Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 33

Thread: Y computer is sending spam emails

  1. #11
    Member
    Join Date
    May 2007
    Posts
    32

    Default continue

    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 857A09C0
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8561E498
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8561E498
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8561E498
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8561E498
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8561E498
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8561E498
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8561E498
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8561E498
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8561E498
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8561E498
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8561E498
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 852CA0E8
    Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 852CA0E8
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8561E498
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8561E498
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8561E498
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8561E498
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8561E498
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8561E498
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8561E498
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8561E498
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8561E498
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8561E498
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8561E498
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 857A09C0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{E7B7544F-488D-4528-A667-6018CBF10312} IRP_MJ_CREATE 8542F0E8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{E7B7544F-488D-4528-A667-6018CBF10312} IRP_MJ_CLOSE 8542F0E8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{E7B7544F-488D-4528-A667-6018CBF10312} IRP_MJ_DEVICE_CONTROL 8542F0E8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{E7B7544F-488D-4528-A667-6018CBF10312} IRP_MJ_INTERNAL_DEVICE_CONTROL 8542F0E8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{E7B7544F-488D-4528-A667-6018CBF10312} IRP_MJ_CLEANUP 8542F0E8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{E7B7544F-488D-4528-A667-6018CBF10312} IRP_MJ_PNP 8542F0E8
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL 857A09C0
    Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_PNP 857A09C0
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8542F0E8
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8542F0E8
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8542F0E8
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8542F0E8
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8542F0E8
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8542F0E8
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8542F0E8
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8542F0E8
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8542F0E8
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8542F0E8
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8542F0E8
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8542F0E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8579F0E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 8579F0E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 8579F0E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 8579F0E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 8579F0E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 8579F0E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8579F0E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 8579F0E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 8579F0E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 8579F0E8
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 8579F0E8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 853BE590

  2. #12
    Member
    Join Date
    May 2007
    Posts
    32

    Default this is the last one

    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 853BE590
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 853BE590
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 851A72C8
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 851A72C8
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 851A72C8
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 851A72C8
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 851A72C8
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 851A72C8
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 851A72C8
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 851A72C8
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 851A72C8
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 851A72C8
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 851A72C8
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 851A72C8
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 851A72C8
    Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 851A72C8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 857A09C0
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 857A09C0
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 857A09C0
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 857A09C0
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 857A09C0
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 857A09C0
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 857A09C0
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 857A09C0
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 857A09C0
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 857A09C0
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 857A09C0
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 85403B40
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 85403B40
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 85403B40
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 85403B40
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 85403B40
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 85403B40
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 85403B40
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 85403B40
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 85403B40
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 85403B40
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 85403B40
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 85403B40
    Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 85403B40
    Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_CREATE 854FB508
    Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_CLOSE 854FB508
    Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 854FB508
    Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 854FB508
    Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_POWER 854FB508
    Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 854FB508
    Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_PNP 854FB508
    Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 854FB508
    Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 854FB508
    Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 854FB508
    Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 854FB508
    Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 854FB508
    Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 854FB508
    Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 854FB508
    Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_READ 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 85641BB0
    Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 85641BB0
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 85286318
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 85286318
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 85286318
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 85286318
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 85286318
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 85286318
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 85286318
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [F3B10756] DLAIFS_M.SYS
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 85286318
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 85286318
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 85286318
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 85286318
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 85286318

  3. #13
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Strange, that gmer log looks ok.

    Please re-run rustockbfix and post corresponding logs here.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  4. #14
    Member
    Join Date
    May 2007
    Posts
    32

    Default

    hi

    prelog:

