Super Virus y spy

bullwar · Mensaje por **bullwar** » 16 Ago 2007, 21:11

ante todo un gusto mi nombre es carlos, Venezuela 30 años de oficio tatuador, bueno siempre he leido el foro en busca de ayuda y de veras que he encontrado soluciones aqui nunca me habia inscrito porque no veia la necesidad de escribir si ya estaba todo resuelto :lol: bueno mi problema es vario: MDM.exe, Querty12.exe otros :lol: ya he pasado el elistar 14.50 en este momento estoy pasando el antivirus online recomendado http://www.ca.com/us/securityadvisor/virusinfo/scan.aspx

enviare copia de elistar infosa.txt , me gustaria que me recomendaran un antivirus, he probado algunos pero igual tengo esos virus, otra cosa no puedo arrancar el pc en modo a prueba de fallos se me reinicia y vuelva a la pantalla de opciones no se si tendra que ver con esos virus, que mas le puedo decir, publicare como logre identificar mas, muchos de estos problemas han venido desde xfire y imageshack.us desde que uso estos programas y website comenzaron todos mis dolores de cabeza ^^ bueno hasta aqui ya parece un testamento saludos

Mensaje por **lucl** » 16 Ago 2007, 21:18

bueno pues encantados de que estes por aqui, pasate tambien elitriip ya que stamos y asi pones el log todo junto, ya sabes te lo dejara en C infosat.txt , saludos y bienvenido al foro

http://www.zonavirus.com/descargas/elitriip.asp

saludos

bullwar · Mensaje por **bullwar** » 17 Ago 2007, 16:39

continuo con problemas =( no se que hacer bueno aqui esta otro intento

C:\Archivos de programa\ESET\infected\BXNPITDA.NQF=>(Quarantine-PE)

Infected with: Trojan.Clicker.Agent.JH

C:\Archivos de programa\ESET\infected\BXNPITDA.NQF=>(Quarantine-PE)

Disinfection failed

C:\Archivos de programa\ESET\infected\BXNPITDA.NQF=>(Quarantine-PE)

Deleted

C:\Archivos de programa\ESET\infected\EOZC4BAA.NQF=>(Quarantine-PE)

Infected with: Trojan.Clicker.Agent.JH

C:\Archivos de programa\ESET\infected\EOZC4BAA.NQF=>(Quarantine-PE)

Disinfection failed

C:\Archivos de programa\ESET\infected\EOZC4BAA.NQF=>(Quarantine-PE)

Deleted

C:\Archivos de programa\ESET\infected\EYK01EDA.NQF=>(Quarantine-PE)

Infected with: Trojan.Clicker.Agent.JH

C:\Archivos de programa\ESET\infected\EYK01EDA.NQF=>(Quarantine-PE)

Disinfection failed

C:\Archivos de programa\ESET\infected\EYK01EDA.NQF=>(Quarantine-PE)

Deleted

C:\Archivos de programa\ESET\infected\JM45SXBA.NQF=>(Quarantine-PE)

Infected with: Trojan.Spy.Bzub.IC

C:\Archivos de programa\ESET\infected\JM45SXBA.NQF=>(Quarantine-PE)

Disinfection failed

C:\Archivos de programa\ESET\infected\JM45SXBA.NQF=>(Quarantine-PE)

Deleted

C:\Archivos de programa\ESET\infected\KEEQGLCA.NQF=>(Quarantine-PE)

Infected with: Trojan.Clicker.Agent.JH

C:\Archivos de programa\ESET\infected\KEEQGLCA.NQF=>(Quarantine-PE)

Disinfection failed

C:\Archivos de programa\ESET\infected\KEEQGLCA.NQF=>(Quarantine-PE)

Deleted

C:\Archivos de programa\ESET\infected\KEXIQVBA.NQF=>(Quarantine-PE)

Infected with: Trojan.Downloader.Small.AHR

C:\Archivos de programa\ESET\infected\KEXIQVBA.NQF=>(Quarantine-PE)

Disinfection failed

C:\Archivos de programa\ESET\infected\KEXIQVBA.NQF=>(Quarantine-PE)

Deleted

C:\Archivos de programa\ESET\infected\KX4240BA.NQF=>(Quarantine-PE)

Infected with: Trojan.Proxy.Wopla.AG

C:\Archivos de programa\ESET\infected\KX4240BA.NQF=>(Quarantine-PE)

Disinfection failed

C:\Archivos de programa\ESET\infected\KX4240BA.NQF=>(Quarantine-PE)

Deleted

C:\Archivos de programa\ESET\infected\KZ13Q0AA.NQF=>(Quarantine-PE)

Infected with: Trojan.Clicker.Agent.JH

C:\Archivos de programa\ESET\infected\KZ13Q0AA.NQF=>(Quarantine-PE)

Disinfection failed

C:\Archivos de programa\ESET\infected\KZ13Q0AA.NQF=>(Quarantine-PE)

Deleted

C:\Archivos de programa\ESET\infected\LHUWIUDA.NQF=>(Quarantine-PE)

Infected with: Trojan.Clicker.Agent.JH

C:\Archivos de programa\ESET\infected\LHUWIUDA.NQF=>(Quarantine-PE)

