxy.exe (Panda Security, S.L.)
      PRC - C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe (Panda Security, S.L.)
      PRC - c:\Program Files\Panda Security\Panda Internet Security 2010\FIREWALL\PSHost.exe (Panda Security International)
      PRC - C:\Program Files\Panda Security\Panda Internet Security 2010\SrvLoad.exe (Panda Security, S.L.)
      PRC - C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe (Panda Security S.L.)
      PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
      PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
      PRC - C:\Program Files\Acer\OrbiCam\COCIManager.exe (Acer)
      PRC - C:\Program Files\Acer\OrbiCam\VideoEffectsWatcher.exe (Acer)
      PRC - C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer)
      PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech)
      PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
      PRC - C:\Program Files\Launch Manager\WButton.exe ()
      PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
      PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)
      PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
      PRC - C:\Program Files\Launch Manager\OSDCtrl.exe ()
      PRC - C:\WINDOWS\system32\ElkCtrl.exe (Logitech Inc.)


      ========== Modules (No Company Name) ==========

      MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b83c5ae9\mscorlib.dll ()
      MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_928bef76\system.drawing.dll ()
      MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_88e2eb1b\system.xml.dll ()
      MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f8f95e26\system.windows.forms.dll ()
      MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_4d94307b\system.dll ()
      MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
      MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
      MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
      MOD - C:\WINDOWS\system32\quartz.dll ()
      MOD - C:\WINDOWS\system32\sbe.dll ()
      MOD - C:\Program Files\Panda Security\Panda Internet Security 2010\PLATCTRL.bpl ()
      MOD - C:\WINDOWS\system32\msdmo.dll ()
      MOD - C:\WINDOWS\system32\devenum.dll ()
      MOD - C:\Program Files\WinRAR\RarExt.dll ()
      MOD - C:\Program Files\Panda Security\Panda Internet Security 2010\MiniCrypto.dll ()
      MOD - C:\Program Files\Panda Security\Panda Internet Security 2010\APIcr.dll ()
      MOD - C:\Acer\Empowering Technology\eSettings\CPUID.dll ()
      MOD - c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_es_b77a5c561934e089\mscorlib.resources.dll ()
      MOD - c:\windows\assembly\gac\system.resources\1.0.5000.0_es_b77a5c561934e089\system.resources.dll ()
      MOD - c:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_es_b03f5f7f11d50a3a\system.serviceprocess.resources.dll ()
      MOD - c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll ()
      MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
      MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
      MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
      MOD - C:\Program Files\Launch Manager\WButton.exe ()
      MOD - c:\Acer\Empowering Technology\eNet\eNet.dll ()
      MOD - c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll ()
      MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
      MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
      MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
      MOD - C:\Program Files\Launch Manager\OSDCtrl.exe ()
      MOD - C:\Program Files\Panda Security\Panda Internet Security 2010\LIBXML2.DLL ()


      ========== Services (SafeList) ==========

      SRV - (winmgmt) -- C:\DOCUME~1\ALLUSE~1\APPLIC~1\etht7jrx.cpp (Microsoft Corporation)
      SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
      SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
      SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
      SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
      SRV - (VmbService) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
      SRV - (PAVSRV) -- C:\Program Files\Panda Security\Panda Internet Security 2010\PAVSRV51.EXE (Panda Security, S.L.)
      SRV - (PskSvcRetail) -- C:\Program Files\Panda Security\Panda Internet Security 2010\psksvc.exe (Panda Security, S.L.)
      SRV - (Panda Software Controller) -- C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrlS.exe (Panda Security, S.L.)
      SRV - (PAVFNSVR) -- C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe (Panda Security, S.L.)
      SRV - (TPSrv) -- C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe (Panda Security, S.L.)
      SRV - (PSHost) -- c:\Program Files\Panda Security\Panda Internet Security 2010\FIREWALL\PSHost.exe (Panda Security International)
      SRV - (Gwmsrv) -- C:\Program Files\Panda Security\Panda Internet Security 2010\GWMsrv.dll (Panda Security, S.L.)
      SRV - (PSIMSVC) -- C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe (Panda Security S.L.)
      SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe ( )
      SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech)
      SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)
      SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
      SRV - (Programador de LiveUpdate automático) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
      SRV - (rpcapd) -- C:\Program Files\WinPCap\rpcapd.exe (CACE Technologies)