    ************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
    01/06/2007 16:12:09.92

    No Rustock.b-rootkits found

    ******************************* End of Logfile ********************************

    HJT

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 04:13:56 p.m., on 01/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
    C:\Archivos de programa\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\MSN Messenger\msnmsgr.exe
    C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Archivos de programa\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
    C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
    C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Archivos de programa\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Archivos de programa\MSN Messenger\usnsvc.exe
    C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
    C:\Archivos de programa\Messenger\msmsgs.exe
    E:\Mauricio\programas\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {070252CE-3AD4-42D3-9DFC-132052F2AB9d} - C:\WINDOWS\system32\dfhglaot.dll
    O2 - BHO: (no name) - {4F8B099D-C9E6-4227-8E6A-4DE8336DB956} - C:\WINDOWS\system32\mlljh.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Lch - {5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} - C:\WINDOWS\system32\lch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Archivos de programa\Archivos comunes\Symantec Shared\SymProbe.exe -r "C:\Archivos de programa\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [svrhost.exe] C:\WINDOWS\system32\svrhost.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [svrhost.exe] C:\WINDOWS\system32\svrhost.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)
    O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
    O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Administración de IIS (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
    O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: MySQL - Unknown owner - C:\Archivos.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
    O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Protocolo simple de transferencia de correo (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Cola de impresión (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Archivos de programa\Archivos comunes\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Publicación en World Wide Web (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
    O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

  5. #15
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Looks like it's gone, great

    Open HijackThis, click do a system scan only and checkmark these:

    O2 - BHO: (no name) - {070252CE-3AD4-42D3-9DFC-132052F2AB9d} - C:\WINDOWS\system32\dfhglaot.dll
    O2 - BHO: (no name) - {4F8B099D-C9E6-4227-8E6A-4DE8336DB956} - C:\WINDOWS\system32\mlljh.dll (file missing)
    O2 - BHO: Lch - {5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} - C:\WINDOWS\system32\lch.dll
    O4 - HKLM\..\Run: [svrhost.exe] C:\WINDOWS\system32\svrhost.exe
    O4 - HKCU\..\Run: [svrhost.exe] C:\WINDOWS\system32\svrhost.exe
    O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)


    Close all windows including browser and press fix checked.

    Reboot.

    Delete if present:

    C:\WINDOWS\system32\lch.dll
    C:\WINDOWS\system32\dfhglaot.dll
    C:\WINDOWS\system32\svrhost.exe

    Empty Recycle Bin.

    Post a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  6. #16
    Member
    Join Date
    May 2007
    Posts
    32

    Default

    here it is!!

    thanks

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 04:01:17 a.m., on 02/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
    C:\Archivos de programa\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\MSN Messenger\msnmsgr.exe
    C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Archivos de programa\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
    C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
    C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
    E:\Mauricio\programas\HiJackThis_v2.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Archivos de programa\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Archivos de programa\Messenger\msmsgs.exe
    C:\Archivos de programa\MSN Messenger\usnsvc.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Archivos de programa\Archivos comunes\Symantec Shared\SymProbe.exe -r "C:\Archivos de programa\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
    O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Administración de IIS (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
    O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: MySQL - Unknown owner - C:\Archivos.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Archivos de programa\Archivos comunes\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
    O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Protocolo simple de transferencia de correo (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Cola de impresión (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Archivos de programa\Archivos comunes\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Publicación en World Wide Web (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
    O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

  7. #17
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then start to download the latest definition files.
    • Once the scanner is installed and the definitions downloaded, click Next.
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:

      o Scan using the following Anti-Virus database:

      + Extended (If available otherwise Standard)

      o Scan Options:

      + Scan Archives
      + Scan Mail Bases
    • Click OK
    • Now under select a target to scan select My Computer
    • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button
    • Save the file to your desktop.
    • Copy and paste that information in your next post.


    Post:

    - a fresh HijackThis log
    - kaspersky report
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  8. #18
    Member
    Join Date
    May 2007
    Posts
    32

    Default reports:

    Kaspersky:
    C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDALRT.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDCON.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDDBG.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDFW.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDIDS.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSYS.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

    C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

    C:\Archivos de programa\DAP\History\Invitado\_lasthist.dat Object is locked skipped

    C:\Archivos de programa\DAP\Temp\SRC201.tmp.dap Object is locked skipped

    C:\Archivos de programa\MySQL\MySQL Server 4.1\data\ibdata1 Object is locked skipped

    C:\Archivos de programa\MySQL\MySQL Server 4.1\data\ib_logfile0 Object is locked skipped