Disinfection failed

C:\Archivos de programa\ESET\infected\LHUWIUDA.NQF=>(Quarantine-PE)

Deleted

C:\Archivos de programa\ESET\infected\LVWA0DCA.NQF=>(Quarantine-PE)

Infected with: Trojan.Clicker.Agent.JH

C:\Archivos de programa\ESET\infected\LVWA0DCA.NQF=>(Quarantine-PE)

Disinfection failed

C:\Archivos de programa\ESET\infected\LVWA0DCA.NQF=>(Quarantine-PE)

Deleted

C:\Archivos de programa\ESET\infected\RGGPY4CA.NQF=>(Quarantine-PE)

Infected with: MemScan:Trojan.Downloader.HP

C:\Archivos de programa\ESET\infected\RGGPY4CA.NQF=>(Quarantine-PE)

Disinfection failed

C:\Archivos de programa\ESET\infected\RGGPY4CA.NQF=>(Quarantine-PE)

Deleted

C:\Archivos de programa\ESET\infected\TA0O5PCA.NQF=>(Quarantine-PE)

Infected with: Trojan.FatObfus.Gen

C:\Archivos de programa\ESET\infected\TA0O5PCA.NQF=>(Quarantine-PE)

Disinfection failed

C:\Archivos de programa\ESET\infected\TA0O5PCA.NQF=>(Quarantine-PE)

Deleted

C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe

Infected with: Win32.Cuter.A

C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe

Disinfection failed

C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe

Delete failed

C:\avenger\backup-10.08.2007-11.36.28,54.zip=>avenger/pmnljhe.dll

Infected with: Trojan.Agent.ABKH

C:\avenger\backup-10.08.2007-11.36.28,54.zip=>avenger/pmnljhe.dll

Disinfection failed

C:\avenger\backup-10.08.2007-11.36.28,54.zip=>avenger/pmnljhe.dll

Deleted

C:\avenger\backup-10.08.2007-11.36.28,54.zip

Updated

C:\Documents and Settings\kitty\Datos de programa\tmpA.tmp.exe

Infected with: MemScan:Trojan.Dropper.Agent.BON

C:\Documents and Settings\kitty\Datos de programa\tmpA.tmp.exe

Disinfection failed

C:\Documents and Settings\kitty\Datos de programa\tmpA.tmp.exe

Deleted

C:\Documents and Settings\kitty\Datos de programa\tmpB.tmp.exe

Infected with: Trojan.PWS.Ldpinch.TAS

C:\Documents and Settings\kitty\Datos de programa\tmpB.tmp.exe

Disinfection failed

C:\Documents and Settings\kitty\Datos de programa\tmpB.tmp.exe

Deleted

C:\Documents and Settings\kitty\Datos de programa\tmpC.tmp.exe

Infected with: MemScan:Trojan.Juan.V

C:\Documents and Settings\kitty\Datos de programa\tmpC.tmp.exe

Disinfection failed

C:\Documents and Settings\kitty\Datos de programa\tmpC.tmp.exe

Deleted

C:\Documents and Settings\Luis Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\0GPZS0FH\nauj[1]

Infected with: MemScan:Trojan.Juan.V

C:\Documents and Settings\Luis Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\0GPZS0FH\nauj[1]

Disinfection failed

C:\Documents and Settings\Luis Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\0GPZS0FH\nauj[1]

Deleted

C:\Documents and Settings\Luis Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\5O6R71XG\dedamisha[1]

Infected with: Trojan.PWS.Ldpinch.TAS

C:\Documents and Settings\Luis Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\5O6R71XG\dedamisha[1]

Disinfection failed

C:\Documents and Settings\Luis Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\5O6R71XG\dedamisha[1]

Deleted

C:\Documents and Settings\Luis Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\6961ATA7\papamisha[1]

Infected with: MemScan:Trojan.Fotomoto.A

C:\Documents and Settings\Luis Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\6961ATA7\papamisha[1]

Disinfection failed

C:\Documents and Settings\Luis Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\6961ATA7\papamisha[1]

Deleted

C:\Documents and Settings\Luis Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\OHOVK307\ffa_dn[1]

Infected with: MemScan:Trojan.Dropper.Agent.BON

C:\Documents and Settings\Luis Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\OHOVK307\ffa_dn[1]

Disinfection failed

C:\Documents and Settings\Luis Carlos\Configuración local\Archivos temporales de Internet\Content.IE5\OHOVK307\ffa_dn[1]

Deleted

C:\Documents and Settings\Luis Carlos\Configuración local\Temp\tmp1B.tmp.dll

Infected with: MemScan:Trojan.Juan.V

C:\Documents and Settings\Luis Carlos\Configuración local\Temp\tmp1B.tmp.dll

Disinfection failed

C:\Documents and Settings\Luis Carlos\Configuración local\Temp\tmp1B.tmp.dll

Delete failed

C:\Documents and Settings\Luis Carlos\Datos de programa\hidires\rosa.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\Documents and Settings\Luis Carlos\Datos de programa\hidires\rosa.sys

