Sign in to follow this  
qmedlam

Help: xxx.exe is not a valid Win32 application

Recommended Posts

Dear friends:

some times ago I posted a problem that was resolved good and fast by Gogo.

 

This time I think I was infected with some kind of virus, ´cause when I try to open some .exe programs I receive the message: xxx.exe is not a valid Win32 application.

 

This happens when I try to install the Avg free, Sygate (last version free), and more important I can´t install HijackThis (last version), that´s why I not send the HJT log. This also happens tring to install Bit defender free, etc.

 

I can open Word, etc. The network connection works (´till now).

 

I hope you could help in this issue.

 

Regards

Quique

Share this post


Link to post
Share on other sites

Hi

 

Please download HijackThis and before running it rename HijackThis.exe file -> somethingElse.exe. Then try running hjt and post the log.

Share this post


Link to post
Share on other sites
Hi

 

Please download HijackThis and before running it rename HijackThis.exe file -> somethingElse.exe. Then try running hjt and post the log.

 

Hi Blade81

I thanks your quick reply.

I rename HJT, try to run it but nothing happens (it doesn´t open).

 

I send another data, perhaps useful:

1-I have a P4, RAM=1 Gb; 2 disks 160 and 200 Mb; Mobo:ASUS P4PE-X

2-Yesterday, before my post, I run ESET Nod32 Online Scan, and this is the log:

 

# version=4

# OnlineScanner.ocx=1.0.0.635

# OnlineScannerDLLA.dll=1, 0, 0, 79

# OnlineScannerDLLW.dll=1, 0, 0, 78

# OnlineScannerUninstaller.exe=1, 0, 0, 49

# vers_standard_module=3067 (20080430)

# vers_arch_module=1.064 (20080214)

# vers_adv_heur_module=1.064 (20070717)

# EOSSerial=05ff3d0c285089448cc6621ef06f2a53

# end=finished

# remove_checked=true

# unwanted_checked=false

# utc_time=2008-05-02 01:32:06

# local_time=2008-05-02 10:32:06 (-0300, Hora est. de Sudamérica E.)

# country="Spain"

# osver=5.1.2600 NT Service Pack 2

# scanned=921358

# found=163

# scan_time=70399

C:\Documents and Settings\Q\Datos de programa\Sun\Java\Deployment\cache\6.0\63\5c60b7ff-750794d2.VIR multiple infiltrations (deleted) 00000000000000000000000000000000

C:\Documents and Settings\Q\Datos de programa\Sun\Java\Deployment\cache\6.0\63\5c60b7ff-750794d2.VIR »ZIP »MagicApplet.class Java/TrojanDownloader.OpenConnection trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

C:\Documents and Settings\Q\Datos de programa\Sun\Java\Deployment\cache\6.0\63\5c60b7ff-750794d2.VIR »ZIP »OwnClassLoader.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

C:\Documents and Settings\Q\Datos de programa\Sun\Java\Deployment\cache\6.0\63\5c60b7ff-750794d2.VIR »ZIP »ProxyClassLoader.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

C:\Documents and Settings\Q\Datos de programa\Sun\Java\Deployment\cache\6.0\63\5c60b7ff-750794d2.VIR »ZIP »Installer.class Java/TrojanDownloader.OpenConnection.AO trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

C:\Archivos de programa\NetMeter\NetMeter.exe Win32/Bagle.OO worm (unable to clean - deleted) 00000000000000000000000000000000

C:\Archivos de programa\HighCriteria\TotalRecorder\keygen.exe probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\ ## Utilidades\++++AVG Antispyware\avg.antispyware.7.5.xx.patch.-.it'ok.zip Win32/Bagle.LP worm (unable to clean - deleted) 00000000000000000000000000000000

D:\ ## Utilidades\++++AVG Antispyware\AVG.antispyware.crack.zip Win32/Bagle.LP worm (unable to clean - deleted) 00000000000000000000000000000000

D:\ ## Utilidades\++++Flobo Hard Disk Repair\Flobo Hard Disk Repair 1.5 [Key+Serial].zip.VIR probably a variant of Win32/Bagle worm (unable to clean - deleted) 00000000000000000000000000000000

D:\ ## Utilidades\++++Join MP3\Visual MP3 Splitter & Joiner 5.8 Build 68 Key.zip Win32/Bagle.LL worm (unable to clean - deleted) 00000000000000000000000000000000

D:\ ## Utilidades\++++Perfect Sound Recorder\Perfect Sound Recorder 7.2.0 Cracked.zip Win32/Bagle.KT worm (unable to clean - deleted) 00000000000000000000000000000000

D:\ ## Utilidades\++++Windows Repair pro\XPlite and 2000lite Pro 1.9 updated-fixed 05-2007.zip Win32/Kapucen.B worm (deleted) 00000000000000000000000000000000

D:\ ## Utilidades\++++Windows Repair pro\XPlite and 2000lite Pro 1.9 updated-fixed 05-2007.zip »ZIP »Setup.exe Win32/Kapucen.B worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\ ## Utilidades\++++XP lite tweaker\Xplite And 2000Lite Pro 1.9.zip Win32/Kapucen.E worm (deleted) 00000000000000000000000000000000

D:\ ## Utilidades\++++XP lite tweaker\Xplite And 2000Lite Pro 1.9.zip »ZIP »Setup.exe Win32/Kapucen.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\ ## Utilidades\----TOTAL RECORDER 6\Total.Recorder.v6.0.Pro\AGC+Speech.Enhancement.Add-on\keygen.exe probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\ ## Utilidades\----TOTAL RECORDER 6\Total.Recorder.v6.0.Pro\Audio.Restoration.1.0\keygen.exe probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 10\### SOFT PARA GRABAR\----Acoustica Spin It\Acoustica.Spin.It.Again.v2.1.b35.WinAll.Incl.KeyGen-NeoX.rar probably a variant of Win32/Agent trojan (deleted) 00000000000000000000000000000000