    C:\Archivos de programa\MySQL\MySQL Server 4.1\data\ib_logfile1 Object is locked skipped

    C:\Archivos de programa\MySQL\MySQL Server 4.1\data\MAURICIO.err Object is locked skipped

    C:\Archivos de programa\MySQL\MySQL Server 4.1\data\mysql\columns_priv.MYD Object is locked skipped

    C:\Archivos de programa\MySQL\MySQL Server 4.1\data\mysql\columns_priv.MYI Object is locked skipped

    C:\Archivos de programa\MySQL\MySQL Server 4.1\data\mysql\db.MYD Object is locked skipped

    C:\Archivos de programa\MySQL\MySQL Server 4.1\data\mysql\db.MYI Object is locked skipped

    C:\Archivos de programa\MySQL\MySQL Server 4.1\data\mysql\host.MYD Object is locked skipped

    C:\Archivos de programa\MySQL\MySQL Server 4.1\data\mysql\host.MYI Object is locked skipped

    C:\Archivos de programa\MySQL\MySQL Server 4.1\data\mysql\tables_priv.MYD Object is locked skipped

    C:\Archivos de programa\MySQL\MySQL Server 4.1\data\mysql\tables_priv.MYI Object is locked skipped

    C:\Archivos de programa\MySQL\MySQL Server 4.1\data\mysql\user.MYD Object is locked skipped

    C:\Archivos de programa\MySQL\MySQL Server 4.1\data\mysql\user.MYI Object is locked skipped

    C:\Archivos de programa\Norton AntiVirus\AVApp.log Object is locked skipped

    C:\Archivos de programa\Norton AntiVirus\AVError.log Object is locked skipped

    C:\Archivos de programa\Norton AntiVirus\AVVirus.log Object is locked skipped

    C:\Archivos de programa\Norton AntiVirus\Savrt\0102NAV~.TMP Object is locked skipped

    C:\Archivos de programa\Norton AntiVirus\Savrt\0284NAV~.TMP Object is locked skipped

    C:\Documents and Settings\All Users\Datos de programa\Symantec\Common Client\settings.dat Object is locked skipped

    C:\Documents and Settings\All Users\Datos de programa\Symantec\HPPAppActivity.log Object is locked skipped

    C:\Documents and Settings\All Users\Datos de programa\Symantec\HPPHomePageActivity.log Object is locked skipped

    C:\Documents and Settings\All Users\Datos de programa\Symantec\LiveUpdate\2007-06-03_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

    C:\Documents and Settings\All Users\Datos de programa\Symantec\Norton AntiVirus\Quarantine\004C0496.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped

    C:\Documents and Settings\All Users\Datos de programa\Symantec\Norton AntiVirus\Quarantine\06AD0592.tmp Infected: Trojan.Win32.Dialer.qn skipped

    C:\Documents and Settings\All Users\Datos de programa\Symantec\Norton AntiVirus\Quarantine\0E8A4659.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

    C:\Documents and Settings\All Users\Datos de programa\Symantec\Norton AntiVirus\Quarantine\4A184FAC.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped

    C:\Documents and Settings\All Users\Datos de programa\Symantec\Norton AntiVirus\Quarantine\7BC726B7.dll Infected: Trojan-Spy.Win32.VBStat.h skipped

    C:\Documents and Settings\Invitado\Configuración local\Temp\tmpE452.tmp.dll Infected: Trojan.Win32.BHO.g skipped

    C:\Documents and Settings\Invitado\Configuración local\Temp\tmpE61A.tmp.exe Infected: Trojan.Win32.Agent.agv skipped