Disinfection failed

C:\Documents and Settings\Luis Carlos\Datos de programa\hidires\rosa.sys

Deleted

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp18.tmp.exe

Infected with: MemScan:Trojan.Dropper.Agent.BON

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp18.tmp.exe

Disinfection failed

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp18.tmp.exe

Deleted

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp19.tmp.exe

Infected with: MemScan:Trojan.Dropper.Agent.BON

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp19.tmp.exe

Disinfection failed

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp19.tmp.exe

Deleted

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp1A.tmp.exe

Infected with: MemScan:Trojan.Fotomoto.A

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp1A.tmp.exe

Disinfection failed

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp1A.tmp.exe

Deleted

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp1B.tmp.exe

Infected with: MemScan:Trojan.Juan.V

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp1B.tmp.exe

Disinfection failed

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp1B.tmp.exe

Deleted

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp1C.tmp.exe

Infected with: Trojan.PWS.Ldpinch.TAS

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp1C.tmp.exe

Disinfection failed

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp1C.tmp.exe

Deleted

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp20.tmp.exe

Infected with: Trojan.PWS.Ldpinch.TAS

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp20.tmp.exe

Disinfection failed

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp20.tmp.exe

Deleted

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp4E.tmp.exe

Infected with: MemScan:Trojan.Fotomoto.A

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp4E.tmp.exe

Disinfection failed

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp4E.tmp.exe

Deleted

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp4F.tmp.exe

Infected with: Trojan.PWS.Ldpinch.TAS

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp4F.tmp.exe

Disinfection failed

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp4F.tmp.exe

Deleted

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp7.tmp.exe

Infected with: MemScan:Trojan.Dropper.Agent.BON

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp7.tmp.exe

Disinfection failed

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp7.tmp.exe

Deleted

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp8.tmp.exe

Infected with: Trojan.PWS.Ldpinch.TAS

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp8.tmp.exe

Disinfection failed

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp8.tmp.exe

Deleted

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp9.tmp.exe

Infected with: MemScan:Trojan.Juan.V

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp9.tmp.exe

Disinfection failed

C:\Documents and Settings\Luis Carlos\Datos de programa\tmp9.tmp.exe

Deleted

C:\Documents and Settings\Luis Carlos\Datos de programa\tmpA.tmp.exe

Infected with: Trojan.PWS.Ldpinch.TAS

C:\Documents and Settings\Luis Carlos\Datos de programa\tmpA.tmp.exe

Disinfection failed

C:\Documents and Settings\Luis Carlos\Datos de programa\tmpA.tmp.exe

Deleted

C:\Documents and Settings\Luis Carlos\Datos de programa\tmpD.tmp.exe

Infected with: MemScan:Trojan.Dropper.Agent.BON

C:\Documents and Settings\Luis Carlos\Datos de programa\tmpD.tmp.exe

Disinfection failed

C:\Documents and Settings\Luis Carlos\Datos de programa\tmpD.tmp.exe

Deleted

C:\Documents and Settings\Luis Carlos\Datos de programa\tmpE.tmp.exe

Infected with: Trojan.PWS.Ldpinch.TAS

C:\Documents and Settings\Luis Carlos\Datos de programa\tmpE.tmp.exe

Disinfection failed

C:\Documents and Settings\Luis Carlos\Datos de programa\tmpE.tmp.exe

Deleted

C:\Documents and Settings\Luis Carlos\Datos de programa\tmpF.tmp.exe

Infected with: MemScan:Trojan.Juan.V

C:\Documents and Settings\Luis Carlos\Datos de programa\tmpF.tmp.exe

Disinfection failed

C:\Documents and Settings\Luis Carlos\Datos de programa\tmpF.tmp.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049360.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049360.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049360.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049377.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049377.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049377.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049415.sys

Infected with: Win32.Bagle.SRM@mm

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049415.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049415.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049454.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049454.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049454.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049493.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049493.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049493.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049529.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049529.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049529.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP125\A0049553.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP125\A0049553.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP125\A0049553.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP125\A0049577.sys

Infected with: Trojan.Rootkit.Agent.NBB

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP125\A0049577.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP125\A0049577.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP126\A0049602.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP126\A0049602.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP126\A0049602.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP126\A0049624.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP126\A0049624.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP126\A0049624.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP126\A0050626.sys

Infected with: Win32.Bagle.SRM@mm

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP126\A0050626.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP126\A0050626.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP132\A0050975.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP132\A0050975.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP132\A0050975.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP134\A0051134.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP134\A0051134.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP134\A0051134.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP134\A0051174.sys

Infected with: Win32.Bagle.SRM@mm

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP134\A0051174.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP134\A0051174.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP134\A0051195.exe

Infected with: BehavesLike:Win32.ExplorerHijack

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP134\A0051195.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP134\A0051195.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP134\A0052149.sys

Infected with: Win32.Bagle.SRM@mm

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP134\A0052149.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP134\A0052149.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP134\A0052182.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP134\A0052182.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP134\A0052182.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0052197.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0052197.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0052197.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0052207.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0052207.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0052207.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0052242.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0052242.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0052242.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0053238.sys

Infected with: Trojan.Rootkit.Agent.NBB

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0053238.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0053238.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0053302.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0053302.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0053302.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0053326.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0053326.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP135\A0053326.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP136\A0053358.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP136\A0053358.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP136\A0053358.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP136\A0053368.exe

Infected with: Win32.Bagle.SRY@mm

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP136\A0053368.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP136\A0053368.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP136\A0053370.exe

Infected with: Backdoor.Agent.YUN

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP136\A0053370.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP136\A0053370.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP136\A0053381.exe

Infected with: Win32.Worm.Bagle.ZIU

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP136\A0053381.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP136\A0053381.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0053582.exe

Infected with: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0053582.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0053582.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054528.exe

Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054528.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054561.exe

Infected with: Trojan.Obfuscated.HA

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054561.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054561.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054562.exe

Infected with: Trojan.Obfuscated.GU

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054562.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054562.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054563.exe

Infected with: Trojan.Obfuscated.GZ

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054563.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054563.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054564.exe

Infected with: Trojan.FatObfus.AF

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054564.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054565.exe

Infected with: Trojan.Obfuscated.GZ

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054565.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054565.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054566.exe

Infected with: Win32.Bagle.SRM@mm

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054566.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054566.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054567.exe

Infected with: Win32.Bagle.SRM@mm

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054567.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054567.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054568.exe

Infected with: Win32.Bagle.SRM@mm

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054568.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054568.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054569.exe

Infected with: Win32.Bagle.SRM@mm

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054569.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054569.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054570.exe

Infected with: Win32.Bagle.SRM@mm

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054570.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054570.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054571.exe

Infected with: Win32.Bagle.SRM@mm

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054571.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054571.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054572.exe

Infected with: Win32.Bagle.SRM@mm

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054572.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054572.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054573.exe

Infected with: Win32.Worm.Bagle.ZIT

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054573.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054573.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054574.exe

Infected with: Win32.Worm.Bagle.ZIT

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054574.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054574.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054575.exe

Infected with: Win32.Worm.Bagle.ZIT

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054575.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054575.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054576.exe

Infected with: Win32.Worm.Bagle.ZIT

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054576.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054576.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054577.exe

Infected with: Win32.Worm.Bagle.ZIT

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054577.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054577.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054578.exe

Infected with: Win32.Worm.Bagle.ZIT

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054578.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054578.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054579.exe

Infected with: Win32.Worm.Bagle.ZIT

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054579.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054579.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054582.dll

Infected with: MemScan:Trojan.Juan.V

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054582.dll

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054582.dll

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054643.exe

Infected with: MemScan:Trojan.Juan.V

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054643.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP140\A0054643.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP147\A0056853.exe

Infected with: MemScan:Trojan.Dropper.Agent.BON

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP147\A0056853.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP147\A0056853.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP147\A0056855.exe

Infected with: Trojan.PWS.Ldpinch.TAS

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP147\A0056855.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP147\A0056855.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP147\A0056863.dll

Infected with: Trojan.Agent.ABKH

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP147\A0056863.dll

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP147\A0056863.dll

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0056998.exe

Infected with: MemScan:Trojan.Fotomoto.A

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0056998.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0056998.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0056999.exe

Infected with: Trojan.PWS.Ldpinch.TAS

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0056999.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0056999.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057000.exe

Infected with: MemScan:Trojan.Juan.V

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057000.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057000.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057016.exe

Infected with: MemScan:Trojan.Dropper.Agent.BON

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057016.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057016.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057017.exe

Infected with: Trojan.PWS.Ldpinch.TAS

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057017.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057017.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057018.exe

Infected with: MemScan:Trojan.Juan.V

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057018.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057018.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057019.sys

Infected with: Trojan.Rootkit.Agent.NBD

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057019.sys

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057019.sys

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057020.exe

Infected with: MemScan:Trojan.Dropper.Agent.BON

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057020.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057020.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057021.exe

Infected with: Trojan.PWS.Ldpinch.TAS

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057021.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057021.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057022.exe

Infected with: MemScan:Trojan.Fotomoto.A

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057022.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057022.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057023.exe

Infected with: Trojan.PWS.Ldpinch.TAS

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057023.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057023.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057024.exe

Infected with: MemScan:Trojan.Dropper.Agent.BON

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057024.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057024.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057025.exe

Infected with: Trojan.PWS.Ldpinch.TAS

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057025.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057025.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057026.exe

Infected with: MemScan:Trojan.Juan.V

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057026.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057026.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057027.exe

Infected with: Trojan.PWS.Ldpinch.TAS

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057027.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057027.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057028.exe

Infected with: MemScan:Trojan.Dropper.Agent.BON

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057028.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057028.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057029.exe

Infected with: Trojan.PWS.Ldpinch.TAS

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057029.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057029.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057030.exe

Infected with: MemScan:Trojan.Juan.V

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057030.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057030.exe