D:\Soft 10\### SOFT PARA GRABAR\----Acoustica Spin It\Acoustica.Spin.It.Again.v2.1.b35.WinAll.Incl.KeyGen-NeoX.rar »RAR »Acoustica.Spin.It.Again.v2.1.b35.WinAll.Incl.KeyGen-NeoX\keygen.exe probably a variant of Win32/Agent trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\Soft 10\++++Flobo Hard Disk Repair\Flobo Hard Disk Repair 1.5 [Key+Serial].zip.VIR probably a variant of Win32/Bagle worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 10\++++PowerISO\PowerISO v.3.8 + KeyGen_DnGnMsTr.rar probably a variant of Win32/Agent trojan (deleted) 00000000000000000000000000000000

D:\Soft 10\++++PowerISO\PowerISO v.3.8 + KeyGen_DnGnMsTr.rar »RAR »PowerISO v.3.8 + KeyGen_DnGnMsTr\keygen.exe probably a variant of Win32/Agent trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\Soft 10\++++Speed Gear 5-00\Speed Gear 5.00 + Key Generator - xFEDUPx.zip probably a variant of Win32/TrojanDownloader.Agent trojan (deleted) 00000000000000000000000000000000

D:\Soft 10\++++Speed Gear 5-00\Speed Gear 5.00 + Key Generator - xFEDUPx.zip »ZIP »Keygen.exe probably a variant of Win32/TrojanDownloader.Agent trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\Soft 10\++++Windows Repair pro\XPlite and 2000lite Pro 1.9 updated-fixed 05-2007.zip Win32/Kapucen.B worm (deleted) 00000000000000000000000000000000

D:\Soft 10\++++Windows Repair pro\XPlite and 2000lite Pro 1.9 updated-fixed 05-2007.zip »ZIP »Setup.exe Win32/Kapucen.B worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\Soft 10\++++XP lite tweaker\Xplite And 2000Lite Pro 1.9.zip Win32/Kapucen.E worm (deleted) 00000000000000000000000000000000

D:\Soft 10\++++XP lite tweaker\Xplite And 2000Lite Pro 1.9.zip »ZIP »Setup.exe Win32/Kapucen.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\Soft 10\----TOTAL RECORDER 6\Total.Recorder.v6.0.Pro\AGC+Speech.Enhancement.Add-on\keygen.exe probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 10\----TOTAL RECORDER 6\Total.Recorder.v6.0.Pro\Audio.Restoration.1.0\keygen.exe probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 11\++++AVG Antispyware\avg.antispyware.7.5.xx.patch.-.it'ok.zip Win32/Bagle.LP worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 11\++++AVG Antispyware\AVG.antispyware.crack.zip Win32/Bagle.LP worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 11\++++Directory Printer\Directory Printer 3.72 With Crack.zip Win32/Bagle.LV worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 11\++++Directory Printer\Directory Printer 3.72.zip Win32/Bagle.LV worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 11\++++Join MP3\Visual MP3 Splitter & Joiner 5.8 Build 68 Key.zip Win32/Bagle.LL worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 11\++++Pando 2\Pando Pro Full v1.4.7.3 Cracked.rar a variant of Win32/PTCasino application (deleted) 00000000000000000000000000000000

D:\Soft 11\++++Pando 2\Pando Pro Full v1.4.7.3 Cracked.rar »RAR »SetupPoker-033.exe a variant of Win32/PTCasino application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\Soft 11\++++Pando 2\Pando Pro Full v1473 Cracked\SetupPoker-033.exe a variant of Win32/PTCasino application (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 11\++++Pando 2\Pando Pro No serial(crack)\SetupPoker-033.exe a variant of Win32/PTCasino application (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 11\++++Pando 4\pando pro osx (multilanguage) updated-fixed 01-2008.rar Win32/Kapucen.B worm (deleted) 00000000000000000000000000000000

D:\Soft 11\++++Pando 4\pando pro osx (multilanguage) updated-fixed 01-2008.rar »RAR »setup.exe Win32/Kapucen.B worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\Soft 11\++++Perfect Sound Recorder\Perfect Sound Recorder 7.2.0 Cracked.zip Win32/Bagle.KT worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 11\++++Recovery my files\--Recovermyfiles- Recover My Files 3.98 Serial Keygen.zip a variant of Win32/Agent.VG trojan (deleted) 00000000000000000000000000000000

D:\Soft 11\++++Recovery my files\--Recovermyfiles- Recover My Files 3.98 Serial Keygen.zip »ZIP »http--www.recovermyfiles.com- recover my files 3.98.exe a variant of Win32/Agent.VG trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\Soft 11\++++RM to MP3 converter\Allok AVI MPEG WMV RM to MP3 Converter v1.6.8.zip probably a variant of Win32/TrojanDropper.Agent trojan (deleted) 00000000000000000000000000000000

D:\Soft 11\++++RM to MP3 converter\Allok AVI MPEG WMV RM to MP3 Converter v1.6.8.zip »ZIP »keygen.exe probably a variant of Win32/TrojanDropper.Agent trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\Soft 11\++++Total xxxxx Converter\Total Image Converter 2.0.zip.VIR Win32/Bagle.MC worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 11\++++Total xxxxx Converter\Total.PDF.Converter.v1.5-DVT.zip Win32/TrojanDropper.Delf.XO trojan (deleted) 00000000000000000000000000000000