      ========== Driver Services (SafeList) ==========

      DRV - (WDICA) -- File not found
      DRV - (Wbutton) -- C:\WINDOWS\system32\drivers\Wbutton.sys File not found
      DRV - (PDRFRAME) -- File not found
      DRV - (PDRELI) -- File not found
      DRV - (PDFRAME) -- File not found
      DRV - (PDCOMP) -- File not found
      DRV - (PCIDump) -- File not found
      DRV - (PavTPK.sys) -- C:\WINDOWS\system32\PavTPK.sys File not found
      DRV - (PavSRK.sys) -- C:\WINDOWS\system32\PavSRK.sys File not found
      DRV - (mailKmd) -- File not found
      DRV - (lbrtfdc) -- File not found
      DRV - (Changer) -- File not found
      DRV - (AvFlt) -- C:\WINDOWS\system32\drivers\av5flt.sys File not found
      DRV - (ComFiltr) -- C:\WINDOWS\system32\drivers\COMFiltr.sys ()
      DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
      DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
      DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
      DRV - (hwusbfake) -- C:\WINDOWS\system32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
      DRV - (APPFLT) -- C:\WINDOWS\system32\drivers\APPFLT.SYS (Panda Security, S.L.)
      DRV - (NETIMFLT01060039) -- C:\WINDOWS\system32\drivers\neti1639.sys (Panda Security, S.L.)
      DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
      DRV - (WNMFLT) -- C:\WINDOWS\system32\drivers\wnmflt.sys (Panda Security, S.L.)
      DRV - (NETFLTDI) -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS (Panda Security, S.L.)
      DRV - (IDSFLT) -- C:\WINDOWS\system32\drivers\idsflt.sys (Panda Security, S.L.)
      DRV - (DSAFLT) -- C:\WINDOWS\system32\drivers\dsaflt.sys (Panda Security, S.L.)
      DRV - (PAVDRV) -- C:\WINDOWS\system32\drivers\pavdrv51.sys (Panda Security, S.L.)
      DRV - (FNETMON) -- C:\WINDOWS\system32\drivers\fnetmon.sys (Panda Security, S.L.)
      DRV - (tvicport) -- C:\WINDOWS\system32\drivers\TVicPort.sys (EnTech Taiwan)
      DRV - (int15) -- C:\WINDOWS\system32\drivers\int15.sys ()
      DRV - (zntport) -- C:\WINDOWS\system32\drivers\zntport.sys (Zeal SoftStudio)
      DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
      DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys ()
      DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
      DRV - (lv321av) -- C:\WINDOWS\system32\drivers\lv321av.sys (Logitech)
      DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech)
      DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
      DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
      DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
      DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
      DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
      DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
      DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)
      DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)
      DRV - (Hotkey) -- C:\WINDOWS\System32\drivers\HOTKEY.sys ()


      ========== Standard Registry (SafeList) ==========


      ========== Internet Explorer ==========

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.internetvodafone.es
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
      IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
      IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
      IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
      IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112553&tt=060612_8_&babsrc=SP_ss&mntrId=9640a1f00000000000000018ded31035
      IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_es
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      ========== FireFox ==========

      FF - prefs.js..browser.startup.homepage: "http://www.google.es/"
      FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
      FF - user.js - File not found

      FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)


      [2013/10/22 21:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JUANI SALVADOR\Application Data\mozilla\Extensions
      [2013/10/22 21:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JUANI SALVADOR\Application Data\mozilla\Firefox\Profiles\ei4p7ppm.default\extensions

      ========== Chrome ==========

      CHR - default_search_provider: Google (Enabled)
      CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
      CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
      CHR - homepage: http://www.google.com
      CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll
      CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
      CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
      CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll
      CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
      CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
      CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
      CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
      CHR - plugin: Default Plug-in (Enabled) = default_plugin

      O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
      O1 - Hosts: 127.0.0.1 localhost
      O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
      O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
      O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
      O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe ()
      O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
      O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE (Panda Security, S.L.)
      O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
      O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
      O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe (Wistron)
      O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
      O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe File not found
      O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
      O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
      O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
      O4 - HKLM..\Run: [LanzarL2007] "C:\DOCUME~1\JUANIS~1\LOCALS~1\Temp\{3597458F-8B1B-4829-9D96-08D2E61169AD}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x000a" File not found
      O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
      O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
      O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
      O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer)
      O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
      O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer)
      O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
      O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
      O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
      O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
      O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
      O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
      O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
      O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron)
      O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2010\Inicio.exe (Panda Security, S.L.)
      O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
      O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
      O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE1C5718-691A-471A-9E83-35DB3FDDD20D}: DhcpNameServer = 192.168.0.1 192.168.0.1
      O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
      O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
      O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)
      O24 - Desktop WallPaper: C:\WINDOWS\Acertx.bmp
      O24 - Desktop BackupWallPaper: C:\WINDOWS\Acertx.bmp
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2010/07/08 16:43:20 | 000,000,000 | ---- | M] () - C:\Autoexec.bat -- [ FAT32 ]
      O33 - MountPoints2\{0f77b80f-bced-11de-9336-0018ded31035}\Shell\AutoRun\command - "" = F:\
      O33 - MountPoints2\{0f77b80f-bced-11de-9336-0018ded31035}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
      O34 - HKLM BootExecute: (autocheck autochk *)
      O34 - HKLM BootExecute: (MACHINE BootExecut)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*
      O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
      O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

      NetSvcs: 6to4 - File not found
      NetSvcs: Ias - File not found
      NetSvcs: Iprip - File not found
      NetSvcs: NWCWorkstation - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: WmdmPmSp - File not found
      NetSvcs: winmgmt - C:\DOCUME~1\ALLUSE~1\APPLIC~1\etht7jrx.cpp (Microsoft Corporation)

      MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
      MsConfig - StartUpFolder: C:^Documents and Settings^JUANI SALVADOR^Start Menu^Programs^Startup^xrj7thte.lnk - - File not found
      MsConfig - StartUpReg: ares - hkey= - key= - C:\Program Files\Ares\Ares.exe (Ares Development Group)
      MsConfig - StartUpReg: mmtask - hkey= - key= - File not found
      MsConfig - StartUpReg: MMTray - hkey= - key= - File not found
      MsConfig - StartUpReg: MobileBroadband - hkey= - key= - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
      MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
      MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
      MsConfig - State: "system.ini" - 0
      MsConfig - State: "win.ini" - 0
      MsConfig - State: "bootini" - 0
      MsConfig - State: "services" - 0
      MsConfig - State: "startup" - 2

      CREATERESTOREPOINT
      System Restore Service not available.

      ========== Files/Folders - Created Within 30 Days ==========

      [2014/02/26 00:41:20 | 000,000,000 | ---D | C] -- C:\_OTL
      [2014/02/26 00:20:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JUANI SALVADOR\Desktop\OTL.exe
      [2014/02/26 0000 | 000,000,000 | -HSD | C] -- C:\FOUND.000
      [2014/02/25 23:58:57 | 000,000,000 | ---D | C] -- C:\_PoliFix
      [2014/02/25 23:04:49 | 000,183,337 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\etht7jrx.cpp
      [2014/02/17 20:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JUANI SALVADOR\Desktop\Jenny Selection
      [2014/02/13 0015 | 000,000,000 | -HSD | C] -- C:\Config.Msi
      [76 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
      [73 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
      [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

      ========== Files - Modified Within 30 Days ==========

      [2014/02/28 20:08:58 | 000,000,209 | RHS- | M] () -- C:\boot.ini
      [2014/02/28 20:07:08 | 095,027,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xrj7thte.fee
      [2014/02/28 20:00:22 | 000,302,636 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
      [2014/02/28 20:00:22 | 000,302,636 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
      [2014/02/28 20:00:22 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
      [2014/02/28 20:00:22 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
      [2014/02/28 20:00:10 | 000,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys
      [2014/02/28 19:57:18 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
      [2014/02/28 19:57:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\ComponentList.xml
      [2014/02/28 19:57:08 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2014/02/28 19:57:08 | 000,000,562 | ---- | M] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
      [2014/02/28 19:56:54 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\Your File Updater.job
      [2014/02/28 19:56:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
      [2014/02/28 19:56:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2014/02/28 19:56:36 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
      [2014/02/26 23:39:02 | 000,000,838 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
      [2014/02/26 23:36:10 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2014/02/26 12:44:02 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
      [2014/02/26 00:18:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JUANI SALVADOR\Desktop\OTL.exe
      [2014/02/25 23:58:52 | 000,572,430 | ---- | M] () -- C:\Documents and Settings\JUANI SALVADOR\Desktop\polifix.exe
      [2014/02/13 00:26:08 | 000,443,222 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
      [2014/02/13 00:26:08 | 000,072,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
      [2014/02/13 00:15:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
      [2014/02/10 21:57:54 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
      [2014/02/05 23:05:42 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\JUANI SALVADOR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2014/01/29 23:26:52 | 010,143,606 | ---- | M] () -- C:\Documents and Settings\JUANI SALVADOR\Desktop\Guia de restaurantes.pdf
      [76 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
      [73 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
      [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

      ========== Files Created - No Company Name ==========

      [2014/02/25 23:58:47 | 000,572,430 | ---- | C] () -- C:\Documents and Settings\JUANI SALVADOR\Desktop\polifix.exe
      [2014/02/25 23:05:05 | 095,027,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xrj7thte.fee
      [2014/01/29 23:26:50 | 010,143,606 | ---- | C] () -- C:\Documents and Settings\JUANI SALVADOR\Desktop\Guia de restaurantes.pdf
      [2010/04/22 19:37:02 | 000,155,474 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
      [2008/07/31 19:12:15 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\JUANI SALVADOR\default.pls
      [2007/08/10 20:28:03 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\JUANI SALVADOR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [2007/04/06 21:54:10 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\JUANI SALVADOR\Local Settings\Application Data\fusioncache.dat

      ========== ZeroAccess Check ==========

      [2005/03/17 06:52:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 02:12:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 1448 | 000,473,600 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free

      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both

      ========== LOP Check ==========

      [2007/07/14 20:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
      [2007/09/18 22:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
      [2010/07/08 16:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
      [2011/07/29 21:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
      [2012/06/11 23:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
      [2012/09/24 07:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Software
      [2013/10/23 21:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prisa TV
      [2007/10/12 20:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JUANI SALVADOR\Application Data\Musicmatch
      [2010/07/08 16:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JUANI SALVADOR\Application Data\Panda Security
      [2011/07/29 21:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JUANI SALVADOR\Application Data\Vodafone
      [2012/06/11 23:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JUANI SALVADOR\Application Data\YourFileDownloader
      [2012/06/11 23:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JUANI SALVADOR\Application Data\Babylon
      [2013/10/23 21:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JUANI SALVADOR\Application Data\Prisa TV

      ========== Purity Check ==========



      ========== Custom Scans ==========

      < %SYSTEMDRIVE%\*.* >
      [2012/06/11 23:45:04 | 000,001,531 | ---- | M] () -- C:\user.js
      [2005/03/17 06:32:40 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
      [2010/07/08 18:05:20 | 000,250,048 | RHS- | M] () -- C:\ntldr
      [2004/08/10 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
      [2014/02/28 20:08:58 | 000,000,209 | RHS- | M] () -- C:\boot.ini
      [2005/03/17 06:56:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
      [2005/03/17 06:56:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
      [2006/05/24 19:36:00 | 000,000,004 | ---- | M] () -- C:\wps.dat
      [2006/09/28 13:54:30 | 000,000,065 | RHS- | M] () -- C:\Preload.rev
      [2006/09/28 13:54:30 | 000,000,065 | RHS- | M] () -- C:\preload.aaa
      [2006/11/28 17:27:56 | 000,000,595 | -HS- | M] () -- C:\Patch.rev
      [2014/02/28 19:56:34 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
      [2007/04/06 21:56:52 | 000,000,559 | ---- | M] () -- C:\RHDSetup.log
      [2014/02/28 19:56:36 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
      [2010/07/08 16:43:20 | 000,000,000 | ---- | M] () -- C:\Autoexec.bat
      [2008/03/30 19:22:44 | 000,000,000 | ---- | M] () -- C:\AILog.txt

      < End of report >


      Por favor, nos podéis enviar el código para volver a ejecutar otra vez el otl para limpiar el virus?

      Muchas gracias por anticipado,

    2. #2
      Usuario Avatar de xanabundle
      Registrado
      jun 2012
      Ubicación
      Madrid
      Mensajes
      5

      Re: Virus Policia 2014 (resistente a polifix y malware)

      Hola!

      ¿Alguien me puede ayudar con este tema?

      He pasado ya unos cuantos antivirus y sigue ahi. Cualquier pista o ayuda que me podais dar, sera mas que bien recibida.

      Muchas gracias por anticipado

    3. #3
      Moderador
      Avatar de M@co
      Registrado
      dic 2007
      Ubicación
      America
      Mensajes
      15.668

      Re: Virus Policia 2014 (resistente a polifix y malware)

      Hola.

      Realiza lo siguiente:

      1.-Copia el contenido del siguiente recuadro (excepto la palabra código):

      Código:
      :COMMANDS
      [createrestorepoint]
      
      :OTL
      SRV - (winmgmt) -- C:\DOCUME~1\ALLUSE~1\APPLIC~1\etht7jrx.cpp (Microsoft Corporation)
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [LanzarL2007] "C:\DOCUME~1\JUANIS~1\LOCALS~1\Temp\{3597458F-8B1B-4829-9D96-08D2E61169AD}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x000a" File not found
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
      O33 - MountPoints2\{0f77b80f-bced-11de-9336-0018ded31035}\Shell\AutoRun\command - "" = F:\
      O33 - MountPoints2\{0f77b80f-bced-11de-9336-0018ded31035}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
      NetSvcs: winmgmt - C:\DOCUME~1\ALLUSE~1\APPLIC~1\etht7jrx.cpp (Microsoft Corporation)
      [2014/02/25 23:04:49 | 000,183,337 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\etht7jrx.cpp
      [2014/02/28 19:56:54 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\Your File Updater.job
      [2014/02/25 23:05:05 | 095,027,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xrj7thte.fee
      
      
      :services
      
      :reg
      
      :files
      netsh int ip reset c:\resetlog.txt /c
      netsh winsock reset catalog /c
      ipconfig /release /c
      ipconfig /renew /c
      ipconfig /flushdns /c
      C:\*.txt
      
      :commands
      [resethosts]
      [emptytemp]
      [Reboot]
      2.- Ejecuta OTL.exe
      • Pégalo bajo la casilla Análisis Personalizados/Código de Reparación.
      • Cierra todas las ventanas abiertas y luego haz clic en el botón Reparar ubicado en la parte superior.
      • Reinicia el sistema cuando OTL lo pida hacer.
      • Al reiniciar se creará un reporte por defecto en C:\_OTL\MovedFiles, copie y pegue ese log en la próxima respuesta.


      Recuerda dejarnos el reporte y comentar como evoluciona el problema para poder seguir con el tema...

      Saludos.

      Blog | Antivirus Online | Eliminar Malwares | Antivirus Gratis


      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.