    C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Archivos temporales de Internet\Content.IE5\8H6ZCP6R\bind[1].htm Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Datos de programa\Microsoft\Messenger\mauricio_portill@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Datos de programa\Microsoft\Messenger\mauricio_portill@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Datos de programa\Microsoft\Messenger\mauricio_portill@hotmail.com\SharingMetadata\Working\database_3CA0_95C4_A095_84D4\dfsr.db Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Datos de programa\Microsoft\Messenger\mauricio_portill@hotmail.com\SharingMetadata\Working\database_3CA0_95C4_A095_84D4\fsr.log Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Datos de programa\Microsoft\Messenger\mauricio_portill@hotmail.com\SharingMetadata\Working\database_3CA0_95C4_A095_84D4\fsrtmp.log Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Datos de programa\Microsoft\Messenger\mauricio_portill@hotmail.com\SharingMetadata\Working\database_3CA0_95C4_A095_84D4\tmp.edb Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\mauricio_portill@hotmail.com\real\members.stg Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\mauricio_portill@hotmail.com\shadow\members.stg Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Datos de programa\Microsoft\Windows Media\10.0\WMSDKNSD.XML Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Historial\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Historial\History.IE5\MSHist012007060320070604\index.dat Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Temp\~DF11D.tmp Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Temp\~DF70.tmp Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Temp\~DFD0BB.tmp Object is locked skipped

    C:\Documents and Settings\user\Configuración local\Temp\~DFE842.tmp Object is locked skipped

    C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\user\Datos de programa\Symantec\PendingAlertsQueue.log Object is locked skipped

    C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped

  9. #19
    Member
    Join Date
    May 2007
    Posts
    32

    Default

    continue kaspersky:

    C:\SDFix\backups\backups.zip/backups/tmpE.tmp.exe Infected: Trojan.Win32.Agent.agv skipped

    C:\SDFix\backups\backups.zip/backups/wudb.dll Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\SDFix\backups\backups.zip ZIP: infected - 2 skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050296.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050297.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050298.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050299.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050300.DLL Infected: Trojan.Win32.BHO.g skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050301.exe Infected: Trojan-Downloader.Win32.Agent.bgn skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050302.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050303.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050304.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050305.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050306.exe Infected: Trojan-Downloader.Win32.Small.dod skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050307.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050308.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050309.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050310.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050311.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050312.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050313.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050314.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050315.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050316.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050317.exe Infected: Trojan-Downloader.Win32.Tiny.eu skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050318.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050319.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050320.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050321.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050322.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050323.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050459.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP176\A0050489.rbf Infected: Trojan-Clicker.Win32.Agent.jh skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP179\A0051446.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP179\A0051583.dll Infected: Trojan-Downloader.Win32.ConHook.bf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP179\A0051585.dll Infected: Trojan.Win32.BHO.g skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP179\A0051604.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP179\A0051605.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP179\A0051606.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP179\A0051607.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP179\A0051609.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP179\A0051641.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP179\A0051642.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP180\A0051651.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP180\A0051652.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP180\A0051653.exe Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP180\A0051691.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP180\A0051692.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP180\A0051701.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP180\A0051702.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP180\A0051708.exe Infected: Trojan-Clicker.Win32.Agent.jh skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP180\A0051709.exe Infected: Trojan.Win32.Obfuscated.en skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP180\A0051710.exe Infected: Trojan.Win32.Dialer.qn skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP180\A0051727.exe Infected: Trojan.Win32.Agent.agv skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP180\A0051728.exe Infected: Trojan.Win32.BHO.g skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP180\A0051729.exe Infected: Trojan.Win32.BHO.g skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP180\A0051730.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP180\A0051731.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP180\A0051732.dll Infected: Trojan-Downloader.Win32.ConHook.bf skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP181\A0051756.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP181\A0051757.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP181\A0051787.exe Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP181\A0051796.exe Infected: SpamTool.Win32.Delf.n skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP181\A0052756.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP181\A0052757.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP181\A0052883.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP181\A0052884.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP181\A0053791.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP181\A0053792.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP182\A0053817.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP182\A0053818.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP182\A0053821.dll Infected: Trojan-Spy.Win32.VBStat.h skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP183\A0053844.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP183\A0053853.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP183\A0053854.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP183\A0053879.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP183\A0053885.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP183\A0053886.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP183\A0053923.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP183\A0053924.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP183\A0053940.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP183\A0053945.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP183\A0053946.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP183\A0053958.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP184\A0053986.exe Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP184\A0054027.exe Infected: Backdoor.Win32.Small.na skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP184\A0054028.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP184\A0054029.dll Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP184\A0054030.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP184\A0054031.dll Infected: Trojan.Win32.BHO.g skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP184\A0054032.exe Infected: Backdoor.Win32.Sivuxa.a skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP184\A0054040.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP184\A0054058.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP184\A0054077.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP185\A0054101.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP185\A0054102.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP185\A0054111.dll Infected: Trojan.Win32.Agent.qt skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP185\A0056132.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP185\A0056133.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP185\A0056149.dll Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP185\A0056156.exe Infected: Trojan.Win32.Agent.agv skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP185\A0056160.dll Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP189\A0062184.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped

    C:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP189\change.log Object is locked skipped

    C:\VundoFix Backups\winrzf32.dll.bad Infected: Trojan.Win32.Agent.qt skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

  10. #20
    Member
    Join Date
    May 2007
    Posts
    32

    Default

    Continue Kaspersky:

    C:\WINDOWS\g10751703.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g119495093.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g11952453.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g13267578.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g13273140.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g14469312.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g14474390.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g15671062.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g15676796.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g1632640.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g16876031.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g16991796.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g16996984.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g181843.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g18197234.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g18198812.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g18315718.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g184140.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g1863484.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g186515.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g190625.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g19518343.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g19520859.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g19528062.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g20722718.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g20841390.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g21926093.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g21939156.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g22162593.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g23142828.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g23366375.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g24465921.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g24687656.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g25788468.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g26008718.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g26997328.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g27331656.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g27688515.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g28195937.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g2836906.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g28652906.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g28888984.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g29521156.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g29975875.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g30090640.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g30839921.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g31178375.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g31411062.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g3185531.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g32161562.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g32501484.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g32611750.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g33482343.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g33824125.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g33932437.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g34683421.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g35253125.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g36004125.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g36455421.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g37325859.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g38646562.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g39967250.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g41168250.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g42488953.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g429859.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g43809640.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g4508843.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g45130359.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g46451031.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g47771718.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g48972750.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g50293437.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g51614109.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g52934812.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g54255515.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g55576656.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g56897328.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g5708734.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g58218031.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g5959000.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g6909828.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g8110343.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g84419000.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\g9431031.exe Infected: Trojan-Downloader.Win32.Agent.bqw skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\d4xofa.dll Object is locked skipped

    C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

    C:\WINDOWS\system32\drivers\sptd6637.sys Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\oprgaiqw.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped

    C:\WINDOWS\system32\uqxffvkd.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped

    C:\WINDOWS\system32\vkaseitc.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped

    C:\WINDOWS\system32\vunseicm.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\system32\xpdt.sys Infected: Trojan-Clicker.Win32.Costrat.au skipped

    C:\WINDOWS\Temp\ib22 Object is locked skipped

    C:\WINDOWS\Temp\ib23 Object is locked skipped

    C:\WINDOWS\Temp\ib24 Object is locked skipped

    C:\WINDOWS\Temp\ib25 Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    E:\Mauricio\programas\Ace Password Sniffer v1.1 Incl Crack.rar/ApsSetup.exe/APSV1.EXE Infected: not-a-virus:PSWTool.Win32.APS.11 skipped

    E:\Mauricio\programas\Ace Password Sniffer v1.1 Incl Crack.rar/ApsSetup.exe Infected: not-a-virus:PSWTool.Win32.APS.11 skipped

    E:\Mauricio\programas\Ace Password Sniffer v1.1 Incl Crack.rar RAR: infected - 2 skipped

    E:\Mauricio\programas\backups\backup-20070602-035436-704.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped

    E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    E:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP178\A0050745.exe Infected: Trojan-Dropper.Win32.Agent.azk skipped

    E:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP178\A0050746.exe Infected: Trojan-Downloader.Win32.Small.edb skipped

    E:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP189\change.log Object is locked skipped

    F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    F:\System Volume Information\_restore{95B4616F-B1BF-4731-943F-84ECA49BAE8E}\RP189\change.log Object is locked skipped

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •