Ordenador con varios problemas (SOLUCIONADO)

arcangelet · Mensaje por **arcangelet** » 12 Feb 2009, 23:19

Hola, os escribo por que no se ni por donde empezar con mi ordenador.

Muchas veces al iniciarlo m dice que el explorer debe cerrarse, le doy y se reactiva solo (osea que no hay problema, quitando la molestia de que salga siempre eso). Ademas, cuando abro el messenger se me are el windows installer, y al cabo de un minuto o asi, se abre por fin el messenger. Por ultimo tengo varios troyanos, o lo que sean. El expiorer, creo que es uno de ellos. Os mando lo del hijackthis, como he visto que hacen los demas, y a ver si me podeis hechar una mano. Gracias anticipadamente.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:11:19, on 12/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe

C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe

C:\Archivos de programa\Intel\Wireless\Bin\ZcfgSvc.exe

C:\archivos de programa\relevantknowledge\rlvknlg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\expiorer.exe

C:\ARCHIV~1\Intel\Wireless\Bin\1XConfig.exe

C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\ATKKBService.exe

C:\Archivos de programa\Bonjour\mDNSResponder.exe

C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\RemoteControlService.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe

C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Archivos de programa\ASUS\ASUS Live Update\ALU.exe

C:\Archivos de programa\ASUS\Wireless Console\wcourier.exe

C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe

C:\Archivos de programa\ASUSTek\ASUSDVD\PDVDServ.exe

C:\Archivos de programa\ASUS\Power4 Gear\BatteryLife.exe

C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe

C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe

C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe

C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Archivos de programa\My Lockbox\flockbox.exe

C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe

C:\Archivos de programa\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Archivos de programa\Ares\Ares.exe

C:\Archivos de programa\ATnotes\ATnotes.exe

C:\Archivos de programa\ASUS\Asus ChkMail\ChkMail.exe

C:\Archivos de programa\iPod\bin\iPodService.exe

C:\Archivos de programa\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\Archivos de programa\Windows Desktop Search\WindowsSearchIndexer.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\AhnRpta.exe

C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE

C:\Archivos de programa\internet explorer\iexplore.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.83.11.66:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Archivos de programa\Give4Free Plugin\ibho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Archivos de programa\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [ASUS Live Update] C:\Archivos de programa\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [Wireless Console] C:\Archivos de programa\ASUS\Wireless Console\wcourier.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\ASUSTek\ASUSDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Archivos de programa\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [IntelZeroConfig] C:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exe

O4 - HKLM\..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] C:\Archivos de programa\Intel\Wireless\Bin\EOUWiz.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [flockbox] C:\Archivos de programa\My Lockbox\flockbox.exe /a

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [RelevantKnowledge] C:\archivos de programa\relevantknowledge\rlvknlg.exe -boot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe

O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe

O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe

O4 - HKCU\..\Run: [ertyuop] C:\WINDOWS\system32\rttrwq.exe

O4 - HKCU\..\Run: [anhtaas] C:\WINDOWS\system32\cvsdfw.exe

O4 - HKCU\..\Run: [ATnotes.exe] C:\Archivos de programa\ATnotes\ATnotes.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: ASUS ChkMail.lnk = C:\Archivos de programa\ASUS\Asus ChkMail\ChkMail.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Archivos de programa\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5E21BEF3-0DD7-407A-8AF5-5F21E36203DC}: NameServer = 194.224.52.37,194.224.52.36

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: RelevantKnowledge - C:\archivos de programa\relevantknowledge\rlls.dll

O21 - SSODL: UpdateCheck - {69709D2E-C55D-424D-A89B-309E2F4A17D3} - C:\WINDOWS\system32\mstmdm.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe

O23 - Service: EvtEng - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe

O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe

O23 - Service: OwnershipProtocol - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\OProtSvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Archivos de programa\Archivos comunes\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: Windows Management Prints System (spoo1v) - Unknown owner - spoo1v.exe (file missing)

--

End of file - 13377 bytes

julibaga · Mensaje por **julibaga** » 13 Feb 2009, 00:56

Sí, el expiorer.exe es uno de ellos.

Bájate el Elistara que creo que ya lo controla.

http://www.zonavirus.com/descargas/elistara.asp

Cuando termines te gererará el c:\infosat.txt Lo abres, copias el todo el contenido y lo pegas en tu siguiente post par ver los resultados. Y dinos si ya quedó resulto el problema o si de lo contrario hay que hacer más cosas.

Mensaje por **msc hotline sat** » 13 Feb 2009, 08:48

Y tras ello, mira los que te quedan de estos y envianoslos para analizar y controlar:

C:\archivos de programa\relevantknowledge\rlvknlg.exe

C:\WINDOWS\expiorer.exe

C:\WINDOWS\AhnRpta.exe

C:\WINDOWS\system32\kavo.exe

C:\WINDOWS\system32\tavo.exe

C:\WINDOWS\system32\kamsoft.exe

C:\WINDOWS\system32\olhrwef.exe

C:\WINDOWS\system32\vamsoft.exe

C:\WINDOWS\system32\rttrwq.exe

C:\WINDOWS\system32\cvsdfw.exe

C:\archivos de programa\relevantknowledge\rlls.dll

C:\WINDOWS\system32\mstmdm.dll

y mira si este último lo tienes oculto, y si lo encuentras, envianoslo tambien, donde quiera que esté:

spoo1v.exe

(Con un inicio-> Buscar , marcando en opciones especiales fciheros ocultos y de sistema. )

~~[b]~~¿Como enviar las muestras a zonavirus? - Para ello recordar[/b]:

https://foros.zonavirus.com/viewtopic.php?f=5&t=14253

Tras recibirlos, los analizaremos e implementaremos su control y eliminacion, si procede, en nuestras utilidades, de lo cual informaremos

saludos

ms, 13-2-2009

Mensaje por **msc hotline sat** » 13 Feb 2009, 08:59

Y tiene un acceso a un servidor proxy frances..., es voluntario ??? :

195.83.11.66 FR France B3 Midi-Pyrenees Toulouse 43.6000 1.4333 RENATER Institut National des Sciences Appliquees de Toulose

Si no lo es, elimine esta clave:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.83.11.66:3128

saludos

ms, 13-2-2009

Mensaje por **msc hotline sat** » 13 Feb 2009, 14:29

Como le indicó Julibaga, tras probar el ELISTARA debe postearnos el c:\infosat.txt, para ver lo que ha realizado dicho proceso.

Y de las muestras pedidas solo recibimos esta

C:\WINDOWS\AhnRpta.exe

que corresponde al NOTEPAD.exe del XP, asi que tiene un nombre sospechco, pero su contenido no es maliciosos.

Y con el indicado informe, indiquenos si persiste alguna anomalia o ya se ha solucionado el problema, gracias

saludos

ms, 13-2-2009

arcangelet · Mensaje por **arcangelet** » 13 Feb 2009, 14:41

Hola de nuevo, y perdon por la tardanza.

Os he enviado los 4 archivos que siguen en mi ordenador, pero via mail, por que con el otro metodo, solo he podido enviar uno, como ya habeis visto.

El problema que os conaba con el messenger se ha solucionado, y lo de que aparezca el error del explorer tambien.

Por otro lado, Internet me va bastante lento ahora... (quizas necesite ser reiniciado unas cuantas veces...)

Respecto al archivo "spoo1v", no puedo buscarlo por que des de hace mucho, mi buscador de windows no funciona (se abre la ventana, pero en las opciones de arriba, solo me da la posibilidad de "archivo --> cerrar"

Por lo que respecta al infosat, tengo dos, el primero que he hecho, y uno segundo que me ha hecho el ordenador al reiniciar (habia 3 archivos que no havia podido elimnar). Os los adjunto:

Fri Feb 13 12:54:20 2009

EliStartPage v18.00 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\CKVO.EXE --> Eliminado PWS-OnLineGames.CKVO

C:\WINDOWS\SYSTEM32\CKVO0.DLL --> Eliminado PWS-OnLineGames.CKVO

C:\WINDOWS\SYSTEM32\KAMSOFT.EXE --> Eliminado PWS-OnLineGames.Kamsoft

C:\WINDOWS\SYSTEM32\GASRETYW0.DLL --> PWS-OnLineGames.Kamsoft Renombrado a .VIR

Por favor, envienos una muestra del fichero

C:\Muestras\KAVO.EXE.Muestra EliStartPage v18.00

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\KAVO.EXE --> Eliminado

Por favor, envienos una muestra del fichero

C:\Muestras\KAVO0.DLL.Muestra EliStartPage v18.00

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\KAVO0.DLL --> Eliminado

Por favor, envienos una muestra del fichero

C:\Muestras\OLHRWEF.EXE.Muestra EliStartPage v18.00

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\OLHRWEF.EXE --> Eliminado

Por favor, envienos una muestra del fichero

C:\Muestras\NMDFGDS0.DLL.Muestra EliStartPage v18.00

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\NMDFGDS0.DLL --> Renombrado a .VIR

Por favor, envienos una muestra del fichero

C:\Muestras\RTTRWQ.EXE.Muestra EliStartPage v18.00

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\RTTRWQ.EXE --> Eliminado

Por favor, envienos una muestra del fichero

C:\Muestras\MKFGHT0.DLL.Muestra EliStartPage v18.00

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\MKFGHT0.DLL --> Renombrado a .VIR

C:\WINDOWS\SYSTEM32\TAVO.EXE --> Eliminado PWS-OnLineGames.TAVO

C:\WINDOWS\SYSTEM32\TAVO0.DLL --> Eliminado PWS-OnLineGames.TAVO

C:\WINDOWS\SYSTEM32\VAMSOFT.EXE --> Eliminado PWS-OnLineGames.Vamsoft

C:\WINDOWS\SYSTEM32\VBSDFE0.DLL --> Eliminado PWS-OnLineGames.Vamsoft

C:\WINDOWS\SYSTEM32\CIUYTR0.DLL --> PWS-OnLineGames.Vamsoft Renombrado a .VIR

C:\WINDOWS\ALCMTR.EXE --> Eliminado SpyRealtek

C:\ARCHIVOS DE PROGRAMA\GIVE4FREE PLUGIN\IBHO.DLL --> Give4Free(bho) Renombrado a .VIR

C:\WINDOWS\SYSTEM32\MSTMDM.DLL --> AutoRun.Q Renombrado a .VIR

C:\WINDOWS\SYSTEM32\MSWMPDAT.TLB --> Eliminado (Fichero Complementario).

C:\WINDOWS\SYSTEM32\WINVIEW.OCX --> Eliminado (Fichero Complementario).

Entrada Eliminada [HKCU\...\Run] "cdoosoft"="C:\WINDOWS\system32\olhrwef.exe"

Entrada Eliminada [HKCU\...\Run] "ertyuop"="C:\WINDOWS\system32\rttrwq.exe"

Entrada Eliminada [HKCU\...\Run] "kamsoft"="C:\WINDOWS\system32\kamsoft.exe"

Entrada Eliminada [HKCU\...\Run] "kava"="C:\WINDOWS\system32\kavo.exe"

Entrada Eliminada [HKCU\...\Run] "tava"="C:\WINDOWS\system32\tavo.exe"

Entrada Eliminada [HKCU\...\Run] "vamsoft"="C:\WINDOWS\system32\vamsoft.exe"

Eliminada Class, "{208E7E77-507A-4649-B0C9-D39E9049C7A2}" -> C:\Archivos de programa\Give4Free Plugin\ibho.dll

Eliminada Class, "{69709D2E-C55D-424D-A89B-309E2F4A17D3}" -> C:\WINDOWS\system32\mstmdm.dll

No detectado Parche MS08-067 de Microsoft instalado. (SServidor)

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Detectado AUTORUN.INF en la Unidad (C)

open=0c2q.com

Si Desconoce la Aplicación, por favor envienosla

acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.

Detectado AUTORUN.INF en la Unidad (D)

open=0c2q.com

Si Desconoce la Aplicación, por favor envienosla

acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.

Reinicie para Completar la Limpieza.

Fri Feb 13 12:55:41 2009

EliStartPage v18.00 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

C:\F.BAT --> Eliminado, PWS-OnLineGames.CKVO

C:\39LPJI.COM --> Eliminado, PWS-OnLineGames.CKVO

C:\OV.CMD --> Eliminado, PWS-OnLineGames.CKVO

C:\KTNQUO.EXE --> Eliminado, PWS-OnLineGames.CKVO

C:\A1.BAT --> Eliminado, PWS-OnLineGames.CKVO

C:\R1Y1.BAT --> Eliminado, PWS-OnLineGames.CKVO

C:\VXL.EXE --> Eliminado, PWS-OnLineGames.CKVO

C:\1U0O8BNQ.CMD --> Eliminado, PWS-OnLineGames.CKVO

C:\B0J6J16.BAT --> Eliminado, PWS-OnLineGames.CKVO

C:\YEW.BAT --> Eliminado, PWS-OnLineGames.CKVO

C:\VVA0HC0P.CMD --> Eliminado, PWS-OnLineGames.CKVO

C:\N6T1H.CMD --> Eliminado, PWS-OnLineGames.CKVO

C:\08DGU.COM --> Eliminado, PWS-OnLineGames.CKVO

C:\BO1DHU.BAT --> Eliminado, PWS-OnLineGames.CKVO

C:\68.EXE --> Eliminado, PWS-OnLineGames.CKVO

C:\EV60A2.CMD --> Eliminado, PWS-OnLineGames.CKVO

C:\PNT.COM --> Eliminado, PWS-OnLineGames.CKVO

C:\9.CMD --> Eliminado, PWS-OnLineGames.CKVO

C:\2FIJI.COM --> Eliminado, PWS-OnLineGames.CKVO

C:\XLK9.COM --> Eliminado, PWS-OnLineGames.CKVO

C:\ABK.BAT --> Eliminado, PWS-OnLineGames.Kamsoft

C:\XIH9.CMD --> Eliminado, PWS-OnLineGames.CKVO

C:\NQ0CQ.CMD --> Eliminado, PWS-OnLineGames.CKVO

C:\SQ.COM --> Eliminado, PWS-OnLineGames.CKVO

C:\WHI.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\6FNLPETP.EXE --> Eliminado, PWS-OnLineGames.Kamsoft

C:\YANNH.CMD --> Eliminado, PWS-OnLineGames.Kamsoft

C:\IJ.BAT --> Eliminado, PWS-OnLineGames.Kamsoft

C:\O1.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\E.CMD --> Eliminado, PWS-OnLineGames.Kamsoft

C:\RCUKD.CMD --> Eliminado, PWS-OnLineGames.Kamsoft

C:\3RL3LQBQ.BAT --> Eliminado, PWS-OnLineGames.Kamsoft

C:\H3.BAT --> Eliminado, PWS-OnLineGames.Kamsoft

C:\XCISVXL.COM --> Eliminado, PWS-OnLineGames.Vamsoft

C:\P1Y2.CMD --> Eliminado, PWS-OnLineGames.Kamsoft

C:\IQE68O.BAT --> Eliminado, PWS-OnLineGames.Kamsoft

C:\IKY.BAT --> Eliminado, PWS-OnLineGames.Kamsoft

C:\1GK8HA.BAT --> Eliminado, PWS-OnLineGames.Kamsoft

C:\A2H2.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\X2TPC.CMD --> Eliminado, PWS-OnLineGames.Vamsoft

C:\M6R8V.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\2U.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\IQ.BAT --> Eliminado, PWS-OnLineGames.Olhrwef

C:\VE.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\GY.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\W98.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\UVSQFGWD.CMD --> Eliminado, PWS-OnLineGames.Olhrwef

C:\UH.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\8.BAT --> Eliminado, PWS-OnLineGames.Olhrwef

C:\BD3Q0QIX.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\OPGDE.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\POOK.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\M0VNONH.BAT --> Eliminado, PWS-OnLineGames.Olhrwef

C:\1UTBFD.BAT --> Eliminado, PWS-OnLineGames.Olhrwef

C:\2AAXAIY.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\WINDOWS\system32\TAVO1.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\WINDOWS\system32\CKVO1.DLL --> Eliminado, PWS-OnLineGames.CKVO

C:\WINDOWS\system32\GASRETYW1.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\WINDOWS\system32\CIUYTR1.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\WINDOWS\system32\GASRETYW2.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\WINDOWS\system32\VBSDFE1.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\WINDOWS\system32\VBSDFE2.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\WINDOWS\system32\NMDFGDS2.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\WINDOWS\system32\GASRETYW0.DLL.VIR --> Acceso Denegado, PWS-OnLineGames.Kamsoft (Reiniciar para Completar la Limpieza)

C:\WINDOWS\system32\CIUYTR0.DLL.VIR --> Acceso Denegado, PWS-OnLineGames.Vamsoft (Reiniciar para Completar la Limpieza)

C:\WINDOWS\system32\MSTMDM.DLL.VIR --> Acceso Denegado, AutoRun.Q (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\Realtek\InstallShield\ALCMTR.EXE --> Eliminado, SpyRealtek

C:\Archivos de programa\Give4Free Plugin\IBHO.DLL.VIR --> Eliminado, Give4Free(bho)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP336\A0047818.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP336\A0047819.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP336\A0047821.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP336\A0047822.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP336\A0047824.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP336\A0047825.INF --> Eliminado, PWS-OnLineGames.Rttrwq(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP336\A0047828.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP336\A0047829.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP336\A0047832.DLL --> Eliminado, PWS-OnLineGames

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP336\A0047833.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP336\A0047834.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP336\A0047835.CMD --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047860.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047861.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047863.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047865.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047867.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047868.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047869.INF --> Eliminado, PWS-OnLineGames.Rttrwq(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047873.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047876.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047877.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047879.CMD --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047891.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047892.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047893.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047894.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047897.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047898.INF --> Eliminado, PWS-OnLineGames.Rttrwq(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047901.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047902.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047905.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047906.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047908.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047909.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047910.CMD --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047923.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047924.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047925.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047929.INF --> Eliminado, PWS-OnLineGames.Rttrwq(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047932.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047933.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047936.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047937.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047938.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047939.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047940.CMD --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047942.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP337\A0047952.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP338\A0047975.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP338\A0047976.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP338\A0047977.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP338\A0047980.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP338\A0047981.INF --> Eliminado, PWS-OnLineGames.Rttrwq(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP338\A0047983.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP338\A0047988.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP338\A0047991.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP338\A0047992.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP338\A0048002.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP338\A0048003.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP339\A0048012.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP339\A0048015.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP339\A0048016.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP339\A0048018.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP339\A0048020.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP339\A0048021.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP339\A0048022.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP339\A0048023.INF --> Eliminado, PWS-OnLineGames.Olhrwef(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP339\A0048026.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP339\A0048028.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048062.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048063.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048064.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048066.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048068.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048069.INF --> Eliminado, PWS-OnLineGames.Rttrwq(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048072.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048074.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048077.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048078.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048089.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048090.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048092.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048094.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048096.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048097.INF --> Eliminado, PWS-OnLineGames.Rttrwq(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048100.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048101.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048104.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048105.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048108.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048109.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP340\A0048110.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP341\A0048125.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP341\A0048126.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP341\A0048128.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP341\A0048129.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP341\A0048132.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP341\A0048133.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP341\A0048140.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP341\A0048141.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP341\A0048142.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP341\A0048145.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP342\A0048166.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP342\A0048167.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP342\A0048168.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP342\A0048172.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP342\A0048173.INF --> Eliminado, PWS-OnLineGames.Kamsoft(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP342\A0048177.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP342\A0048184.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP342\A0048185.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP343\A0049166.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP343\A0049167.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP343\A0049168.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP343\A0049174.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP343\A0049178.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP343\A0049182.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP343\A0049183.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP343\A0049195.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP343\A0049196.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP343\A0049197.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP343\A0049200.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP343\A0049201.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP343\A0049202.INF --> Eliminado, PWS-OnLineGames.Kamsoft(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP343\A0049209.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP343\A0049210.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP343\A0049211.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP344\A0049228.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP344\A0049229.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP344\A0049231.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP344\A0049237.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP344\A0049239.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP344\A0049249.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP344\A0049251.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP344\A0049252.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP344\A0049256.INF --> Eliminado, PWS-OnLineGames.Kamsoft(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP344\A0049257.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP344\A0049260.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP344\A0049264.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP344\A0049265.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049275.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049276.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049277.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049281.INF --> Eliminado, PWS-OnLineGames.Olhrwef(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049284.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049285.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049288.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049289.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049295.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049305.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049306.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049308.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049314.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049316.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049318.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049319.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049324.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049329.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049345.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049346.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049349.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049354.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049356.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049358.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049359.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049375.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049376.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049378.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049381.INF --> Eliminado, PWS-OnLineGames.Kamsoft(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049384.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049385.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049388.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049389.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049397.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP349\A0049426.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP349\A0049427.INF --> Eliminado, PWS-OnLineGames.Kamsoft(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP349\A0049432.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049455.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049457.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049458.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049461.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049464.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049469.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049470.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049475.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049480.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP351\A0049506.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP351\A0049507.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP351\A0049510.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP351\A0049513.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP351\A0049514.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP351\A0049515.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP351\A0049516.INF --> Eliminado, PWS-OnLineGames.Kamsoft(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP351\A0049521.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049553.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049554.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049556.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049560.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049561.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049570.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049571.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049572.BAT --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049590.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049591.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049592.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049596.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049597.INF --> Eliminado, PWS-OnLineGames.Olhrwef(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049600.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049628.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049629.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049630.BAT --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049646.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049647.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049648.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049660.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049661.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049677.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049678.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049679.BAT --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049702.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049703.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049704.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049706.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049707.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049713.INF --> Eliminado, PWS-OnLineGames.Kamsoft(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049716.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049718.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP354\A0049739.BAT --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP354\A0049743.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049762.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049763.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049764.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049771.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049773.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049779.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049780.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049781.BAT --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049784.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049798.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049800.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049802.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049808.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049809.INF --> Eliminado, PWS-OnLineGames.Olhrwef(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049813.BAT --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049816.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049817.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049827.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049840.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049841.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049842.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049850.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049851.INF --> Eliminado, PWS-OnLineGames.Kamsoft(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049854.BAT --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049859.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049860.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP358\A0049876.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP358\A0049877.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP358\A0049878.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP358\A0049882.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP358\A0049883.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP358\A0049888.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP358\A0049889.INF --> Eliminado, PWS-OnLineGames.Olhrwef(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP358\A0049895.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049897.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049901.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049916.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049917.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049918.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049926.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049930.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049944.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049945.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049946.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049953.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049957.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049975.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049976.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049978.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049986.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049987.INF --> Eliminado, PWS-OnLineGames.Vamsoft(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049991.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049993.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049994.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049997.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050029.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050030.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050032.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050039.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050040.INF --> Eliminado, PWS-OnLineGames.Olhrwef(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050043.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050048.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050049.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050050.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050061.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050062.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050063.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050072.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050073.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050080.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050081.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050082.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050085.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050104.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050105.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050107.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050115.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050119.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050124.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050125.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050126.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050134.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050150.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050151.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050153.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050160.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050164.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050168.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050169.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP362\A0050172.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP362\A0050176.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP362\A0050182.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP362\A0050183.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050198.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050200.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050201.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050205.INF --> Eliminado, PWS-OnLineGames.Kamsoft(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050208.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050210.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050212.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050213.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050224.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050240.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050241.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050243.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050247.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050248.INF --> Eliminado, PWS-OnLineGames.Kamsoft(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050251.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050255.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050256.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050258.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0051773.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0051774.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0051776.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0051778.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0051784.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP365\A0051787.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP365\A0051788.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP365\A0051790.INF --> Eliminado, PWS-OnLineGames.Vamsoft(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051826.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051853.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051854.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051855.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051857.INF --> Eliminado, PWS-OnLineGames.Kamsoft(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051860.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051861.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052007.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052008.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052009.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052014.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052016.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052028.EXE --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052029.DLL --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052030.EXE --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052033.EXE --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052034.EXE --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052035.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052036.EXE --> Eliminado, SpyRealtek

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052037.DLL --> Eliminado, Give4Free(bho)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052038.DLL --> Eliminado, AutoRun.Q

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052040.BAT --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052041.COM --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052042.CMD --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052043.EXE --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052044.BAT --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052045.BAT --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052046.EXE --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052047.CMD --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052048.BAT --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052049.BAT --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052050.CMD --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052051.CMD --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052052.COM --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052053.BAT --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052054.EXE --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052055.CMD --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052056.COM --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052057.CMD --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052058.COM --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052059.COM --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052060.BAT --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052061.CMD --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052062.CMD --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052063.COM --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052064.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052065.EXE --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052066.CMD --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052067.BAT --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052068.COM --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052069.CMD --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052070.CMD --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052071.BAT --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052072.BAT --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052073.COM --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052074.CMD --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052075.BAT --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052076.BAT --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052077.BAT --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052078.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052079.CMD --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052080.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052081.BAT --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052082.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052083.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052084.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052085.CMD --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052086.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052087.BAT --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052088.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052089.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052090.BAT --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052091.BAT --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052092.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052093.DLL --> Eliminado, PWS-OnLineGames.TAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052094.DLL --> Eliminado, PWS-OnLineGames.CKVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052095.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052096.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052097.DLL --> Eliminado, PWS-OnLineGames.Kamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052098.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052099.DLL --> Eliminado, PWS-OnLineGames.Vamsoft

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052100.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052101.EXE --> Eliminado, SpyRealtek

Nº Total de Directorios: 7293

Nº Total de Ficheros: 70424

Nº de Ficheros Analizados: 21969

Nº de Ficheros Infectados: 499

Nº de Ficheros Limpiados: 496

Y el segundo:

Fri Feb 13 13:10:43 2009

EliStartPage v18.00 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\NMDFGDS0.DLL.VIR --> Eliminado.

C:\WINDOWS\SYSTEM32\MKFGHT0.DLL.VIR --> Eliminado.

No detectado Parche MS08-067 de Microsoft instalado. (SServidor)

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Detectado AUTORUN.INF en la Unidad (C)

open=0c2q.com

Si Desconoce la Aplicación, por favor envienosla

acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.

Detectado AUTORUN.INF en la Unidad (D)

open=0c2q.com

Si Desconoce la Aplicación, por favor envienosla

acompañada del AUTORUN.INF a "virus@satinfo.es". Gracias.

Fri Feb 13 13:11:24 2009

EliStartPage v18.00 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

C:\WINDOWS\system32\GASRETYW0.DLL.VIR.VIR --> Eliminado, PWS-OnLineGames.Kamsoft

C:\WINDOWS\system32\CIUYTR0.DLL.VIR.VIR --> Eliminado, PWS-OnLineGames.Vamsoft

C:\WINDOWS\system32\MSTMDM.DLL.VIR.VIR --> Eliminado, AutoRun.Q

Nº Total de Directorios: 7263

Nº Total de Ficheros: 69777

Nº de Ficheros Analizados: 21464

Nº de Ficheros Infectados: 3

Nº de Ficheros Limpiados: 3

Finalmente, no se como borrar lo del servidor proxy que me proponeis (lo tengo por que estube residiendo en una universidad francesa hace un par de años, pero ya no lo necesito)

Gracias de antemano y perdon por mi poca eficiencia.

Mensaje por **msc hotline sat** » 13 Feb 2009, 15:59

Pues envienos estos fichero para anañizar:

Por favor, envienos una muestra del fichero

C:\Muestras\KAVO.EXE.Muestra EliStartPage v18.00

Por favor, envienos una muestra del fichero

C:\Muestras\KAVO0.DLL.Muestra EliStartPage v18.00

Por favor, envienos una muestra del fichero

C:\Muestras\OLHRWEF.EXE.Muestra EliStartPage v18.00

Por favor, envienos una muestra del fichero

C:\Muestras\NMDFGDS0.DLL.Muestra EliStartPage v18.00

Por favor, envienos una muestra del fichero

C:\Muestras\RTTRWQ.EXE.Muestra EliStartPage v18.00

Por favor, envienos una muestra del fichero

C:\Muestras\MKFGHT0.DLL.Muestra EliStartPage v18.00

y tambien:

Detectado AUTORUN.INF en la Unidad (C)

open=0c2q.com

Si Desconoce la Aplicación, por favor envienosla

acompañada del AUTORUN.INF

o sea. el C:\0c2q.com

y el C:\AUTORUN.*

ENVIARNOSLOS SEGUN SE INDICA:

~~[b]~~¿Como enviar las muestras a zonavirus? - Para ello recordar[/b]:

https://foros.zonavirus.com/viewtopic.php?f=5&t=14253

Tras recibirlos, los analizaremos e implementaremos su control y eliminacion, si procede, en nuestras utilidades, de lo cual informaremos

y en el mismo link se explica como eliminar la clave del proxy.

Por último, como que el OMLINE GAMES es un troyano que se propaga a traves de pendrives, vacune los ordenadores y pendrives con el ELIPEN:

~~[b]~~ELIPEN.EXE[/b]

http://www.zonavirus.com/descargas/elipen.asp

Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso

sañudos

ms, 13-2-2009

arcangelet · Mensaje por **arcangelet** » 13 Feb 2009, 22:08

Os he enviado las muestras que me habeis solicitado, y los autorun.

El autorun inicialmente no me salia en C\: pero despues de executar el ELIPEN si.

Lo mismo me ocurria con el otro archivo que me pediais, pero con D\: Asi que os he mandado tambien otro archivo que he llamado "autorunD".

Tambien he eliminado lo del proxy :)

os adjunto Infosat:

Fri Feb 13 21:47:55 2009

EliPen v1.8 (c)2008 S.G.H. / Satinfo S.L.

------------------------------------------

Detectado C:\Autorun.inf

OPEN=UR0.COM

C:\Autorun.inf -> Renombrado a .OLD

Unidad C:\ Protegida

Unidad C:\ YA esta Protegida

Fri Feb 13 22:03:49 2009

EliPen v1.8 (c)2008 S.G.H. / Satinfo S.L.

------------------------------------------

Detectado D:\Autorun.inf

OPEN=0C2Q.COM

D:\Autorun.inf -> Renombrado a .OLD

Unidad D:\ Protegida

Fri Feb 13 22:04:18 2009

EliPen v1.8 (c)2008 S.G.H. / Satinfo S.L.

------------------------------------------

Unidad D:\ YA esta Protegida

El ordenador ahora va muy bien :D

Mensaje por **msc hotline sat** » 14 Feb 2009, 07:47

Pues ya con el ELIPEN se impide la propagacion de estos virus, y el lunes, en cuanto volvamos al trabajo en SATINFO, analizaremos las muestras recibidas e implementaremos su control y eliminacion en nuestras utilidades, de lo cual informaremos

Mientras, puedes añadir .VIR a la extension de estos ficheros, para que no se puedan ejecutar tras ello:

UR0.COM

0C2Q.COM

saludos

ms, 14-2-2009

arcangelet · Mensaje por **arcangelet** » 15 Feb 2009, 22:22

Como puedo encontrar el UR0.COM y el 0C2Q.COM si no me funciona el buscador de windows? es que no se donde loalizarlos. :S

Mensaje por **lucl** » 15 Feb 2009, 23:22

Mirate primero este link

https://foros.zonavirus.com/viewtopic.php?f=5&t=13245

y luego ya los buscas saludos

Mensaje por **msc hotline sat** » 16 Feb 2009, 06:11

Y este esta en C:\

EliPen v1.8 (c)2008 S.G.H. / Satinfo S.L.

------------------------------------------

Detectado C:\Autorun.inf

OPEN=UR0.COM

_______

y el otro en D:\

EliPen v1.8 (c)2008 S.G.H. / Satinfo S.L.

------------------------------------------

Detectado D:\Autorun.inf

OPEN=0C2Q.COM

ambos ocultos, para lo que habrás de sehuir los pasos indicados en el link que te ha dado lucl, o bien moverlos a C:\MUESTRAS con el ELIMOVER. indicando respectivamente

C:\UR0.COM

D:\0C2Q.COM

CON UN COPIAR Y PEGAR, selecciona cada una de las lineas anteriores y las pegas en el ELIMOVER:

ELIMOVER

http://www.zonavirus.com/descargas/elimover.asp

Y envianos tambien los dos AUTORUN.*, tanto el de C:\ como el de D:\

y para enviarnoslos:

~~[b]~~¿Como enviar las muestras a zonavirus? - Para ello recordar[/b]:

https://foros.zonavirus.com/viewtopic.php?f=5&t=14253

Tras recibirlos, los analizaremos e implementaremos su control y eliminacion, si procede, en nuestras utilidades, de lo cual informaremos

saludos

ms, 16-1-2009

Mensaje por **msc hotline sat** » 16 Feb 2009, 12:37

Recibidas las muestras solicitadas, pasamos a controlarlas con el ELISTARA de hoy 18.02, como nuevas variantes de ONLINE GAME y PROXY.OSS

[quote]
~~[b]~~ ELISTARA: [/b]

http://www.zonavirus.com/descargas/elistara.asp

Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso
[/quote]

A partir de las 19 h GMT, estará disponible en esta web, para pruebas de evaluacion en el foro de zonavirus

saludos

ms, 16-2-2009

arcangelet · Mensaje por **arcangelet** » 16 Feb 2009, 21:48

Me ha pedido reiniciar dos veces consecutivas. En Procesos me sigue apareciendo el EXPIORER.

El Infosat es:

Mon Feb 16 21:09:32 2009

EliStartPage v18.02 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 16 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Por favor, envienos una muestra del fichero

C:\Muestras\OLHRWEF.EXE.Muestra EliStartPage v18.02

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\OLHRWEF.EXE --> Eliminado

Por favor, envienos una muestra del fichero

C:\Muestras\NMDFGDS0.DLL.Muestra EliStartPage v18.02

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\NMDFGDS0.DLL --> Renombrado a .VIR

Por favor, envienos una muestra del fichero

C:\Muestras\RTTRWQ.EXE.Muestra EliStartPage v18.02

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\RTTRWQ.EXE --> Eliminado

Por favor, envienos una muestra del fichero

C:\Muestras\MKFGHT0.DLL.Muestra EliStartPage v18.02

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\MKFGHT0.DLL --> Renombrado a .VIR

Entrada Eliminada [HKCU\...\Run] "cdoosoft"="C:\WINDOWS\system32\olhrwef.exe"

Entrada Eliminada [HKCU\...\Run] "ertyuop"="C:\WINDOWS\system32\rttrwq.exe"

No detectado Parche MS08-067 de Microsoft instalado. (SServidor)

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Reinicie para Completar la Limpieza.

Mon Feb 16 21:11:24 2009

EliStartPage v18.02 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 16 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

C:\0C2Q.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\T.EXE --> Eliminado, PWS-OnLineGames.KAVO

C:\WINDOWS\system32\KAVO1.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\Archivos de programa\RelevantKnowledge\RLVKNLG.EXE --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLVKNLG.EXE.VIR --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR.VIR --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049274.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049280.EXE --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049304.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049310.EXE --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049344.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049350.EXE --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049374.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049380.EXE --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049454.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049462.EXE --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP351\A0049505.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049552.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049588.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049645.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049656.EXE --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049701.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049712.EXE --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049761.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049799.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049812.EXE --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049838.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP358\A0049875.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049914.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049943.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049974.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049985.EXE --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050028.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050060.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050103.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050149.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050197.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050204.EXE --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050239.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0051775.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0051779.INF --> Eliminado, PWS-OnLineGames.Olhrwef(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0051780.EXE --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP365\A0051789.EXE --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP365\A0051810.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP365\A0051811.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP365\A0051812.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051814.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051815.INF --> Eliminado, PWS-OnLineGames.Olhrwef(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051828.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051851.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051856.EXE --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051864.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051865.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051866.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051867.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051868.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051870.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051876.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052005.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052011.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052015.INF --> Eliminado, PWS-OnLineGames.Rttrwq(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052020.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052023.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052024.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052025.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052031.EXE --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052032.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052128.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052129.INF --> Eliminado, PWS-OnLineGames.Rttrwq(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052133.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052137.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052163.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052164.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052166.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052167.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052168.INF --> Eliminado, PWS-OnLineGames.Rttrwq(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052172.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052181.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052182.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052197.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052198.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052200.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052201.INF --> Eliminado, PWS-OnLineGames.Olhrwef(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052204.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052208.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052209.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052229.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052230.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052231.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052232.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052233.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052234.INF --> Eliminado, PWS-OnLineGames.Rttrwq(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052237.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052240.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052241.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052270.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052273.INF --> Eliminado, PWS-OnLineGames.Olhrwef(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052274.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052303.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052307.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052308.INF --> Eliminado, PWS-OnLineGames.Rttrwq(inf)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052314.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052315.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052333.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052338.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052349.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052365.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052369.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052373.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052374.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052460.COM --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052461.EXE --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052462.DLL --> Eliminado, PWS-OnLineGames.KAVO

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052463.EXE --> Eliminado, Proxy.OSS

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052464.DLL --> Eliminado, Proxy.OSS

C:\Muestras\KAVO.EXE.MUESTRA ELISTARTPAGE V18.00 --> Eliminado, PWS-OnLineGames.KAVO

C:\Muestras\KAVO0.DLL.MUESTRA ELISTARTPAGE V18.00 --> Eliminado, PWS-OnLineGames.KAVO

C:\Muestras\MKFGHT0.DLL.MUESTRA ELISTARTPAGE V18.00 --> Eliminado, PWS-OnLineGames.Rttrwq

C:\Muestras\0C2Q.COM.MUESTRA ELIMOVER V1.0.VIR --> Eliminado, PWS-OnLineGames.Rttrwq

Nº Total de Directorios: 7264

Nº Total de Ficheros: 69589

Nº de Ficheros Analizados: 21482

Nº de Ficheros Infectados: 121

Nº de Ficheros Limpiados: 116

Mon Feb 16 21:23:28 2009

EliStartPage v18.02 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 16 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\NMDFGDS0.DLL.VIR --> Eliminado.

C:\WINDOWS\SYSTEM32\MKFGHT0.DLL.VIR --> Eliminado.

No detectado Parche MS08-067 de Microsoft instalado. (SServidor)

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Mon Feb 16 21:24:07 2009

EliStartPage v18.02 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 16 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

C:\Archivos de programa\RelevantKnowledge\RLVKNLG.EXE.VIR.VIR --> Eliminado, Proxy.OSS

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR.VIR.VIR --> Eliminado, Proxy.OSS

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR.VIR --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052476.DLL --> Eliminado, Proxy.OSS

Nº Total de Directorios: 7267

Nº Total de Ficheros: 69506

Nº de Ficheros Analizados: 21396

Nº de Ficheros Infectados: 6

Nº de Ficheros Limpiados: 3

Mon Feb 16 21:34:42 2009

EliStartPage v18.02 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 16 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Por favor, envienos una muestra del fichero

C:\Muestras\OLHRWEF.EXE.Muestra EliStartPage v18.02

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\OLHRWEF.EXE --> Eliminado

Por favor, envienos una muestra del fichero

C:\Muestras\NMDFGDS0.DLL.Muestra EliStartPage v18.02

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\NMDFGDS0.DLL --> Eliminado

Entrada Eliminada [HKCU\...\Run] "cdoosoft"="C:\WINDOWS\system32\olhrwef.exe"

No detectado Parche MS08-067 de Microsoft instalado. (SServidor)

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Mon Feb 16 21:34:59 2009

EliStartPage v18.02 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 16 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR.VIR.VIR --> Eliminado, Proxy.OSS

Nº Total de Directorios: 7261

Nº Total de Ficheros: 69502

Nº de Ficheros Analizados: 21380

Nº de Ficheros Infectados: 1

Nº de Ficheros Limpiados: 1

Mensaje por **lucl** » 16 Feb 2009, 22:51

Tienes que enviarnos estos archivos que te pide elistara saludos

Por favor, envienos una muestra del fichero

C:\Muestras\OLHRWEF.EXE.Muestra EliStartPage v18.02

a "virus@satinfo.es". Gracias.

Por favor, envienos una muestra del fichero

C:\Muestras\NMDFGDS0.DLL.Muestra EliStartPage v18.02

a "virus@satinfo.es". Gracias.

Mensaje por **msc hotline sat** » 17 Feb 2009, 07:20

Pues sobre el EXPIORER elimine este fichero:

C:\WINDOWS\expiorer.exe

y ademas de los dos pedidos por lucl, envienos tambien estos otros que tambien se piden en el infosat:

Por favor, envienos una muestra del fichero

C:\Muestras\RTTRWQ.EXE.Muestra EliStartPage v18.02

C:\Muestras\MKFGHT0.DLL.Muestra EliStartPage v18.02

a "virus@satinfo.es". Gracias.

Y si tras ello aun te quedara alguno de estos ficheros, envienoslos para analizar:

C:\archivos de programa\relevantknowledge\rlvknlg.exe

C:\WINDOWS\expiorer.exe

C:\WINDOWS\AhnRpta.exe

C:\Archivos de programa\Give4Free Plugin\ibho.dll

C:\WINDOWS\system32\mstmdm.dll

C:\archivos de programa\relevantknowledge\rlls.dll

C:\WINDOWS\system32\rttrwq.exe

C:\WINDOWS\system32\cvsdfw.exe

C:\WINDOWS\system32\vamsoft.exe

C:\WINDOWS\system32\olhrwef.exe

C:\WINDOWS\system32\tavo.exe

C:\WINDOWS\system32\kamsoft.exe

Ademas, elimina estas claves:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.83.11.66:3128

O2 - BHO: Give4Free Plugin Installer - {208E7E77-507A-4649-B0C9-D39E9049C7A2} - C:\Archivos de programa\Give4Free Plugin\ibho.dll

O4 - HKLM\..\Run: [RelevantKnowledge] C:\archivos de programa\relevantknowledge\rlvknlg.exe -boot

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe

O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe

O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe

O4 - HKCU\..\Run: [ertyuop] C:\WINDOWS\system32\rttrwq.exe

O4 - HKCU\..\Run: [anhtaas] C:\WINDOWS\system32\cvsdfw.exe

O20 - Winlogon Notify: RelevantKnowledge - C:\archivos de programa\relevantknowledge\rlls.dll

O21 - SSODL: UpdateCheck - {69709D2E-C55D-424D-A89B-309E2F4A17D3} - C:\WINDOWS\system32\mstmdm.dll

O23 - Service: Windows Management Prints System (spoo1v) - Unknown owner - spoo1v.exe (file missing)

~~[b]~~¿Como enviar las muestras a zonavirus? - Para ello recordar[/b]:

https://foros.zonavirus.com/viewtopic.php?f=5&t=14253

saludos

ms, 17-2-2009

Mensaje por **msc hotline sat** » 17 Feb 2009, 16:02

Recibidas nuevas muestras, implementamos en la version de hoy del ELISTARA 18.03, nuevas variantes del ONLINE GAMES y del Proxy que nos has enviado.

[quote]
~~[b]~~ ELISTARA: [/b]

http://www.zonavirus.com/descargas/elistara.asp

Tras probarlo, reiniciar y postearnos el contenido de C:\infosat.txt para ver el resultado del proceso
[/quote]

A partir de las 19 h GMT, estará disponible en esta web, para pruebas de evaluacion en el foro de zonavirus

saludos

ms, 17-2-2009

Mensaje por **msc hotline sat** » 17 Feb 2009, 19:18

Ya hemos subido la version 18.03 del ELISTARA

Tras descargarla, pruebal y nos coimentas el resultado, gracias

saludos

ms, 17-2-2009

arcangelet · Mensaje por **arcangelet** » 17 Feb 2009, 21:51

Hola! He aplicado el Elistara y me pedia reiniciar para seguir eliminando cosas. Tras hacerlo y ver que me lo volvia a pedir constantemente sin eliminar algun archivo, he optado por cerrar procesos para ver si asi el programa podia (no se si he hecho bien). EL caso es que el RLVKNLG si que lo ha eliminado haciendo esto, pero el RLLS no hay manera.

El expiorer no lo elimina por que tampoco lo capta como archivo infectado :S

Aqui los infosat:

Tue Feb 17 20:53:19 2009

EliStartPage v18.03 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 17 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Por favor, envienos una muestra del fichero

C:\Muestras\OLHRWEF.EXE.Muestra EliStartPage v18.03

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\OLHRWEF.EXE --> Eliminado

Por favor, envienos una muestra del fichero

C:\Muestras\NMDFGDS0.DLL.Muestra EliStartPage v18.03

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\NMDFGDS0.DLL --> Renombrado a .VIR

Entrada Eliminada [HKCU\...\Run] "cdoosoft"="C:\WINDOWS\system32\olhrwef.exe"

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Reinicie para Completar la Limpieza.

Tue Feb 17 20:53:28 2009

EliStartPage v18.03 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 17 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

C:\QPHDIN.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\S39TG.CMD --> Eliminado, PWS-OnLineGames.Rttrwq

C:\Archivos de programa\RelevantKnowledge\RLVKNLG.EXE --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLVKNLG.EXE.VIR --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR.VIR --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052396.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052415.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052416.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052423.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052424.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052431.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052433.CMD --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052448.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052449.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052450.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052451.CMD --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052454.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052456.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052457.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052481.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052490.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052491.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052502.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052504.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052527.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052560.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052566.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052568.CMD --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052584.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052585.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052603.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052604.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052606.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052607.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052608.CMD --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052610.EXE --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052611.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052701.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052722.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052723.CMD --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052725.EXE --> Eliminado, Proxy.OSS

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052726.DLL --> Eliminado, Proxy.OSS

C:\Muestras\OLHRWEF.EXE.MUESTRA ELISTARTPAGE V18.02 --> Eliminado, PWS-OnLineGames.Olhrwef

C:\Muestras\NMDFGDS0.DLL.MUESTRA ELISTARTPAGE V18.02 --> Eliminado, PWS-OnLineGames.Olhrwef

C:\Muestras\RTTRWQ.EXE.MUESTRA ELISTARTPAGE V18.02 --> Eliminado, PWS-OnLineGames.Rttrwq

C:\Muestras\MKFGHT0.DLL.MUESTRA ELISTARTPAGE V18.02 --> Eliminado, PWS-OnLineGames.Rttrwq

C:\Muestras\MKFGHT0.DLL.MUESTRA ELISTARTPAGE V18.00 --> Eliminado, PWS-OnLineGames.Rttrwq

Nº Total de Directorios: 7273

Nº Total de Ficheros: 69893

Nº de Ficheros Analizados: 21543

Nº de Ficheros Infectados: 49

Nº de Ficheros Limpiados: 44

Tue Feb 17 21:03:33 2009

EliStartPage v18.03 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 17 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Por favor, envienos una muestra del fichero

C:\Muestras\OLHRWEF.EXE.Muestra EliStartPage v18.03

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\OLHRWEF.EXE --> Eliminado

C:\WINDOWS\SYSTEM32\NMDFGDS0.DLL.VIR --> Eliminado.

Entrada Eliminada [HKCU\...\Run] "cdoosoft"="C:\WINDOWS\system32\olhrwef.exe"

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Tue Feb 17 21:03:39 2009

EliStartPage v18.03 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 17 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

C:\Archivos de programa\RelevantKnowledge\RLVKNLG.EXE.VIR.VIR --> Eliminado, Proxy.OSS

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR.VIR.VIR --> Eliminado, Proxy.OSS

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLVKNLG.EXE --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLVKNLG.EXE.VIR --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR.VIR --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052740.DLL --> Eliminado, Proxy.OSS

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052741.EXE --> Eliminado, Proxy.OSS

Nº Total de Directorios: 7277

Nº Total de Ficheros: 69884

Nº de Ficheros Analizados: 21533

Nº de Ficheros Infectados: 9

Nº de Ficheros Limpiados: 4

Tue Feb 17 21:12:28 2009

EliStartPage v18.03 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 17 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Tue Feb 17 21:12:30 2009

EliStartPage v18.03 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 17 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

C:\Archivos de programa\RelevantKnowledge\RLVKNLG.EXE.VIR.VIR --> Eliminado, Proxy.OSS

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR.VIR.VIR --> Eliminado, Proxy.OSS

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLVKNLG.EXE --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLVKNLG.EXE.VIR --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR.VIR --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052755.DLL --> Eliminado, Proxy.OSS

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052756.EXE --> Eliminado, Proxy.OSS

Nº Total de Directorios: 7277

Nº Total de Ficheros: 69900

Nº de Ficheros Analizados: 21541

Nº de Ficheros Infectados: 9

Nº de Ficheros Limpiados: 4

Tue Feb 17 21:21:56 2009

EliStartPage v18.03 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 17 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Tue Feb 17 21:21:58 2009

EliStartPage v18.03 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 17 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

C:\Archivos de programa\RelevantKnowledge\RLVKNLG.EXE.VIR.VIR --> Eliminado, Proxy.OSS

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR.VIR.VIR --> Eliminado, Proxy.OSS

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLVKNLG.EXE --> Eliminado, Proxy.OSS

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR.VIR --> Acceso Denegado, Proxy.OSS (Reiniciar para Completar la Limpieza)

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052771.DLL --> Eliminado, Proxy.OSS

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052772.EXE --> Eliminado, Proxy.OSS

Nº Total de Directorios: 7275

Nº Total de Ficheros: 69896

Nº de Ficheros Analizados: 21532

Nº de Ficheros Infectados: 8

Nº de Ficheros Limpiados: 5

Tue Feb 17 21:33:25 2009

EliStartPage v18.03 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 17 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Tue Feb 17 21:33:34 2009

EliStartPage v18.03 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 17 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

C:\Archivos de programa\RelevantKnowledge\RLLS.DLL.VIR.VIR.VIR --> Eliminado, Proxy.OSS

Nº Total de Directorios: 7272

Nº Total de Ficheros: 69902

Nº de Ficheros Analizados: 21528

Nº de Ficheros Infectados: 1

Nº de Ficheros Limpiados: 1

arcangelet · Mensaje por **arcangelet** » 17 Feb 2009, 22:23

Retiro lo dicho, el RLLS tambien ha sido eliminado. Solo queda el expiorer.

El ordenador va genial, internet va muy rapido, etc... Hay que eliminar el expiorer?

Gracias por todo. Adjunto ultimo infosat realizado:

Tue Feb 17 22:01:08 2009

EliStartPage v18.03 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 17 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Por favor, envienos una muestra del fichero

C:\Muestras\OLHRWEF.EXE.Muestra EliStartPage v18.03

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\OLHRWEF.EXE --> Eliminado

Por favor, envienos una muestra del fichero

C:\Muestras\NMDFGDS0.DLL.Muestra EliStartPage v18.03

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\NMDFGDS0.DLL --> Renombrado a .VIR

Entrada Eliminada [HKCU\...\Run] "cdoosoft"="C:\WINDOWS\system32\olhrwef.exe"

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Reinicie para Completar la Limpieza.

Tue Feb 17 22:01:17 2009

EliStartPage v18.03 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 17 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

Nº Total de Directorios: 7266

Nº Total de Ficheros: 69919

Nº de Ficheros Analizados: 21560

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

Tue Feb 17 22:11:32 2009

EliStartPage v18.03 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 17 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Por favor, envienos una muestra del fichero

C:\Muestras\OLHRWEF.EXE.Muestra EliStartPage v18.03

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\OLHRWEF.EXE --> Eliminado

C:\WINDOWS\SYSTEM32\NMDFGDS0.DLL.VIR --> Eliminado.

Por favor, envienos una muestra del fichero

C:\Muestras\NMDFGDS0.DLL.Muestra EliStartPage v18.03

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\NMDFGDS0.DLL --> Eliminado

Entrada Eliminada [HKCU\...\Run] "cdoosoft"="C:\WINDOWS\system32\olhrwef.exe"

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Tue Feb 17 22:11:41 2009

EliStartPage v18.03 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 17 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

Nº Total de Directorios: 7263

Nº Total de Ficheros: 69918

Nº de Ficheros Analizados: 21565

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

Mensaje por **lucl** » 17 Feb 2009, 22:45

Sobre el expiorer ya te dijo Msc que lo podias eliminar asi que hazlo tranquilamente y envianos estas muestras que te vuelve a pedir elistara

Por favor, envienos una muestra del fichero

C:\Muestras\OLHRWEF.EXE.Muestra EliStartPage v18.03

Por favor, envienos una muestra del fichero

C:\Muestras\NMDFGDS0.DLL.Muestra EliStartPage v18.03

saludos

Mensaje por **msc hotline sat** » 18 Feb 2009, 07:17

Sí, no sabemos quien o qué lo genera, peo este EXPIORER es una copia del NOTEPAD.EXE del sistema operativo ...

Y curiosamente parece que tienes algo que está mutando este ONLINE GAMES, pues ficheros con el mismo nombre ya los estamos controlando, y cada vez son diferentes:

C:\Muestras\OLHRWEF.EXE.Muestra EliStartPage v18.03

C:\Muestras\NMDFGDS0.DLL.Muestra EliStartPage v18.03

C:\Muestras\OLHRWEF.EXE.MUESTRA ELISTARTPAGE V18.02 --> Eliminado, PWS-OnLineGames.Olhrwef

C:\Muestras\NMDFGDS0.DLL.MUESTRA ELISTARTPAGE V18.02 --> Eliminado, PWS-OnLineGames.Olhrwef

C:\WINDOWS\SYSTEM32\OLHRWEF.EXE --> Eliminado

C:\WINDOWS\SYSTEM32\NMDFGDS0.DLL --> Renombrado a .VIR

y son todos diferentes, claro...

Bueno, veremos estas nuevas muestras, a ver si encontramos algo comun que podamos cazarlas todas de golpe :mrgreen:

saludos

ms, 18-2-2009

arcangelet · Mensaje por **arcangelet** » 18 Feb 2009, 10:15

Hola! He enviado las muestras. Os he mandado todas las que me salen en esa carpeta (6 en total), los dos archivos que me pediis salen repetidos.

Después de mandaros las muestras y hacer todo lo que me deciis, debo borrar las muestras que hay en esa carpeta cada vez?

Por lo del expiorer, lo que hago es finalizar el proceso, y posteriormente eliminar el archivo, pero al reiniciar vuelve a estar ahi.

Saludos!

Mensaje por **msc hotline sat** » 18 Feb 2009, 12:37

Sí, el EXPIORER es una copia del NOTEPAD. que algo se lo genera, pero quien o qué ??? Esperemos que cuando hayamos limpiado del todo el ordenador, deje de hacerlo, sino bloquearemos su creacion, pero tampoco es grave ya que no es vírico.

Y en cuanto recibamos las muestras les daremos prioridad.

saludos

ms, 18-2-2009

Mensaje por **msc hotline sat** » 18 Feb 2009, 18:40

Subida la version 18.04 del ELISTARA con la que se controlan las ultimas muestras recibidas.

Tras descargarla y probarla, postearnos el C:\infosat.txt, gracias

saludos

ms, 18-2-2009

arcangelet · Mensaje por **arcangelet** » 19 Feb 2009, 02:18

Aqui lo teneis. EL expiorer sigue campando a sus anchas.

Thu Feb 19 02:01:32 2009

EliStartPage v18.04 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 18 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Por favor, envienos una muestra del fichero

C:\Muestras\OLHRWEF.EXE.Muestra EliStartPage v18.04

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\OLHRWEF.EXE --> Eliminado

Por favor, envienos una muestra del fichero

C:\Muestras\NMDFGDS0.DLL.Muestra EliStartPage v18.04

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\NMDFGDS0.DLL --> Eliminado

Entrada Eliminada [HKCU\...\Run] "cdoosoft"="C:\WINDOWS\system32\olhrwef.exe"

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Thu Feb 19 02:01:45 2009

EliStartPage v18.04 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 18 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

C:\HYETN1I.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\32O3.CMD --> Eliminado, PWS-OnLineGames.Rttrwq

C:\UR0.COM.VIR --> Eliminado, PWS-OnLineGames.Olhrwef

C:\WINDOWS\system32\MKFGHT1.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052268.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052272.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052280.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052281.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052302.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052306.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052312.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052313.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052332.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052337.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052344.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052345.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052364.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052367.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052368.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052428.COM --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052459.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052637.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052639.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052664.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052665.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052667.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052668.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052694.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052695.CMD --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052697.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052698.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052718.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052719.CMD --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052721.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052739.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052794.CMD --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052816.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052818.CMD --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052820.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052829.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052830.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052841.CMD --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052850.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052853.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052854.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052855.CMD --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052879.DLL --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP370\A0052904.EXE --> Eliminado, PWS-OnLineGames.Olhrwef

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP370\A0052905.CMD --> Eliminado, PWS-OnLineGames.Rttrwq

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP370\A0052906.DLL --> Eliminado, PWS-OnLineGames.Rttrwq

C:\Muestras\OLHRWEF.EXE.MUESTRA ELISTARTPAGE V18.00 --> Eliminado, PWS-OnLineGames.Olhrwef

C:\Muestras\NMDFGDS0.DLL.MUESTRA ELISTARTPAGE V18.00 --> Eliminado, PWS-OnLineGames.Olhrwef

C:\Muestras\RTTRWQ.EXE.MUESTRA ELISTARTPAGE V18.00 --> Eliminado, PWS-OnLineGames.Rttrwq

C:\Muestras\UR0.COM.MUESTRA ELIMOVER V1.0.VIR --> Eliminado, PWS-OnLineGames.Olhrwef

C:\Muestras\OLHRWEF.EXE.MUESTRA ELISTARTPAGE V18.03 --> Eliminado, PWS-OnLineGames.Olhrwef

C:\Muestras\NMDFGDS0.DLL.MUESTRA ELISTARTPAGE V18.03 --> Eliminado, PWS-OnLineGames.Olhrwef

Nº Total de Directorios: 7358

Nº Total de Ficheros: 73020

Nº de Ficheros Analizados: 21648

Nº de Ficheros Infectados: 56

Nº de Ficheros Limpiados: 56

Mensaje por **msc hotline sat** » 19 Feb 2009, 07:11

Pues viendo que no cambia Vd algun habito que le reproduce continuas nuevas variantes del ONLINE GAME (alguna web que visita, alguna aplicacion que ejecuta... ???), aparte de enviarnos las muestras de hoy:

Por favor, envienos una muestra del fichero

C:\Muestras\OLHRWEF.EXE.Muestra EliStartPage v18.04

Por favor, envienos una muestra del fichero

C:\Muestras\NMDFGDS0.DLL.Muestra EliStartPage v18.04

Vamos a impedir que vuelvan a generarse estos ficheros, para lo que, tras enviarnoslos, arranque en modo seguro, renombre, si los vuelve a tener, estos dos ficheros a .VIR:

C:\WINDOWS\SYSTEM32\OLHRWEF.EXE

C:\WINDOWS\SYSTEM32\NMDFGDS0.DLL

y en la misma sesion, vaya a la carpeta de sistema C:\WINDOWS\SYSTEM32\ y alli cree dos carpetas con dichos nombres, OLHRWEF.EXE y NMDFGDS0.DLL , para que no puedan crearse de nuevo dichos ficheros. Ello será un parche, pero que servirá para frenar la continua regeneracion, por la causa que sea, de este malware.

Luego reinicie normalmente y vea que se mantiene dicha carpeta, pero que no se han creado nuevos ficheros al respecto, claro.

A continuacion conviene lanzar un AV ONLINE, a ver si aparece algo sospechoso, y nos postea el informe resultante:

http://www.kaspersky.com/kos/english/kavwebscan.html

y seleccionar MY COMPUTER para escanearlo todo. Si no se tiene la version de Java actualizada, a la izquierda de la ventana que presenta dicho acceso, ofrecen link de descarga...

Dicho AV ONLINE no limpia, solo testea, asi que lo que pretendemos con ello es solo el informe, ya obraremos en consecuencia. ms.

[img]http://img.photobucket.com/albums/v666/sUBs/Kas-SaveReport-1.gif[/img]

saludos

ms, 19-2-2009

arcangelet · Mensaje por **arcangelet** » 19 Feb 2009, 19:06

hola!

Os cuento: los dos archivos que me pediis que renombre, el ordenador no me los encuentra. Lo curioso es que si creo la carpeta dice que ya existen. intento hacer lo de mostrar los ocultos tal y como me mostrasteis, pero no sale nada (y me llama la atencion que al volver a intentar hacerlo, vuelve a salir marcado que no se muestren los archivos ocultos).

Pese a ello, al ejecutar el olhrwef.exe (con la opcion "ejecutar" i poniendo el nombre), entonces aparece el famoso dll. Asi que lo he renombrado i he puesto ujna carpeta con el nombre nmdfgds0.dll como me dijisteis. El problema es que si se vuelve a ejecutar sale otro con el nombre nmdfgds1.dll, etc, etc, etc

las muestras ya os las he mandado, y lo del kaspersky, aqui va:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Thursday, February 19, 2009

Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Thursday, February 19, 2009 13:24:28

Records in database: 1815733

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

Scan statistics:

Files scanned: 75349

Threat name: 129

Infected objects: 519

Suspicious objects: 0

Duration of the scan: 01:41:56

File name / Threat name / Threats count

C:\WINDOWS\system32\haozs0.dll/C:\WINDOWS\system32\haozs0.dll Infected: Trojan-GameThief.Win32.Magania.asgh 29

C:\WINDOWS\system32\reek8.dll/C:\WINDOWS\system32\reek8.dll Infected: Trojan.Win32.Genome.hup 1

C:\WINDOWS\system32\reek8.dll Infected: Trojan.Win32.Genome.hup 1

C:\WINDOWS\system32\ZLLNLGC.DLL Infected: Trojan-Downloader.Win32.Agent.mnz 1

C:\WINDOWS\system32\Bitkv1.dll Infected: Packed.Win32.Krap.b 1

C:\WINDOWS\system32\ckvo2.dll Infected: Trojan-GameThief.Win32.Magania.ajgo 1

C:\WINDOWS\system32\Bitkv0.dll Infected: Trojan-GameThief.Win32.Magania.ahcx 1

C:\WINDOWS\system32\haozs0.dll Infected: Trojan-GameThief.Win32.Magania.asgh 1

C:\WINDOWS\system32\haozs1.dll Infected: Trojan-GameThief.Win32.Magania.arrl 1

C:\rjx0.exe Infected: Worm.Win32.AutoRun.mhw 1

C:\Archivos de programa\Trend Micro\HijackThis\backups\backup-20080327-134753-375.dll Infected: Trojan.Win32.Agent.bkk 1

C:\Archivos de programa\Give4Free Plugin\uninstall.exe Infected: not-a-virus:AdWare.Win32.Chiem.c 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049290.exe Infected: Trojan-GameThief.Win32.Magania.aues 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049291.DLL Infected: Trojan-GameThief.Win32.Magania.auev 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049292.exe Infected: Trojan-GameThief.Win32.Magania.aujw 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049293.DLL Infected: Trojan-GameThief.Win32.Magania.aupt 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049294.DLL Infected: Trojan-Downloader.Win32.FraudLoad.dbh 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049320.exe Infected: Trojan.Win32.Agent.bokp 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049321.exe Infected: Trojan.Win32.Pakes.mwh 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049322.DLL Infected: Trojan-GameThief.Win32.Magania.aunu 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049323.DLL Infected: Trojan-GameThief.Win32.Magania.auoe 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049326.bat Infected: Trojan.Win32.Agent.bokp 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049328.DLL Infected: Trojan-GameThief.Win32.Magania.aunr 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049360.exe Infected: Trojan.Win32.Pakes.mwh 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049361.exe Infected: Trojan.Win32.Agent.bokp 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049362.DLL Infected: Trojan-GameThief.Win32.Magania.auoe 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049363.DLL Infected: Trojan-GameThief.Win32.Magania.aunu 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049364.bat Infected: Trojan.Win32.Agent.bokp 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049390.exe Infected: Trojan.Win32.Agent.bokp 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049391.exe Infected: Trojan.Win32.Pakes.mwh 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049392.DLL Infected: Trojan-GameThief.Win32.Magania.aunu 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049393.DLL Infected: Trojan-GameThief.Win32.Magania.auoe 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049394.bat Infected: Trojan.Win32.Agent.bokp 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049396.DLL Infected: Trojan-GameThief.Win32.Magania.aunr 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP349\A0049430.bat Infected: Trojan.Win32.Agent.bokp 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049471.exe Infected: Trojan.Win32.Pakes.mwh 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049472.exe Infected: Trojan.Win32.Agent.bokp 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049473.DLL Infected: Trojan-GameThief.Win32.Magania.auoe 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049474.DLL Infected: Trojan-GameThief.Win32.Magania.aunu 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049477.bat Infected: Trojan.Win32.Agent.bokp 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049479.DLL Infected: Trojan-GameThief.Win32.Magania.aunr 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP351\A0049511.dll Infected: Trojan-GameThief.Win32.Magania.aunu 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP351\A0049512.dll Infected: Trojan-GameThief.Win32.Magania.aunt 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP351\A0049519.bat Infected: Trojan.Win32.Agent.bokp 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP351\A0049522.DLL Infected: Trojan-GameThief.Win32.Magania.aunr 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049557.dll Infected: Trojan-GameThief.Win32.Magania.aunt 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049558.dll Infected: Trojan-GameThief.Win32.Magania.aunu 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049566.bat Infected: Trojan.Win32.Agent.bokp 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049569.DLL Infected: Trojan-GameThief.Win32.Magania.aunr 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049594.DLL Infected: Trojan-GameThief.Win32.Magania.aunu 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049595.DLL Infected: Trojan-GameThief.Win32.Magania.aunt 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049602.bat Infected: Trojan.Win32.Agent.bokp 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049627.DLL Infected: Trojan-GameThief.Win32.Magania.auxd 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049664.exe Infected: Trojan.Win32.Agent.bokp 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049665.exe Infected: Trojan-GameThief.Win32.Magania.auns 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049666.DLL Infected: Trojan-GameThief.Win32.Magania.aunu 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049667.DLL Infected: Trojan-GameThief.Win32.Magania.aunt 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049668.bat Infected: Trojan.Win32.Agent.bokp 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049676.DLL Infected: Trojan-GameThief.Win32.Magania.auxd 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049719.exe Infected: Trojan-GameThief.Win32.Magania.auvu 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049720.exe Infected: Trojan-GameThief.Win32.Magania.aupq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049721.DLL Infected: Trojan-GameThief.Win32.Magania.auyi 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049722.DLL Infected: Trojan-GameThief.Win32.Magania.aupq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049738.DLL Infected: Trojan-GameThief.Win32.Magania.auxd 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP354\A0049745.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049765.DLL Infected: Trojan-GameThief.Win32.Magania.auvq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049766.DLL Infected: Trojan-GameThief.Win32.Magania.auvs 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049777.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049783.DLL Infected: Trojan-GameThief.Win32.Magania.auxd 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049818.exe Infected: Trojan-GameThief.Win32.Magania.autz 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049819.exe Infected: Trojan-GameThief.Win32.Magania.autw 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049820.DLL Infected: Trojan-GameThief.Win32.Magania.auvq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049821.DLL Infected: Trojan-GameThief.Win32.Magania.auvs 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049822.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049826.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049843.DLL Infected: Trojan-GameThief.Win32.Magania.auvq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049844.DLL Infected: Trojan-GameThief.Win32.Magania.auvs 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049855.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049858.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP358\A0049879.DLL Infected: Trojan-GameThief.Win32.Magania.auvq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP358\A0049881.DLL Infected: Trojan-GameThief.Win32.Magania.auvs 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP358\A0049892.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP358\A0049894.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049903.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049920.DLL Infected: Trojan-GameThief.Win32.Magania.auvq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049921.DLL Infected: Trojan-GameThief.Win32.Magania.auvs 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049932.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049947.DLL Infected: Trojan-GameThief.Win32.Magania.auvq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049958.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049961.exe Infected: Trojan-GameThief.Win32.Magania.autz 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049962.dll Infected: Trojan-GameThief.Win32.Magania.aupt 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049979.DLL Infected: Trojan-GameThief.Win32.Magania.auvs 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049995.exe Infected: Trojan-GameThief.Win32.Magania.autw 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049996.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050033.DLL Infected: Trojan-GameThief.Win32.Magania.auvq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050045.bat Infected: Trojan-GameThief.Win32.Magania.auyl 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050047.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050064.DLL Infected: Trojan-GameThief.Win32.Magania.auyq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050066.DLL Infected: Trojan-GameThief.Win32.Magania.auyr 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050078.bat Infected: Trojan-GameThief.Win32.Magania.auyl 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050084.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050108.DLL Infected: Trojan-GameThief.Win32.Magania.auyq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050110.DLL Infected: Trojan-GameThief.Win32.Magania.auyr 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050121.bat Infected: Trojan-GameThief.Win32.Magania.auyl 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050133.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050154.DLL Infected: Trojan-GameThief.Win32.Magania.auyq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050166.bat Infected: Trojan-GameThief.Win32.Magania.auyl 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050170.exe Infected: Trojan-GameThief.Win32.Magania.auyl 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050171.dll Infected: Trojan-GameThief.Win32.Magania.auyq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP362\A0050178.bat Infected: Trojan-GameThief.Win32.Magania.auyl 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP362\A0050180.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050214.exe Infected: Trojan-GameThief.Win32.Magania.auym 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050215.DLL Infected: Trojan-GameThief.Win32.Magania.auyr 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050216.exe Infected: Trojan-GameThief.Win32.Magania.auyl 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050217.DLL Infected: Trojan-GameThief.Win32.Magania.auyq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050218.bat Infected: Trojan-GameThief.Win32.Magania.auyl 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050223.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050244.DLL Infected: Trojan-GameThief.Win32.Magania.auyq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050246.DLL Infected: Trojan-GameThief.Win32.Magania.auyr 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050252.bat Infected: Trojan-GameThief.Win32.Magania.auyl 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050257.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP365\A0051795.exe Infected: Trojan-GameThief.Win32.Magania.auym 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP365\A0051796.exe Infected: Trojan-GameThief.Win32.Magania.auyl 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP365\A0051797.DLL Infected: Trojan-GameThief.Win32.Magania.auyr 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP365\A0051798.DLL Infected: Trojan-GameThief.Win32.Magania.auyq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP365\A0051809.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051875.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052010.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052022.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052127.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052132.dll Infected: Trojan-GameThief.Win32.Magania.auyr 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052139.exe Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052140.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052162.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052173.dll Infected: Trojan-GameThief.Win32.Magania.auyq 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052180.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052196.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052206.exe Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052207.dll Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052213.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052239.exe Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052243.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052267.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052278.exe Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052279.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052331.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052342.exe Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052343.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052348.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052371.exe Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052372.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052375.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052393.dll Infected: Trojan-GameThief.Win32.Magania.avea 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052395.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052414.DLL Infected: Packed.Win32.Krap.g 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052418.cmd Infected: Trojan-GameThief.Win32.Magania.aved 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052420.exe Infected: Trojan-GameThief.Win32.Magania.avee 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052421.DLL Infected: Trojan-GameThief.Win32.Magania.avea 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052422.DLL Infected: Trojan-GameThief.Win32.Magania.avfo 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052455.dll Infected: Trojan-GameThief.Win32.Magania.aven 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052458.DLL Infected: Trojan-GameThief.Win32.Magania.avfo 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052477.DLL Infected: Trojan-GameThief.Win32.Magania.avfo 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052501.DLL Infected: Trojan-GameThief.Win32.Magania.avfo 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052583.DLL Infected: Trojan-GameThief.Win32.Magania.avfo 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052614.DLL Infected: Trojan-GameThief.Win32.Magania.avfo 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052636.DLL Infected: Trojan-GameThief.Win32.Magania.avfo 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052874.CMD Infected: Trojan.Win32.Agent.bres 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052876.exe Infected: Trojan.Win32.Agent.bres 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP370\A0052883.cmd Infected: Trojan.Win32.Agent.bres 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP370\A0052902.EXE Infected: Trojan.Win32.Agent.bres 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP370\A0052919.CMD Infected: Trojan.Win32.Agent.bres 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP370\A0052941.CMD Infected: Trojan.Win32.Agent.bres 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP371\A0052968.cmd Infected: Trojan.Win32.Agent.bres 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP372\A0053152.cmd Infected: Trojan.Win32.Agent.bres 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP372\A0053236.CMD Infected: Trojan.Win32.Agent.bres 1

C:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP372\A0053240.exe Infected: Trojan.Win32.Agent.bres 1

C:\iwjj.com Infected: Trojan-GameThief.Win32.OnLineGames.arxl 1

C:\okhr.exe Infected: Worm.Win32.AutoRun.eqn 1

C:\ypjq1.cmd Infected: Trojan-GameThief.Win32.OnLineGames.thof 1

C:\xk2n.bat Infected: Packed.Win32.Krap.b 1

C:\sasyg1y8.com Infected: Worm.Win32.AutoRun.nts 1

C:\9yqusig.bat Infected: Trojan.Win32.Inject.ibr 1

C:\0u.cmd Infected: Worm.Win32.AutoRun.owt 1

C:\fe.bat Infected: Packed.Win32.Krap.b 1

C:\qkarc.exe Infected: Packed.Win32.Krap.b 1

C:\wjlfhtfm.cmd Infected: Worm.Win32.AutoRun.plu 1

C:\nfdmg.com Infected: Trojan-GameThief.Win32.OnLineGames.tmbd 1

C:\nq.bat Infected: Worm.Win32.AutoRun.pgb 1

C:\otyh.cmd Infected: Trojan-GameThief.Win32.OnLineGames.tmjh 1

C:\uxkktr.cmd Infected: Worm.Win32.AutoRun.pzg 1

C:\e.exe Infected: Trojan.Win32.Agent.agnx 1

C:\2go30q.com Infected: Trojan-GameThief.Win32.Magania.aixg 1

C:\gx.com Infected: Trojan-GameThief.Win32.Magania.ahqp 1

C:\ewatr.cmd Infected: Trojan-GameThief.Win32.Magania.aihv 1

C:\b.cmd Infected: Worm.Win32.AutoRun.rme 1

C:\prjydpe.cmd Infected: Packed.Win32.Krap.b 1

C:\6.bat Infected: Trojan-GameThief.Win32.Magania.ajjb 1

C:\fphj6j31.bat Infected: Packed.Win32.Krap.b 1

C:\lky.exe Infected: Trojan-GameThief.Win32.Magania.akhs 1

C:\bt8vuaw.com Infected: Trojan-GameThief.Win32.OnLineGames.tsol 1

C:\g.exe Infected: Trojan-GameThief.Win32.Magania.akei 1

C:\u6k.cmd Infected: Trojan-GameThief.Win32.Magania.alpz 1

C:\hupxj.bat Infected: Trojan.Win32.Agent.arqd 1

C:\m2nl.bat Infected: Packed.Win32.Krap.b 1

C:\ncyrf.bat Infected: Packed.Win32.Krap.b 1

C:\g8rruyw.exe Infected: Trojan-GameThief.Win32.Magania.amki 1

C:\2h60k.cmd Infected: Trojan-GameThief.Win32.Magania.amlf 1

C:\iok.exe Infected: Trojan-GameThief.Win32.Magania.anyq 1

C:\fvbk.exe Infected: Trojan.Win32.Inject.kzt 1

C:\iw.bat Infected: Trojan-GameThief.Win32.OnLineGames.txvh 1

C:\d.bat Infected: Trojan-Downloader.Win32.Agent.atvy 1

C:\wjlc.exe Infected: Trojan-GameThief.Win32.Magania.amvl 1

C:\6j2j.com Infected: Trojan-GameThief.Win32.Magania.aoqe 1

C:\300y.cmd Infected: Worm.Win32.AutoRun.vzm 1

C:\xn9uu8.exe Infected: Trojan-GameThief.Win32.Magania.arrj 1

C:\yq00tht.exe Infected: Trojan-GameThief.Win32.Magania.asnh 1

C:\3dohrt.com Infected: Trojan-GameThief.Win32.Magania.aujw 1

C:\r120.bat Infected: Trojan-GameThief.Win32.Magania.aupq 1

C:\px.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

C:\gnc.bat Infected: Trojan-GameThief.Win32.Magania.auyl 1

C:\Muestras\OLHRWEF.EXE.Muestra EliStartPage v18.04 Infected: Trojan.Win32.Agent.bres 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP365\A0051791.exe Infected: Trojan-GameThief.Win32.Magania.asgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP365\A0051792.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP365\A0051793.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP365\A0051813.com Infected: Trojan-GameThief.Win32.Magania.avbc 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051816.com Infected: Packed.Win32.Krap.g 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051827.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051829.com Infected: Trojan-GameThief.Win32.Magania.avbc 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051858.exe Infected: Trojan-GameThief.Win32.Magania.asgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051859.inf Infected: Worm.Win32.AutoRun.vnq 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051862.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051863.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051869.com Infected: Trojan-GameThief.Win32.Magania.avbc 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP366\A0051871.com Infected: Packed.Win32.Krap.g 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052017.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052019.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052021.com Infected: Packed.Win32.Krap.g 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052026.com Infected: Trojan-GameThief.Win32.Magania.avbc 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052130.com Infected: Trojan-GameThief.Win32.Magania.avbc 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052138.com Infected: Packed.Win32.Krap.g 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052169.com Infected: Packed.Win32.Krap.g 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052170.com Infected: Trojan-GameThief.Win32.Magania.avbc 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052202.com Infected: Trojan-GameThief.Win32.Magania.avbc 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052205.com Infected: Packed.Win32.Krap.g 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052235.com Infected: Packed.Win32.Krap.g 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052238.com Infected: Trojan-GameThief.Win32.Magania.avbc 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052275.com Infected: Packed.Win32.Krap.g 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052277.com Infected: Packed.Win32.Krap.g 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052309.com Infected: Packed.Win32.Krap.g 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052310.com Infected: Packed.Win32.Krap.g 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052339.com Infected: Packed.Win32.Krap.g 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052340.com Infected: Packed.Win32.Krap.g 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052370.com Infected: Packed.Win32.Krap.g 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052417.com Infected: Trojan-GameThief.Win32.Magania.avfh 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052419.cmd Infected: Trojan-GameThief.Win32.Magania.aved 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP367\A0052429.COM Infected: Packed.Win32.Krap.g 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052432.com Infected: Trojan-GameThief.Win32.Magania.avfh 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052434.cmd Infected: Trojan-GameThief.Win32.Magania.avgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052452.cmd Infected: Trojan-GameThief.Win32.Magania.avgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052453.com Infected: Trojan-GameThief.Win32.Magania.avfh 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052482.com Infected: Trojan-GameThief.Win32.Magania.avfh 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP368\A0052503.com Infected: Trojan-GameThief.Win32.Magania.avfh 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052528.com Infected: Trojan-GameThief.Win32.Magania.avfh 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052567.com Infected: Trojan-GameThief.Win32.Magania.avfh 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052569.cmd Infected: Trojan-GameThief.Win32.Magania.avgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052609.cmd Infected: Trojan-GameThief.Win32.Magania.avgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052638.exe Infected: Worm.Win32.AutoRun.fag 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052666.exe Infected: Worm.Win32.AutoRun.fag 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052696.cmd Infected: Trojan-GameThief.Win32.Magania.avhu 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052720.cmd Infected: Trojan-GameThief.Win32.Magania.avhu 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052795.cmd Infected: Trojan-GameThief.Win32.Magania.avhu 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052819.cmd Infected: Trojan-GameThief.Win32.Magania.avhu 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052842.cmd Infected: Trojan-GameThief.Win32.Magania.avhu 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052856.cmd Infected: Trojan-GameThief.Win32.Magania.avhu 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP369\A0052875.cmd Infected: Trojan.Win32.Agent.bres 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050249.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050250.inf Infected: Worm.Win32.AutoRun.vnq 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050253.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0050254.bat Infected: Trojan-GameThief.Win32.Magania.auyl 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0051781.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0051782.exe Infected: Trojan-GameThief.Win32.Magania.asgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP364\A0051785.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP370\A0052884.cmd Infected: Trojan.Win32.Agent.bres 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP370\A0052920.cmd Infected: Trojan.Win32.Agent.bres 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP370\A0052942.cmd Infected: Trojan.Win32.Agent.bres 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP371\A0052969.cmd Infected: Trojan.Win32.Agent.bres 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP372\A0053153.cmd Infected: Trojan.Win32.Agent.bres 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP372\A0053237.cmd Infected: Trojan.Win32.Agent.bres 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049282.exe Infected: Trojan-GameThief.Win32.Magania.asgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049286.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP345\A0049287.com Infected: Trojan-Downloader.Win32.FraudLoad.dcp 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049312.exe Infected: Trojan-GameThief.Win32.Magania.asgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049315.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049317.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049325.com Infected: Trojan-Downloader.Win32.FraudLoad.dcp 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP346\A0049327.bat Infected: Trojan.Win32.Agent.bokp 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049352.exe Infected: Trojan-GameThief.Win32.Magania.asgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049355.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049357.com Infected: Trojan-Downloader.Win32.FraudLoad.dcp 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP347\A0049365.bat Infected: Trojan.Win32.Agent.bokp 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049382.exe Infected: Trojan-GameThief.Win32.Magania.asgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049383.inf Infected: Worm.Win32.AutoRun.vnq 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049386.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049387.com Infected: Trojan-Downloader.Win32.FraudLoad.dcp 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP348\A0049395.bat Infected: Trojan.Win32.Agent.bokp 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP349\A0049428.com Infected: Trojan-GameThief.Win32.Magania.aunz 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP349\A0049429.inf Infected: Worm.Win32.AutoRun.vnq 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP349\A0049431.bat Infected: Trojan.Win32.Agent.bokp 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP349\A0049433.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049465.exe Infected: Trojan-GameThief.Win32.Magania.asgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049466.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049468.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049476.com Infected: Trojan-GameThief.Win32.Magania.aunz 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP350\A0049478.bat Infected: Trojan.Win32.Agent.bokp 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP351\A0049517.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP351\A0049518.inf Infected: Worm.Win32.AutoRun.vnq 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP351\A0049520.bat Infected: Trojan.Win32.Agent.bokp 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049563.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049564.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049567.bat Infected: Trojan.Win32.Agent.bokp 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049573.bat Infected: Trojan.Win32.Agent.bowv 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049598.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049601.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049603.bat Infected: Trojan.Win32.Agent.bokp 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049631.bat Infected: Trojan.Win32.Agent.bowv 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049658.exe Infected: Trojan-GameThief.Win32.Magania.asgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049662.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049663.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049669.bat Infected: Trojan.Win32.Agent.bokp 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP352\A0049680.bat Infected: Trojan.Win32.Agent.bowv 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049714.exe Infected: Trojan-GameThief.Win32.Magania.asgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049715.inf Infected: Worm.Win32.AutoRun.vnq 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP353\A0049717.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP354\A0049741.bat Infected: Trojan-GameThief.Win32.Magania.auub 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP354\A0049744.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP354\A0049746.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049774.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049776.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049778.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP355\A0049782.bat Infected: Trojan-GameThief.Win32.Magania.auub 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049810.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049814.bat Infected: Trojan-GameThief.Win32.Magania.auub 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049815.exe Infected: Trojan-GameThief.Win32.Magania.asgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP356\A0049823.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049852.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049853.inf Infected: Worm.Win32.AutoRun.vnq 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049856.bat Infected: Trojan-GameThief.Win32.Magania.auub 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP357\A0049857.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP358\A0049890.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP358\A0049893.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049899.exe Infected: Trojan-GameThief.Win32.Magania.auwn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049902.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049904.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049928.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049931.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049933.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049955.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049959.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049960.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049988.exe Infected: Trojan-GameThief.Win32.Magania.asgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049989.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP359\A0049992.exe Infected: Trojan-GameThief.Win32.Magania.auwn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050041.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050044.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050046.bat Infected: Trojan-GameThief.Win32.Magania.auyl 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050051.exe Infected: Trojan-GameThief.Win32.Magania.auwl 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050075.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050076.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050079.bat Infected: Trojan-GameThief.Win32.Magania.auyl 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP360\A0050083.exe Infected: Trojan-GameThief.Win32.Magania.auwl 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050117.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050120.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050122.bat Infected: Trojan-GameThief.Win32.Magania.auyl 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050127.exe Infected: Trojan-GameThief.Win32.Magania.auwl 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050162.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050165.exe Infected: Trojan-Dropper.Win32.Agent.agza 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP361\A0050167.bat Infected: Trojan-GameThief.Win32.Magania.auyl 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP362\A0050174.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP362\A0050177.exe Infected: Trojan-Dropper.Win32.Agent.agza 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP362\A0050179.bat Infected: Trojan-GameThief.Win32.Magania.auyl 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050206.exe Infected: Trojan-GameThief.Win32.Magania.asgr 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050207.inf Infected: Worm.Win32.AutoRun.vnq 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050209.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050211.exe Infected: Trojan-Dropper.Win32.Agent.agza 1

D:\System Volume Information\_restore{EE880B28-E8F5-405B-9D2E-8F25441D910A}\RP363\A0050219.bat Infected: Trojan-GameThief.Win32.Magania.auyl 1

D:\p1y2.cmd Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\iqe68o.bat Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\rjx0.exe Infected: Worm.Win32.AutoRun.mhw 1

D:\f.bat Infected: Worm.Win32.AutoRun.mhi 1

D:\ov.cmd Infected: Worm.Win32.AutoRun.mmk 1

D:\okhr.exe Infected: Worm.Win32.AutoRun.eqn 1

D:\ktnquo.exe Infected: Worm.Win32.AutoRun.mrx 1

D:\r1y1.bat Infected: Worm.Win32.AutoRun.mug 1

D:\iwjj.com Infected: Trojan-GameThief.Win32.OnLineGames.arxl 1

D:\1u0o8bnq.cmd Infected: Worm.Win32.AutoRun.nqd 1

D:\39lpji.com Infected: Worm.Win32.AutoRun.nan 1

D:\9yqusig.bat Infected: Trojan.Win32.Inject.ibr 1

D:\uxkktr.cmd Infected: Worm.Win32.AutoRun.pzg 1

D:\qkarc.exe Infected: Packed.Win32.Krap.b 1

D:\a1.bat Infected: Worm.Win32.AutoRun.ndh 1

D:\0u.cmd Infected: Worm.Win32.AutoRun.owt 1

D:\fe.bat Infected: Packed.Win32.Krap.b 1

D:\b0j6j16.bat Infected: Trojan.Win32.Vaklik.dum 1

D:\nq.bat Infected: Worm.Win32.AutoRun.pgb 1

D:\wjlfhtfm.cmd Infected: Worm.Win32.AutoRun.plu 1

D:\nfdmg.com Infected: Trojan-GameThief.Win32.OnLineGames.tmbd 1

D:\otyh.cmd Infected: Trojan-GameThief.Win32.OnLineGames.tmjh 1

D:\vva0hc0p.cmd Infected: Worm.Win32.AutoRun.qge 1

D:\yew.bat Infected: Worm.Win32.AutoRun.pyk 1

D:\n6t1h.cmd Infected: Trojan.Win32.Pakes.kxf 1

D:\08dgu.com Infected: Trojan-GameThief.Win32.OnLineGames.tnph 1

D:\e.exe Infected: Trojan.Win32.Agent.agnx 1

D:\vxl.exe Infected: Trojan-GameThief.Win32.Magania.acqa 1

D:\bo1dhu.bat Infected: Trojan-GameThief.Win32.OnLineGames.tnyo 1

D:\9.cmd Infected: Trojan-GameThief.Win32.Magania.ahbf 1

D:\68.exe Infected: Trojan-GameThief.Win32.Magania.agtn 1

D:\pnt.com Infected: Trojan-GameThief.Win32.Magania.agww 1

D:\ev60a2.cmd Infected: Trojan-GameThief.Win32.Magania.aguq 1

D:\ewatr.cmd Infected: Trojan-GameThief.Win32.Magania.aihv 1

D:\gx.com Infected: Trojan-GameThief.Win32.Magania.ahqp 1

D:\2fiji.com Infected: Trojan-GameThief.Win32.Magania.aiau 1

D:\xih9.cmd Infected: Trojan-GameThief.Win32.Magania.ajjs 1

D:\iok.exe Infected: Trojan-GameThief.Win32.Magania.anyq 1

D:\6j2j.com Infected: Trojan-GameThief.Win32.Magania.aoqe 1

D:\xlk9.com Infected: Trojan-GameThief.Win32.Magania.aigw 1

D:\2go30q.com Infected: Trojan-GameThief.Win32.Magania.aixg 1

D:\b.cmd Infected: Worm.Win32.AutoRun.rme 1

D:\fphj6j31.bat Infected: Packed.Win32.Krap.b 1

D:\prjydpe.cmd Infected: Packed.Win32.Krap.b 1

D:\6.bat Infected: Trojan-GameThief.Win32.Magania.ajjb 1

D:\nq0cq.cmd Infected: Trojan-Dropper.Win32.Agent.zbi 1

D:\g.exe Infected: Trojan-GameThief.Win32.Magania.akei 1

D:\sq.com Infected: Worm.Win32.AutoRun.saq 1

D:\ypjq1.cmd Infected: Trojan-GameThief.Win32.OnLineGames.thof 1

D:\xk2n.bat Infected: Packed.Win32.Krap.b 1

D:\sasyg1y8.com Infected: Worm.Win32.AutoRun.nts 1

D:\whi.com Infected: Packed.Win32.Krap.b 1

D:\yannh.cmd Infected: Trojan-GameThief.Win32.Magania.akow 1

D:\bt8vuaw.com Infected: Trojan-GameThief.Win32.OnLineGames.tsol 1

D:\lky.exe Infected: Trojan-GameThief.Win32.Magania.akhs 1

D:\ncyrf.bat Infected: Packed.Win32.Krap.b 1

D:\abk.bat Infected: Trojan.Win32.Inject.knt 1

D:\u6k.cmd Infected: Trojan-GameThief.Win32.Magania.alpz 1

D:\ij.bat Infected: Trojan-GameThief.Win32.Magania.altw 1

D:\hupxj.bat Infected: Trojan.Win32.Agent.arqd 1

D:\m2nl.bat Infected: Packed.Win32.Krap.b 1

D:\o1.com Infected: Worm.Win32.AutoRun.tfo 1

D:\e.cmd Infected: Trojan-GameThief.Win32.Magania.amio 1

D:\g8rruyw.exe Infected: Trojan-GameThief.Win32.Magania.amki 1

D:\rcukd.cmd Infected: Trojan-GameThief.Win32.Magania.ammv 1

D:\2h60k.cmd Infected: Trojan-GameThief.Win32.Magania.amlf 1

D:\fvbk.exe Infected: Trojan.Win32.Inject.kzt 1

D:\h3.bat Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\iw.bat Infected: Trojan-GameThief.Win32.OnLineGames.txvh 1

D:\3rl3lqbq.bat Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\6fnlpetp.exe Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\d.bat Infected: Trojan-Downloader.Win32.Agent.atvy 1

D:\wjlc.exe Infected: Trojan-GameThief.Win32.Magania.amvl 1

D:\300y.cmd Infected: Worm.Win32.AutoRun.vzm 1

D:\iky.bat Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\1gk8ha.bat Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\t.exe Infected: Trojan-GameThief.Win32.Magania.asgr 1

D:\1utbfd.bat Infected: Trojan-GameThief.Win32.Magania.auub 1

D:\yq00tht.exe Infected: Trojan-GameThief.Win32.Magania.asnh 1

D:\xcisvxl.com Infected: Trojan-GameThief.Win32.Magania.arly 1

D:\xn9uu8.exe Infected: Trojan-GameThief.Win32.Magania.arrj 1

D:\x2tpc.cmd Infected: Trojan-GameThief.Win32.Magania.asfh 1

D:\opgde.exe Infected: Trojan-Dropper.Win32.Agent.agza 1

D:\iq.bat Infected: Trojan-GameThief.Win32.Magania.asnx 1

D:\m6r8v.com Infected: Packed.Win32.Krap.g 1

D:\ve.exe Infected: Trojan-GameThief.Win32.Magania.asth 1

D:\gy.exe Infected: Trojan-GameThief.Win32.Magania.atoy 1

D:\r120.bat Infected: Trojan-GameThief.Win32.Magania.aupq 1

D:\w98.com Infected: Trojan-GameThief.Win32.Magania.atzj 1

D:\uvsqfgwd.cmd Infected: Trojan-GameThief.Win32.Magania.audk 1

D:\uh.exe Infected: Trojan-GameThief.Win32.Magania.audw 1

D:\8.bat Infected: Worm.Win32.AutoRun.yza 1

D:\a2h2.com Infected: Trojan-GameThief.Win32.Magania.aukf 1

D:\3dohrt.com Infected: Trojan-GameThief.Win32.Magania.aujw 1

D:\pook.com Infected: Trojan-GameThief.Win32.Magania.aunz 1

D:\bd3q0qix.exe Infected: Trojan-GameThief.Win32.Magania.asju 1

D:\m0vnonh.bat Infected: Trojan.Win32.Agent.bowv 1

D:\2u.com Infected: Trojan-GameThief.Win32.Magania.amqn 1

D:\px.bat Infected: Trojan-GameThief.Win32.Magania.autz 1

D:\2aaxaiy.exe Infected: Trojan-GameThief.Win32.Magania.auwn 1

D:\gnc.bat Infected: Trojan-GameThief.Win32.Magania.auyl 1

D:\ur0.com Infected: Packed.Win32.Krap.g 1

D:\qphdin.com Infected: Trojan-GameThief.Win32.Magania.avfh 1

D:\s39tg.cmd Infected: Trojan-GameThief.Win32.Magania.avgr 1

D:\hyetn1i.exe Infected: Worm.Win32.AutoRun.fag 1

D:\0C2Q.COM.vir Infected: Packed.Win32.Krap.g 1

The selected area was scanned.

Mensaje por **msc hotline sat** » 19 Feb 2009, 19:14

Claro que se reproducen ! como que tienes tropecientos marranos por ahí dentro...

Voy a ver tu log...

Pus no veo el antivirus que tienes instalado... o es que no tienes ninguno ???

Dinoslo, y obraremos en consecuencia

saludos

ms, 19-2-2009

Recuerda que es basico tener un antivirus residente y actualizado:

https://foros.zonavirus.com/viewtopic.php?f=5&t=26947&start=0

arcangelet · Mensaje por **arcangelet** » 19 Feb 2009, 23:38

jajajjajaja, ahi me has pillado... no tenog ninguno... es que me hacian ir el ordenador lento, y ya no tengo des de hace años. Alguna recomendacion de antivirus?

Ordenador con varios problemas (SOLUCIONADO)

Ordenador con varios problemas (SOLUCIONADO)

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas

Re: Ordenador con varios problemas