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057032.dll

Infected with: MemScan:Trojan.Juan.V

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057032.dll

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057033.dll

Infected with: MemScan:Trojan.Juan.V

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057033.dll

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057034.dll

Infected with: MemScan:Trojan.Juan.V

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057034.dll

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057035.dll

Infected with: MemScan:Trojan.Juan.V

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057035.dll

Deleted

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057036.exe

Infected with: Trojan.Fotomoto.A

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057036.exe

Disinfection failed

C:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057036.exe

Deleted

C:\WINDOWS\system32\cab400.dll

Infected with: Trojan.Downloader.ConHook.BE

C:\WINDOWS\system32\cab400.dll

Disinfection failed

C:\WINDOWS\system32\cab400.dll

Delete failed

C:\WINDOWS\system32\dAkvBDhd.exe

Infected with: GenPack:Win32.Worm.Luder.F

C:\WINDOWS\system32\dAkvBDhd.exe

Disinfection failed

C:\WINDOWS\system32\dAkvBDhd.exe

Deleted

C:\WINDOWS\system32\flec003.exe

Infected with: Win32.Worm.Bagle.ZIU

C:\WINDOWS\system32\flec003.exe

Disinfection failed

C:\WINDOWS\system32\flec003.exe

Deleted

C:\WINDOWS\system32\NeroCheck.exe

Infected with: Win32.Cuter.A

C:\WINDOWS\system32\NeroCheck.exe

Disinfection failed

C:\WINDOWS\system32\NeroCheck.exe

Deleted

C:\WINDOWS\vsnpstd2.exe

Infected with: Win32.Cuter.A

C:\WINDOWS\vsnpstd2.exe

Disinfection failed

C:\WINDOWS\vsnpstd2.exe

Deleted

D:\Archivos de programa\Active GIF Creator 2.18\AGif.exe

Infected with: Trojan.Dldr.Anskya.A

D:\Archivos de programa\Active GIF Creator 2.18\AGif.exe

Disinfection failed

D:\Archivos de programa\Active GIF Creator 2.18\AGif.exe

Deleted

D:\Archivos de programa\incoming para grabar\Active Gif Creator 2.17 + crack.zip=>Active.Gif.Creator.v2.16.Crack.zip=>AGif.exe

Infected with: Trojan.Dldr.Anskya.A

D:\Archivos de programa\incoming para grabar\Active Gif Creator 2.17 + crack.zip=>Active.Gif.Creator.v2.16.Crack.zip=>AGif.exe

Disinfection failed

D:\Archivos de programa\incoming para grabar\Active Gif Creator 2.17 + crack.zip=>Active.Gif.Creator.v2.16.Crack.zip=>AGif.exe

Deleted

D:\Archivos de programa\incoming para grabar\Active Gif Creator 2.17 + crack.zip=>Active.Gif.Creator.v2.16.Crack.zip

Updated

D:\Archivos de programa\incoming para grabar\Active Gif Creator 2.17 + crack.zip

Updated

D:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP123\A0049267.exe

Infected with: Trojan.Dldr.Anskya.A

D:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP123\A0049267.exe

Disinfection failed

D:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP123\A0049267.exe

Deleted

D:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049395.exe

Infected with: Win32.Worm.Bagle.ZIU

D:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049395.exe

Disinfection failed

D:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049395.exe

Deleted

D:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049398.exe

Infected with: Trojan.Dldr.Anskya.A

D:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049398.exe

Disinfection failed

D:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP124\A0049398.exe

Deleted

D:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057048.exe

Infected with: Trojan.Dldr.Anskya.A

D:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057048.exe

Disinfection failed

D:\System Volume Information\_restore{9040E1B7-1A82-4DC7-94B8-6C20B5A41CDC}\RP149\A0057048.exe

Deleted

Mensaje por **lucl** » 17 Ago 2007, 17:48

[quote="lucl"]bueno pues encantados de que estes por aqui, pasate tambien elitriip ya que stamos y asi pones el log todo junto, ya sabes te lo dejara en C infosat.txt , saludos y bienvenido al foro

http://www.zonavirus.com/descargas/elitriip.asp

saludos[/quote]

y complementa con elistara, y eso es el informe que tienes pegarnos, saludos

http://www.zonavirus.com/descargas/elistara.asp

bullwar · Mensaje por **bullwar** » 17 Ago 2007, 21:58

listo pero todavia sigue apareciendo este señor qwerty12.exe, un sereneti.exe me habren una pagina winantivirus2007.com estoy :evil: casi formateo el disco

bullwar · Mensaje por **bullwar** » 17 Ago 2007, 22:05

Thu Mar 22 13:10:19 2007

EliStartPage v13.59 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Por favor, envienos una muestra del fichero

C:\Muestras\XPUPDATE.EXE.Muestra EliStartPage v13.59

a "virus@satinfo.es". Gracias.

C:\WINDOWS\XPUPDATE.EXE --> Eliminado

C:\WINDOWS\SYSTEM32\DLH9JKD1Q8.EXE --> Eliminado (Fichero Complementario).

C:\Documents and Settings\Luis Carlos\Datos de programa\Install.dat --> Eliminado (Fichero Complementario).

Entrada Eliminada [HKLM\...\Run] "Alcmtr"="ALCMTR.EXE"

Entrada Eliminada [HKLM\...\Run] "System"="C:\WINDOWS\system32\kernels32.exe"

Entrada Eliminada [HKCU\...\Run] "Windows update loader"="C:\Windows\xpupdate.exe"

Eliminada Carpeta "%WinSys%\LogFiles"

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

No detectado Parche MS06-070 de Microsoft instalado. (SServidor)

ALERTA. WindowsUpdate Incompleto.

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Thu Mar 22 13:11:32 2007

EliStartPage v13.59 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Archivos de programa\On-line Help Console\INFOVIEW.EXE --> Eliminado, Spy.Delf (BHO)

C:\Documents and Settings\Luis Carlos\Escritorio\VARIOS\MuServer\CzF Editor\CZFMU.DLL --> Eliminado, PWS-WoW

C:\WINDOWS\system32\Tools\COUNTER.EXE --> Eliminado, Restart

C:\WINDOWS\system32\Tools\RESTART.EXE --> Eliminado, Restart

Thu Mar 22 13:14:56 2007

EliStartPage v13.59 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

D:\Nero 7\Nero Vision\NVDV.DLL --> Eliminado, Hotbar

D:\programas\muserver\MuServer\Data\MUSHOP.EXE --> Eliminado, DriverLoad (Clicker.Delf.CN)

Thu Mar 22 13:18:01 2007

EliStartPage v13.59 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

Thu Mar 22 13:18:27 2007

EliStartPage v13.59 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

Thu Mar 22 14:18:30 2007

EliStartPage v13.59 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

No detectado Parche MS06-070 de Microsoft instalado. (SServidor)

ALERTA. WindowsUpdate Incompleto.

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Thu Mar 22 14:18:35 2007

EliStartPage v13.59 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

Wed Mar 28 18:33:23 2007

EliStartPage v13.59 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Linea Eliminada del HOSTS --> 127.0.0.1 bin.errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 de.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 de.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.systemdoctor.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.windrivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 dynamique.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 es.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 fr.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 fr.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 hk.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 jsp.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 kb.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 kb.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 nl.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 se.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispam.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispy.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 support.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 trial.updates.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 ulog.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winfixer2006.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.systemdoctor.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.utils.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.win-anti-virus-pro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.win-virus-pro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantispam.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantispy.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantiviruspro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.windrivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.windrivesafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winfixer2006.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winsoftware.com ## added by CiD

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

No detectado Parche MS06-070 de Microsoft instalado. (SServidor)

ALERTA. WindowsUpdate Incompleto.

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Wed Mar 28 18:49:00 2007

EliStartPage v13.59 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

D:\programas\Files server y cliente 99.96 por Ctz\muserver 99.96 CTZ\MuServer\CzFMuEditorV1.5a\CZFMU.DLL --> Eliminado, PWS-WoW

D:\programas\Nueva carpeta\MuServer\util\CzFMuEditorV1.2\CZFMU.DLL --> Eliminado, PWS-WoW

D:\RECYCLER\S-1-5-21-1417001333-1965331169-839522115-1003\Dd302\CzFMuEditorV1.5a\CZFMU.DLL --> Eliminado, PWS-WoW

Thu Mar 29 08:05:25 2007

EliStartPage v13.59 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

No detectado Parche MS06-070 de Microsoft instalado. (SServidor)

ALERTA. WindowsUpdate Incompleto.

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Thu Mar 29 08:05:31 2007

EliStartPage v13.59 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

Thu Mar 29 08:15:22 2007

EliStartPage v13.59 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Documents and Settings\All Users\Datos de programa\FORD OWNS MEMO EQ\KIND BIRD.EXE --> Eliminado, Swizzor(lop)

C:\Documents and Settings\Luis Carlos\Datos de programa\2 great\TITYYETK.EXE --> Eliminado, Swizzor(lop)

Thu Mar 29 08:19:25 2007

EliStartPage v13.59 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

Thu Mar 29 08:23:23 2007

EliStartPage v13.59 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

Thu Mar 29 08:30:31 2007

EliStartPage v13.59 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

Thu Mar 29 08:31:15 2007

EliStartPage v13.59 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

Tue Apr 03 17:20:04 2007

EliStartPage v13.69 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

No detectado Parche MS06-070 de Microsoft instalado. (SServidor)

ALERTA. WindowsUpdate Incompleto.

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Tue Apr 03 17:21:07 2007

EliStartPage v13.69 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

Tue Apr 03 17:26:02 2007

EliStartPage v13.69 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

Thu Aug 02 14:43:32 2007

EliLeslie v1.0 (c)2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB --> Renombrado a .VIR

Thu Aug 02 14:43:41 2007

EliLeslie v1.0 (c)2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB --> Renombrado a .VIR

Thu Aug 02 14:43:49 2007

EliLeslie v1.0 (c)2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

Thu Aug 02 14:45:40 2007

EliLeslie v1.0 (c)2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

Thu Aug 02 14:47:52 2007

EliStartPage v14.50 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\ALCMTR.EXE --> Eliminado SpyRealtek

Por favor, envienos una muestra del fichero

C:\Muestras\WEBASSIST.DLL.Muestra EliStartPage v14.50

a "virus@satinfo.es". Gracias.

C:\WINDOWS\WEBASSIST.DLL --> Eliminado

Eliminada Class, "{85589B5D-D53D-4237-A677-46B82EA275F3}" -> C:\WINDOWS\WebAssist.dll

Eliminada Clave "HKLM\...\Image File Execution Options\Your Image File Name Here without a path"

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

No detectado Parche MS06-070 de Microsoft instalado. (SServidor)

ALERTA. WindowsUpdate Incompleto.

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Thu Aug 02 14:49:16 2007

EliStartPage v14.50 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Archivos de programa\Motorola Phone Tools\CCM.DLL --> Eliminado, MoviePass

C:\Archivos de programa\Realtek\InstallShield\ALCMTR.EXE --> Eliminado, SpyRealtek

Thu Aug 02 14:55:16 2007

EliStartPage v14.50 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

Exploración Detenida por el Usuario.

Thu Aug 02 14:58:12 2007

EliStartPage v14.50 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

D:\Archivos de programa\Adobe\Adobe Photoshop CS3\MATLAB\PSTOOLBOX.HTML --> Eliminado, MalWare.Celular

Sat Aug 04 12:59:55 2007

EliStartPage v14.50 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Linea Eliminada del HOSTS --> 127.0.0.1 bin.errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 br.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 cdn.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 de.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 de.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.systemdoctor.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.windrivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 download.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 dynamique.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 es.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 fr.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 fr.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 go.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 hk.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 jsp.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 kb.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 kb.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 nl.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 se.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispam.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispy.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 support.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 trial.updates.winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 ulog.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 utils.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winfixer2006.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 winsoftware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.drivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.errorprotector.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.errorsafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.systemdoctor.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.utils.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.win-anti-virus-pro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.win-virus-pro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantispam.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantispy.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantispyware.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantivirus.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winantiviruspro.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.windrivecleaner.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.windrivesafe.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winfixer.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winfixer2006.com ## added by CiD

Linea Eliminada del HOSTS --> 127.0.0.1 http://www.winsoftware.com ## added by CiD

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

No detectado Parche MS06-070 de Microsoft instalado. (SServidor)

ALERTA. WindowsUpdate Incompleto.

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Sat Aug 04 13:00:07 2007

EliStartPage v14.50 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

Sat Aug 04 13:05:28 2007

EliStartPage v14.50 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

Sat Aug 04 18:15:19 2007

EliLeslie v1.0 (c)2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB --> Renombrado a .VIR

Sat Aug 04 18:15:21 2007

EliLeslie v1.0 (c)2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

Sat Aug 04 18:15:29 2007

EliStartPage v14.50 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

No detectado Parche MS06-070 de Microsoft instalado. (SServidor)

ALERTA. WindowsUpdate Incompleto.

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Sat Aug 04 18:15:39 2007

EliStartPage v14.50 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

Thu Aug 16 13:50:53 2007

EliStartPage v14.50 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Key Eliminada [WinLogon\Notify\CAB400] -> C:\WINDOWS\SYSTEM32\cab400.dll

Por favor, envienos una muestra del fichero

C:\Muestras\CAB400.DLL.Muestra EliStartPage v14.50

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\CAB400.DLL --> Acceso Denegado.

Eliminado Servicio, "DomainService"

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

No detectado Parche MS06-070 de Microsoft instalado. (SServidor)

ALERTA. WindowsUpdate Incompleto.

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Thu Aug 16 13:52:09 2007

EliStartPage v14.50 (c)2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\WINDOWS\system32\QWERTY12.EXE --> Eliminado, FotoMoto

No Detectada Utilidad "ELINOTIF.DLL" (Necesaria para la Limpieza)

Thu Aug 16 15:23:56 2007

EliTriIP v3.78 (c)2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

No detectado Parche MS06-070 de Microsoft instalado. (SServidor)

ALERTA. WindowsUpdate Incompleto.

Thu Aug 16 15:24:04 2007

EliTriIP v3.78 (c)2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Archivos de programa\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\autorun.inf --> Eliminado, BackDoor.CMQ (inf)

C:\Archivos de programa\HP\Temp\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\autorun.inf --> Eliminado, BackDoor.CMQ (inf)

C:\Archivos de programa\Motorola Phone Tools\widcomm\Autorun.inf --> Eliminado, BackDoor.CMQ (inf)

C:\Documents and Settings\Luis Carlos\Escritorio\basura\swat4\Herramientas swat4\Auto-Download-Mod-v8.exe --> Eliminado, Bifrose (dropper)

C:\WINDOWS\select2.exe --> Eliminado, Malware(winsys)

Thu Aug 16 15:27:58 2007

EliTriIP v3.78 (c)2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

Mensaje por **lucl** » 18 Ago 2007, 11:05

debes enviarnos las muestras que te dejo elistara en la carpeta del mismo nombre en C

https://foros.zonavirus.com/viewtopic.php?f=2&t=45334

y despues mirar si tienes en inicio todos los programas uno que se llame helpcid, ayudacid o similar, lo mismo busca en agregar o quitar programas , si lo tienes eliminalo si no , no se ira nunca el cid, y peganos el log de hijackthis, saludos

~~[b]~~

[color=yellow]HJT : (HiJackThis)[/color][/b]

[i]¿Como utilizar el Hijackthis ?[/i]

Lo primero que debemos hacer es descargarlo en nuestro ordenador y lócalo en una carpeta propia C:\HijackThis\

Ejecútalo y presiona el botón "~~[b]~~Do a system scan and save a logfile[/b]"; el programa realizará el escaneo e inmediatamente generará el Log, sólo te pedira el nombre del archivo y su ubicación, puedes simplemente guardarlo así como está.

Se abrirá el Bloc de Notas, copia todo el contenido y pégalo como respuesta de este Tema

· [url=http://www.zonavirus.com/descargas/trendmicro-hijackthis.asp]~~[b]~~Descargar Hijackthis[/b][/url]

Tras analizarlo, informaremos

bullwar · Mensaje por **bullwar** » 18 Ago 2007, 17:13

Logfile of HijackThis v1.99.1

Scan saved at 11:12:50 a.m., on 18/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

C:\Archivos de programa\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\system32\qwerty12.exe

C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\878RMTMon.exe

D:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe

C:\WINDOWS\878RMT.exe

C:\Archivos de programa\Comodo\Firewall\CPF.exe

C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

D:\Archivos de programa\honestech Video Patrol 4.4\scheduler.exe

C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe

d:\Archivos de programa\honestech Video Patrol 4.4\UPnPAgent.exe

C:\Archivos de programa\HP\Digital Imaging\bin\hpqimzone.exe

C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe

C:\ARCHIV~1\HP\DIGITA~1\PRODUC~1\bin\hprblog.exe

C:\Documents and Settings\Luis Carlos\Escritorio\elitriip.exe

C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\explorer.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {bd3a9821-31ac-451f-a42f-2b159f4eb026} - C:\WINDOWS\system32\cab400.dll

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp8.tmp.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\878RMTMon.exe

O4 - HKLM\..\Run: [CloneCDTray] "d:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Archivos de programa\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\yaxvst.dll",forkonce

O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"

O4 - HKLM\..\Run: [AVPCC] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait

O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: honestech Video Patrol 4.4 Scheduler.lnk = D:\Archivos de programa\honestech Video Patrol 4.4\scheduler.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicio rápido de HP Image Zone.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARCHIV~1\ARCHIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: cab400 - C:\WINDOWS\SYSTEM32\cab400.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Archivos de programa\Comodo\Firewall\cmdagent.exe

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\PC Connectivity Solution\ServiceLayer.exe

lighu_07 · Mensaje por **lighu_07** » 18 Ago 2007, 17:19

a mi tambien se me abria winantivirus2007.com systemdoctor.com drivercleaner.com la unica solucion que tuve fue formatear el disco si no encontras solucion lo vas a tener que formatear.suerte

bullwar · Mensaje por **bullwar** » 20 Ago 2007, 16:19

pues que me cuentas, ya tuve que hacerlo hehehehehhe bueno la solucion que encontre fue esa, tengo algunas muestras que enviare a la seccion del foro, tengo el pc como nuevo formateado y reinstalado, ahora tengo firefox como explorador , comodo como anti spy y nod32 como antivirus bueno recuerdo bien que ese problema de esas paginas comenzo cuando descargue un anti spy de softonic.com pero asi se aprende para no volverlo hacer ahora solo confio en Zona Virus (Satinfo) enviare las muestras a ver si pueden encontrarle una solucion a esos spy y asi puedan ayudar a

otra persona que lo necesite gracias seguire leyendo,consultando igual antes de instalar :wink:

Mensaje por **msc hotline sat** » 20 Ago 2007, 19:26

Pues aparte de las muestras solicitadas, hay un fichero muy sospechoso:

C:\WINDOWS\system32\qwerty12.exe

mira de enviarnoslo tambien para analizar

->~~[b]~~ Para ello recordar[/b]: https://foros.zonavirus.com/viewtopic.php?f=2&t=45334

y mientras puedes renombrar su extension a .VIR para que no se ponga en marcha a partir del proximo reinicio.

saludos

ms, 20-08-2007

nota: y no confundir zonavirus con SATINFO, si bien el foro está patrocinado por dicha empresa, su accionariado no tiene nada que ver. ms.

bullwar · Mensaje por **bullwar** » 24 Ago 2007, 20:36

Roger boss todo hasta ahora va perfecto nada de problemas sigo las recomendaciones

Mensaje por **msc hotline sat** » 24 Ago 2007, 20:42

Pues cuando recibamos las muestras, las analizaremos e implementaremos su control y eliminacion, si procede, en nuestras utilidades

saludos

ms, 24-08-2007

nota: Pero será a partir del lunes, ya que ahora estamos de vacaciones en SATINFO. ms.

bullwar · Mensaje por **bullwar** » 10 Sep 2007, 16:40

Hola, bueno les cuento hasta ahora todo perfecto mi pc esta 100% en buen estado me he dispuesto a utilizar mis herramientas de trabajo y al tratar de usar un programa que usaba frecuentemente y no lo habia instado aun el comodo me reporta que esta tratando de usar un dll, asi que quise preguntar antes haber si no habia problemas con ese dll, el programa se llama Fraps

3.3 es para capturas de videos no se porque intenta conectarse a internet, bueno gracias de antemano

Super Virus y spy

Super Virus y spy

=)