D:\Soft 11\++++Total xxxxx Converter\Total.PDF.Converter.v1.5-DVT.zip »ZIP »Total.PDF.Converter.v1.5-DVT/d-de4to2/DVT/PDFConverter.exe Win32/TrojanDropper.Delf.XO trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\Soft 11\++++Total xxxxx Converter\Total.PDF.Converter.v1.5-DVT.zip »ZIP »Total.PDF.Converter.v1.5-DVT/d-de4to2/Setup/TotalPDFConverter.exe Win32/TrojanDropper.Delf.XO trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\Soft 14\++++changeip v-1-1-1-2\ChangeIP_1.3.zip Win32/Bagle.OO worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 14\++++changeip v-1-1-1-2\ChangeIP_1.3_[With_Crack].zip Win32/Bagle.OO worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 14\++++Turn off monitor\Instal Power Monitor Off\Power_Monitor_Off_1.exe Win32/Bagle.OO worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 6\Kerio personal firewall\Sunbelt.Kerio.Personal.Firewall.v4.3.268.rar.VIR probably a variant of Win32/Agent trojan (deleted) 00000000000000000000000000000000

D:\Soft 6\Kerio personal firewall\Sunbelt.Kerio.Personal.Firewall.v4.3.268.rar.VIR »RAR »patch.exe probably a variant of Win32/Agent trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\Soft 6\Numerology\Decoz Master Numerology Program [email protected] a variant of Win32/TrojanDropper.Agent.AWK trojan (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 8\pando pro full v1.4.7.3 Cracked.rar a variant of Win32/PTCasino application (deleted) 00000000000000000000000000000000

D:\Soft 8\pando pro full v1.4.7.3 Cracked.rar »RAR »SetupPoker-033.exe a variant of Win32/PTCasino application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\Soft 9\ ## VIDEO\----File Tree Printer\File Tree Printer 3.1.zip Win32/Bagle.HJ worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 9\++Audio oscilators\Multi.Tone.Generator.v1.5.©racked-LOCKLESS.[c]rack.zip.VIR a variant of Win32/TrojanDropper.Agent.AWK trojan (deleted) 00000000000000000000000000000000

D:\Soft 9\++Audio oscilators\Multi.Tone.Generator.v1.5.©racked-LOCKLESS.[c]rack.zip.VIR »ZIP »L-Mtg.v1.5.exe a variant of Win32/TrojanDropper.Agent.AWK trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\Soft 9\----008Soft_com\Open.Video.Joiner.v3.0.3.Incl.Keymaker-brd.rar.VIR probably a variant of Win32/Agent trojan (deleted) 00000000000000000000000000000000

D:\Soft 9\----008Soft_com\Open.Video.Joiner.v3.0.3.Incl.Keymaker-brd.rar.VIR »RAR »ovideojoiner.exe probably a variant of Win32/Agent trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

D:\Soft 9\----008Soft_com\WinAudio Recorder 2.0.zip Win32/Bagle.IU worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 9\----Fotos panorámicas\A3DStitcher 1.0.zip Win32/Bagle.IU worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 9\----Lavasoft firewall\Lavasoft Personal Firewall 2.0.1023.700 With Crack.zip Win32/Bagle.JU worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 9\----Lavasoft firewall\Lavasoft Personal Firewall 2.0.1023.700.zip Win32/Bagle.JU worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 9\----PDF Go to PDF\Go2PDF 3.01 Serial(1).zip Win32/Bagle.JZ worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 9\----PDF Go to PDF\Go2PDF 3.01 Serial.zip Win32/Bagle.JZ worm (unable to clean - deleted) 00000000000000000000000000000000

D:\Soft 9\----PDF995\Pdf995 Printer Driver 7.9s.zip Win32/Bagle.JZ worm (unable to clean - deleted) 00000000000000000000000000000000

E:\E-mule INCOMING\Alky's_DirectX_10_Compatibility_Libraries_Preview.zip Win32/Bagle.OK worm (unable to clean - deleted) 00000000000000000000000000000000

E:\E-mule INCOMING\FlashBackup_v2.3.rar Win32/Drefir.E worm (deleted) 00000000000000000000000000000000

E:\E-mule INCOMING\FlashBackup_v2.3.rar »RAR »sN75Skc.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

E:\E-mule INCOMING\GTA San Andreas HOT COFFEE MOD v2 (Nudity Unlocker).rar probably a variant of Win32/Agent trojan (deleted) 00000000000000000000000000000000

E:\E-mule INCOMING\GTA San Andreas HOT COFFEE MOD v2 (Nudity Unlocker).rar »RAR »GTA San Andreas HOT COFFEE MOD v2 (Nudity Unlocker)\hot_coffee_v2\sacensor.exe probably a variant of Win32/Agent trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

E:\E-mule INCOMING\MB_Free_Numerology_Dictionary_1.zip Win32/Bagle.HJ worm (unable to clean - deleted) 00000000000000000000000000000000

E:\E-mule INCOMING\Nucleus.Kernel.Outlook.PST.Password.Recovery.v4.02.Incl.Keygen-Lz0.zip multiple infiltrations (deleted) 00000000000000000000000000000000

E:\E-mule INCOMING\Nucleus.Kernel.Outlook.PST.Password.Recovery.v4.02.Incl.Keygen-Lz0.zip »ZIP »Nucleus.Kernel.Outlook.PST.Password.Recovery.v4.02.Incl.Keygen-Lz0/nucprod_kg.exe Win32/TrojanDropper.Delf.XO trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

E:\E-mule INCOMING\Nucleus.Kernel.Outlook.PST.Password.Recovery.v4.02.Incl.Keygen-Lz0.zip »ZIP »Nucleus.Kernel.Outlook.PST.Password.Recovery.v4.02.Incl.Keygen-Lz0/setup-kernel-pst-password-full.exe Win32/TrojanDropper.Delf.XO trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

E:\E-mule INCOMING\Nucleus.Kernel.Outlook.PST.Password.Recovery.v4.02.Incl.Keygen-Lz0.zip »ZIP »Setup.exe Win32/Kapucen.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

E:\E-mule INCOMING\PIC_Simple_Schematics_Obd_To_Any_Microchip.zip a variant of Win32/Kapucen worm (deleted) 00000000000000000000000000000000

E:\E-mule INCOMING\PIC_Simple_Schematics_Obd_To_Any_Microchip.zip »ZIP »Setup.exe a variant of Win32/Kapucen worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

E:\E-mule INCOMING\Power_Monitor_Off_1.zip Win32/Bagle.OM worm (unable to clean - deleted) 00000000000000000000000000000000

E:\E-mule INCOMING\e-Books\El Arte De La Estrategia Trucos Psicologicos Y Alfonso Acero El Septimo Sentido(1).rar Win32/Drefir.E worm (deleted) 00000000000000000000000000000000

E:\E-mule INCOMING\e-Books\El Arte De La Estrategia Trucos Psicologicos Y Alfonso Acero El Septimo Sentido(1).rar »RAR »my3v4Bi.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

E:\E-mule INCOMING\e-Books\El Arte De La Estrategia Trucos Psicologicos Y Alfonso Acero El Septimo Sentido(1).rar »RAR »y4gG5Ve.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

E:\E-mule INCOMING\e-Books\El Arte De La Estrategia Trucos Psicologicos Y Alfonso Acero El Septimo Sentido(1).rar »RAR »hnrn5n1.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

E:\E-mule INCOMING\e-Books\El Arte De La Estrategia Trucos Psicologicos Y Alfonso Acero El Septimo Sentido(1).rar »RAR »mhq0I38.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

E:\E-mule INCOMING\e-Books\El Arte De La Estrategia Trucos Psicologicos Y Alfonso Acero El Septimo Sentido(1).rar »RAR »d2vCnNw.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

E:\E-mule INCOMING\e-Books\El Arte De La Estrategia Trucos Psicologicos Y Alfonso Acero El Septimo Sentido(1).rar »RAR »e7pG46T.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

E:\E-mule INCOMING\Nueva carpeta\Apple DVD Player 3.0.1.zip Win32/Bagle.KD worm (unable to clean - deleted) 00000000000000000000000000000000

E:\E-mule INCOMING\Nueva carpeta\ProTools\Digidesign Music Production Toolkit 48 Track (h20) Updated-Fixed 05-2006.rar Win32/Kapucen.B worm (deleted) 00000000000000000000000000000000

E:\E-mule INCOMING\Nueva carpeta\ProTools\Digidesign Music Production Toolkit 48 Track (h20) Updated-Fixed 05-2006.rar »RAR »setup.exe Win32/Kapucen.B worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

H:\DVD2\IK Multimedia\MAC OS10\IK.Multimedia.Ampeg.SVX.v1.1.VST.AU.RTAS.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS.zip Win32/TrojanDropper.Delf.XO trojan (deleted) 00000000000000000000000000000000

H:\DVD2\IK Multimedia\MAC OS10\IK.Multimedia.Ampeg.SVX.v1.1.VST.AU.RTAS.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS.zip »ZIP »IK.Multimedia.Ampeg.SVX.v1.1.VST.AU.RTAS.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS/KeyGen.exe Win32/TrojanDropper.Delf.XO trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

H:\DVD2\IK Multimedia\MAC OS10\IK.Multimedia.Miroslav.Philharmonik.v1.1.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS.zip Win32/TrojanDropper.Delf.XO trojan (deleted) 00000000000000000000000000000000

H:\DVD2\IK Multimedia\MAC OS10\IK.Multimedia.Miroslav.Philharmonik.v1.1.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS.zip »ZIP »IK.Multimedia.Miroslav.Philharmonik.v1.1.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS/KeyGen.exe Win32/TrojanDropper.Delf.XO trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\ ---DOWN E-MULE WILLY\TEMP WILLY\MAC Programs\IK Multimedia\PlugIns Mac OS X\# ZipZ #\IK.Multimedia.Ampeg.SVX.v1.1.VST.AU.RTAS.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS.zip Win32/TrojanDropper.Delf.XO trojan (deleted) 00000000000000000000000000000000

V:\ ---DOWN E-MULE WILLY\TEMP WILLY\MAC Programs\IK Multimedia\PlugIns Mac OS X\# ZipZ #\IK.Multimedia.Ampeg.SVX.v1.1.VST.AU.RTAS.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS.zip »ZIP »IK.Multimedia.Ampeg.SVX.v1.1.VST.AU.RTAS.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS/KeyGen.exe Win32/TrojanDropper.Delf.XO trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\ ---DOWN E-MULE WILLY\TEMP WILLY\MAC Programs\IK Multimedia\PlugIns Mac OS X\# ZipZ #\IK.Multimedia.Miroslav.Philharmonik.v1.1.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS.zip Win32/TrojanDropper.Delf.XO trojan (deleted) 00000000000000000000000000000000

V:\ ---DOWN E-MULE WILLY\TEMP WILLY\MAC Programs\IK Multimedia\PlugIns Mac OS X\# ZipZ #\IK.Multimedia.Miroslav.Philharmonik.v1.1.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS.zip »ZIP »IK.Multimedia.Miroslav.Philharmonik.v1.1.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS/KeyGen.exe Win32/TrojanDropper.Delf.XO trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\## MP3 MP3 ##\ ----Schematics\Winamp Pro 5.08 full + Plug Ins + DFX 6.4 + KeyGen.rar.VIR Win32/Adware.WildTangent application (deleted) 00000000000000000000000000000000

V:\## MP3 MP3 ##\ ----Schematics\Winamp Pro 5.08 full + Plug Ins + DFX 6.4 + KeyGen.rar.VIR »RAR »Winamp Pro 5.05 full + DFX 6.4 + KeyGen\Plugins_for_Winamp\Plug-ins-WinAmp_A_Knights_Tale_Visualization.exe Win32/Adware.WildTangent application (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\## MP3 MP3 ##\ ----Schematics\Winamp Pro 5.08 full + Plug Ins + DFX 6.4 + KeyGen.rar.VIR »RAR »Winamp Pro 5.05 full + DFX 6.4 + KeyGen\Plugins_for_Winamp\Plug-ins-WinAmp_A_Knights_Tale_Visualization.exe »CAB »backup\1.5.1.26\wcmdmgr.exe Win32/Adware.WildTangent application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\TEMP WILLY\Audio Video Streaming Capture Suite\Applian.Replay.Converter.v2.80-DVT.rar Win32/TrojanDropper.Delf.XO trojan (deleted) 00000000000000000000000000000000

V:\TEMP WILLY\Audio Video Streaming Capture Suite\Applian.Replay.Converter.v2.80-DVT.rar »RAR »Applian.Replay.Converter.v2.80-DVT\DVT\ReplayConverter.exe Win32/TrojanDropper.Delf.XO trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\TEMP WILLY\Audio Video Streaming Capture Suite\Applian.Replay.Converter.v2.80-DVT.rar »RAR »Applian.Replay.Converter.v2.80-DVT\Setup\RCSetup.exe Win32/TrojanDropper.Delf.XO trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\TEMP WILLY\Audio Video Streaming Capture Suite\Replay.Converter.2.10.Incl.kgen.zip a variant of Win32/TrojanDropper.Agent.AWK trojan (unable to clean - deleted) 00000000000000000000000000000000

V:\tmp\## to DVD ##\dOWNLOAD 2\Pro Tools LE Systems on Windows XP and Mac OS X 10.3 (Panther) April 19, 2004\Digidesign Protools LE 6.9 serial keygen.zip a variant of Win32/Agent.VG trojan (deleted) 00000000000000000000000000000000

V:\tmp\## to DVD ##\dOWNLOAD 2\Pro Tools LE Systems on Windows XP and Mac OS X 10.3 (Panther) April 19, 2004\Digidesign Protools LE 6.9 serial keygen.zip »ZIP »Digidesign Protools LE 6.9.exe a variant of Win32/Agent.VG trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar Win32/Drefir.E worm (deleted) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »CPVOdpX.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »F3B8wqk.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »f80S2V0.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »P8NQGJ0.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »FUplr7b.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »wd4hgIM.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »t4VOT1Q.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »d2FV8G5.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »C8yYNGI.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »iW6cE2H.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »jIv3bG5.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »D4RQV07.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »PQPLJ30.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »TMM5XTi.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »m6lL5lx.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »GFJyo25.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »J18cLgb.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »w5qSBTm.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »f2063B0.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »XYwNR8J.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »NIr554h.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »nC7D1Qm.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »Jo182Wm.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »G4Uhm0e.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »e1tTBVX.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »hjMD1Gw.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »soO53VI.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »Er268br.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »MW2LuF7.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »K6Lgqf6.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »j1Cp70x.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »Qy0q7y0.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »XhL13Tb.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »mEt57Ep.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\## to DVD ##\Nueva carpeta\Sotano Beat & El Club del Clan\(((Vgroup.com.ar)))mochin marafioti - la musica de vol 6(mp3-128kbps+covers)by vic2mor.rar »RAR »ih5rqMt.exe Win32/Drefir.E worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\Hirens\UAD.Fairchild.670.Compressor.Emulator.VST updated-fixed 12-2007.rar Win32/Sality.NAE virus (deleted) 00000000000000000000000000000000

V:\tmp\Hirens\UAD.Fairchild.670.Compressor.Emulator.VST updated-fixed 12-2007.rar »RAR »setup.exe Win32/Sality.NAE virus (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

V:\tmp\Hirens\Hiren's BootCD v9.4\Hiren's BootCD From USB Flash Drive (USB Pen Drive)\Carpeta BootCd\BootCD\WinTools\VDefs.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000

Z:\CD\Bias Peak Pro 5\! Bias Peak 5 Pro Serial Number.zip.VIR Win32/Adware.Stud application (deleted) 00000000000000000000000000000000

Z:\CD\Bias Peak Pro 5\! Bias Peak 5 Pro Serial Number.zip.VIR »ZIP »bias peak 5 pro serial number.exe Win32/Adware.Stud application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

Z:\CD\Bias Peak Pro 5\bias peak pro 5 serial number.zip.VIR Win32/Adware.Stud application (deleted) 00000000000000000000000000000000

Z:\CD\Bias Peak Pro 5\bias peak pro 5 serial number.zip.VIR »ZIP »bias peak pro 5 serial number.exe Win32/Adware.Stud application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

Z:\CD\Bias Peak Pro 5\Sn Bias Peak Pro Xt 5(2).zip Win32/Kapucen.B worm (deleted) 00000000000000000000000000000000

Z:\CD\Bias Peak Pro 5\Sn Bias Peak Pro Xt 5(2).zip »ZIP »Setup.exe Win32/Kapucen.B worm (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

Z:\DVD W\BayGenie.eBay.Auction.Sniper.Pro.Edition.v2.8.6.0-HERiTAGE.rar probably a variant of Win32/PSW.Agent trojan (deleted) 00000000000000000000000000000000

Z:\DVD W\BayGenie.eBay.Auction.Sniper.Pro.Edition.v2.8.6.0-HERiTAGE.rar »RAR »Crack\BayGenie.exe probably a variant of Win32/PSW.Agent trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

Z:\Videos yourTube\Numerologia\Decoz Master Numerology Program [email protected] a variant of Win32/TrojanDropper.Agent.AWK trojan (unable to clean - deleted) 00000000000000000000000000000000

Z:\Videos yourTube\Numerologia\Decoz Numerology Master Software v8.0.WinAll.US-EPS.zip.VIR a variant of Win32/TrojanDropper.Agent.AWK trojan (deleted) 00000000000000000000000000000000

Z:\Videos yourTube\Numerologia\Decoz Numerology Master Software v8.0.WinAll.US-EPS.zip.VIR »ZIP »tsrh-decoz8.exe a variant of Win32/TrojanDropper.Agent.AWK trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

Z:\Videos yourTube\Numerologia\MB FREE Numerology Software Pro v1.0 Fixed.WinAll.Incl.KxExYxGxExN-FUTURiTY.zip.VIR a variant of Win32/TrojanDropper.Agent.AWK trojan (deleted) 00000000000000000000000000000000

Z:\Videos yourTube\Numerologia\MB FREE Numerology Software Pro v1.0 Fixed.WinAll.Incl.KxExYxGxExN-FUTURiTY.zip.VIR »ZIP »keygen.exe a variant of Win32/TrojanDropper.Agent.AWK trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

 

 

3-Yesterday I cannot open AdAware2007, Spybot & Search, nor the Avira Free Antivir.

4 - As I told you, coudn´t install any other Antivir.

5-Today I try AdAware2007 again and it opened (a miracle), run an SmartScan and the log summary is this:

 

Scan mode: Smart

Scan time: 00:37:59

Number of objects scanned: 238824

Number of infections found: 66

Critical: 0

Privacy Objects: 66

Infections deleted: 66

Total infections quarantined: 0

Total infections ignored by scanner: 0

 

6-I didn´t reboot. After post this I´ll try to reboot, to see what happens, and I´ll post you the results,

 

Regards

Quique

Share this post


Link to post
Share on other sites

Hi

 

That's just what I thought. You've got Bagle infection there.

 

 

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

 

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

 

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

 

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

 

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.

Should you have any questions, please feel free to ask.

 

Please let us know what you have decided to do in your next post.

Share this post


Link to post
Share on other sites

Hi Blade81:

 

I thought deeply your last post, about a) reformatting and B) try an attemp to elimined the worm, I´ll first choose the second one, leaving the a) as a last source.

 

Of course i´ll need your kind help to do it.

 

Reasons: I have to disks in my PC: ID0=160 Gb (with five partitions) and ID1=200 Gb, (with three partitions) both Seagate. The OS is on the c: partition, and the others used to store data, shared with my son.

I have many programs relative to video, that I´m learning to use, (not a big trouble, but tiresome). I don´t use home banking or other financial data (I never trusted Internet for business).

And here comes a big question: I noticed that some files in the data partitions were infected. So, Reformatting means I have to reformat the two disks or only the C:?

 

Resuming: I´ll try the second option, and will see if the winner is the worm or us.

 

Kindly regards

Quique

Share this post


Link to post
Share on other sites

Ok. Let the battle begin B)

 

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

 

Link 1

Link 2

Link 3

 

CF_download_FF.gif

 

 

CF_download_rename.gif

--------------------------------------------------------------------

 

Double click on Combo-Fix.exe & follow the prompts.

    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

Share this post


Link to post
Share on other sites

Hi Blade 81

 

Here goes the ComboFix report.

The HJT doen´t open. Sorry.

 

ComboFix 08-05-01.3 - Q 2008-05-03 17:18:45.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.343 [GMT -3:00]

Se ejecuta desde: C:\Documents and Settings\Q\Escritorio\Combo-Fix.exe

 

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!

.

 

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\drivers\downld\

C:\WINDOWS\system32\gv1a.dll

C:\WINDOWS\system32\drivers\hldrrr.exe . . . . Fallo al eliminar

C:\WINDOWS\system32\drivers\mdelk.exe . . . . Fallo al eliminar

C:\WINDOWS\system32\drivers\srosa.sys . . . . Fallo al eliminar

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SROSA

 

 

(((((((((((((((((( Archivos creados desde 2008-04-03 - 2008-05-03 )))))))))))))))))))))))))))))))))

.

 

2008-05-03 14:48 . 2008-05-03 14:48 <DIR> d-------- C:\Archivos de programa\Trend Micro

2008-05-03 14:17 . 2008-05-03 14:16 140,288 --a------ C:\vcleaner.exe

2008-05-01 14:55 . 2008-05-01 14:56 <DIR> d-------- C:\Archivos de programa\EsetOnlineScanner

2008-05-01 14:16 . 2008-05-01 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab

2008-04-30 23:04 . 2008-04-30 23:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-04-29 16:34 . 2008-04-29 16:34 <DIR> d-------- C:\Archivos de programa\Panda Security

2008-04-29 14:25 . 2008-04-29 14:25 <DIR> d-------- C:\Archivos de programa\--Caoscope 2

2008-04-29 01:04 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll

2008-04-27 19:27 . 2007-05-30 09:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-04-27 18:46 . 2008-04-27 18:46 <DIR> d-------- C:\Archivos de programa\ChangeIP

2008-04-15 12:59 . 2008-04-15 12:59 <DIR> d-------- C:\Documents and Settings\Q\Datos de programa\Bitmeter2

2008-04-15 12:59 . 2008-04-15 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Bitmeter2

2008-04-15 12:59 . 2008-04-15 12:59 <DIR> d-------- C:\Archivos de programa\Codebox

 

.

(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-03 22:01 70,144 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe

2008-05-03 22:00 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe

2008-03-31 22:18 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-31-2008_19-15-29_4676389.dnp

2008-03-31 22:16 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-31-2008_19-15-29_53989.dnp

2008-03-29 04:53 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-29-2008_1-51-25_2712237.dnp

2008-03-29 04:52 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-29-2008_1-51-25_5693632.dnp

2008-03-28 21:10 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-28-2008_18-7-40_5417407.dnp

2008-03-28 21:08 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-28-2008_18-7-40_4402434.dnp

2008-03-28 20:46 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-28-2008_17-43-30_2752436.dnp

2008-03-28 19:44 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-28-2008_17-43-30_1259127.dnp

2008-03-26 18:09 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item12-3-26-2008_15-7-22_2950104.dnp

2008-03-26 18:00 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item11-3-26-2008_14-58-37_2257289.dnp

2008-03-26 17:59 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item11-3-26-2008_14-58-37_6486630.dnp

2008-03-24 21:10 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item9-3-24-2008_18-9-44_6116300.dnp

2008-03-23 02:24 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item9-3-22-2008_23-21-14_7730764.dnp

2008-03-23 02:22 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item9-3-22-2008_23-21-14_431949.dnp

2008-03-21 05:13 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-21-2008_2-10-53_9211629.dnp

2008-03-21 05:11 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-21-2008_2-10-53_8112910.dnp

2008-03-16 02:52 --------- d-----w C:\Archivos de programa\SpywareBlaster

2008-03-14 22:11 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-14-2008_19-9-5_647362.dnp

2008-03-14 22:10 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-14-2008_19-9-5_6056638.dnp

2008-03-14 21:59 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-14-2008_18-56-45_698454.dnp

2008-03-14 21:57 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-14-2008_18-56-45_2441946.dnp

2008-03-11 02:07 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item7-3-10-2008_23-1-13_7018958.dnp

2008-03-11 02:05 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item7-3-10-2008_23-1-13_7559849.dnp

2008-03-10 19:49 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_16-46-58_7857146.dnp

2008-03-10 19:48 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_16-46-58_7198295.dnp

2008-03-10 06:34 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_3-31-53_8666034.dnp

2008-03-10 06:33 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_3-31-53_9126851.dnp

2008-03-10 05:47 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_2-41-51_4599296.dnp

2008-03-10 05:44 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_2-41-51_1839719.dnp

2008-03-10 05:08 --------- d-----w C:\Archivos de programa\Participatory Culture Foundation

2008-03-10 03:00 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-9-2008_23-58-34_688270.dnp

2008-03-10 02:59 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-9-2008_23-58-34_8297232.dnp

2008-03-10 01:48 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-9-2008_22-46-9_4234764.dnp

2008-03-10 01:46 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-9-2008_22-46-9_3135233.dnp

2008-03-09 21:40 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-9-2008_18-37-13_6181020.dnp

2008-03-09 21:38 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-9-2008_18-37-13_7171592.dnp

2008-03-06 04:33 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-6-2008_1-29-34_5780191.dnp

2008-03-06 04:30 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-6-2008_1-29-34_5276300.dnp

2008-03-04 01:32 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-3-2008_22-30-21_5540560.dnp

2008-03-04 01:31 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-3-2008_22-30-21_9398000.dnp

2008-03-04 01:25 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-3-2008_22-23-53_9451861.dnp

2008-03-04 01:24 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-3-2008_22-23-53_3087734.dnp

2008-03-03 21:40 --------- d-----w C:\Documents and Settings\Q\Datos de programa\PCF-VLC

2008-03-02 05:05 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-2-2008_2-2-43_4086869.dnp

2008-03-02 05:03 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-2-2008_2-2-43_6233788.dnp

2008-02-28 21:06 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_18-6-2_8225210.dnp

2008-02-28 16:44 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_13-42-36_8262898.dnp

2008-02-28 16:43 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_13-42-36_7319144.dnp

2008-02-28 13:17 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_10-14-26_2684948.dnp

2008-02-28 13:15 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_10-14-26_5320856.dnp

2008-02-25 16:18 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-25-2008_13-15-50_9956587.dnp

2008-02-25 16:16 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-25-2008_13-15-50_4428828.dnp

2008-02-19 20:34 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-32-15_8195739.dnp

2008-02-19 20:33 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-32-15_7320670.dnp

2008-02-19 20:27 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-25-13_70114.dnp

2008-02-19 20:26 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-25-13_9882524.dnp

2008-02-19 20:23 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-21-16_8930756.dnp

2008-02-19 20:22 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-21-16_8725175.dnp

2008-02-16 01:50 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-15-2008_22-47-20_1535232.dnp

2008-02-16 01:48 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-15-2008_22-47-20_2248354.dnp

2008-02-11 02:41 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-40-34_7116094.dnp

2008-02-11 02:36 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-33-2_128948.dnp

2008-02-11 02:34 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-33-2_3376306.dnp

2008-02-11 02:31 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-28-12_7051397.dnp

2008-02-11 02:29 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-28-12_7718358.dnp

2008-02-10 13:17 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_10-15-39_2333520.dnp

2008-02-10 13:16 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_10-15-39_8466495.dnp

2008-02-10 06:28 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_3-26-0_1001124.dnp

2008-02-10 06:26 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_3-26-0_7435765.dnp

2008-02-10 01:59 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-9-2008_22-56-55_4445964.dnp

2008-02-10 01:57 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-9-2008_22-56-55_3653725.dnp

2008-02-07 21:38 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-36-33_8029135.dnp

2008-02-07 21:37 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-36-33_1823435.dnp

2008-02-07 21:24 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-23-5_8626408.dnp

2008-02-07 21:23 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-23-5_946295.dnp

2008-02-07 21:19 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-17-7_9472121.dnp

2008-02-07 21:17 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-17-7_1202510.dnp

2008-02-07 20:30 112,296 ----a-w C:\MEMTEST.EXE

2008-02-02 22:18 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-2-2008_19-16-22_7062018.dnp

2008-02-02 22:17 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-2-2008_19-16-22_7767796.dnp

2008-02-01 18:25 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-1-2008_15-23-42_9733073.dnp

2008-02-01 18:24 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-1-2008_15-23-42_3237008.dnp

2008-01-31 03:48 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-31-2008_0-45-45_7627982.dnp

2008-01-31 03:46 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-31-2008_0-45-45_8376163.dnp

2008-01-31 03:40 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-31-2008_0-37-12_9902438.dnp

2008-01-31 03:38 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-31-2008_0-37-12_6306310.dnp

2008-01-29 20:41 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_17-39-47_712095.dnp

2008-01-29 20:40 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_17-39-47_5588690.dnp

2008-01-29 20:35 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_17-32-42_6648826.dnp

2008-01-29 20:34 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_17-32-42_489666.dnp

2008-01-29 19:49 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_16-46-56_1090252.dnp

2008-01-29 19:47 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_16-46-56_6940008.dnp

2008-01-27 01:57 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-26-2008_22-54-43_3278774.dnp

2008-01-27 01:55 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-26-2008_22-54-43_2401285.dnp

2008-01-27 01:49 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-26-2008_22-46-15_1533977.dnp

2008-01-27 01:47 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-26-2008_22-46-15_9533694.dnp

2008-01-25 20:13 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-25-2008_17-10-24_1667600.dnp

2008-01-25 20:11 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-25-2008_17-10-24_9999239.dnp

2005-07-14 18:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll

.

 

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:42 15360]

"SpybotSD TeaTimer"="C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"C:\Archivos de programa\NetMeter\NetMeter.exe"="C:\Archivos de programa\NetMeter\NetMeter.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CpuIdle"="C:\Archivos de programa\CpuIdlePro\cpuidle.exe" [2007-02-14 16:15 1018368]

"MBM 5"="C:\Archivos de programa\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 09:40 594944]

"TkBellExe"="C:\Archivos de programa\Archivos comunes\Real\Update_OB\evntsvc.exe" [2007-03-27 22:49 146432]

"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2007-02-16 00:11 77824]

"RCScheduleCheck"="C:\Program Files\VCOM\Recovery Commander\RCSCHED.exe" [2003-10-21 14:20 151552]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 18:42 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:19 44544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoAutoUpdate"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\ARCHIV~1\DVDREG~1.16\DVDShell.dll [2004-06-08 15:18 49152]

"{a5780613-492e-4a2a-a7fd-549610edf6cc}"= C:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL [2003-07-08 11:53 102400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=apitrap.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

"VIDC.WMV3"= C:\ARCHIV~1\COMBIN~1\Filters\wmv9vcm.dll

"msacm.mpegacm"= mpegacm.acm

"msacm.ulmp3acm"= ulmp3acm.acm

"msacm.dvacm"= C:\ARCHIV~1\ARCHIV~1\ULEADS~1\vio\dvacm.acm

"msacm.avis"= ff_acm.acm

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"OutpostFirewall"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Archivos de programa\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Archivos de programa\\Lavasoft\\Ad-Aware 2007\\LSUpdateManager.exe"=

"C:\\Archivos de programa\\BitComet\\BitComet.exe"=

"C:\\Archivos de programa\\Google\\Google Earth\\googleearth.exe"=

"C:\\Archivos de programa\\eMule\\LinkCreator.exe"=

"C:\\Archivos de programa\\Opera\\Opera.exe"=

"C:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=

"C:\\Archivos de programa\\Outlook Express\\msimn.exe"=

"C:\\Archivos de programa\\FlashGet\\flashget.exe"=

"C:\\Archivos de programa\\Mozilla Thunderbird\\thunderbird.exe"=

"C:\\Archivos de programa\\Spybot - Search & Destroy\\SpybotSD.exe"=

"C:\\Archivos de programa\\SpywareGuard\\sgliveupdate.exe"=

"C:\\Archivos de programa\\WinHTTrack\\WinHTTrack.exe"=

"C:\\Archivos de programa\\101 MP3 Splitter and Joiner\\101 MP3 Splitter and Joiner.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7152:TCP"= 7152:TCP:BitComet 7152 TCP

"7152:UDP"= 7152:UDP:BitComet 7152 UDP

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

 

R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-02-14 16:15]

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12:00]

R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2003-12-29 18:27]

R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"C:\Archivos de programa\Smith Micro\StuffIt11\ArcNameService.exe" [2007-05-01 10:15]

S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 03:46]

S3 I97DRIVER;I97DRIVER;C:\Archivos de programa\VCOM\Fix-It\dgs.sys [2005-05-10 19:45]

S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 14:31]

S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]

S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 10:27]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 18:10]

S3 PCIUtil;PCI Utility;C:\DOCUME~1\Q\CONFIG~1\Temp\PCIUtil.sys []

S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 17:06]

S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-01-08 09:53]

 

*Newly Created Service* - SROSA

.

Contenido de carpeta 'Tareas Programadas'

"2008-04-29 03:51:02 C:\WINDOWS\Tasks\Scheduled Checkpoint.job"

- C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE

"2007-04-07 03:36:28 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~Q-917BDECBD7A94 Q.job"

- C:\Archivos de programa\Copernic Agent\CopernicAgent.exe

"2007-04-07 03:36:28 C:\WINDOWS\Tasks\2 Copernic Daily ~Q-917BDECBD7A94 Q.job"

- C:\Archivos de programa\Copernic Agent\CopernicAgent.exe

"2007-04-07 03:36:28 C:\WINDOWS\Tasks\3 Copernic Weekly ~Q-917BDECBD7A94 Q.job"

- C:\Archivos de programa\Copernic Agent\CopernicAgent.exe

"2007-04-07 03:36:28 C:\WINDOWS\Tasks\4 Copernic Monthly ~Q-917BDECBD7A94 Q.job"

- C:\Archivos de programa\Copernic Agent\CopernicAgent.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-03 17:30:53

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

escaneando procesos ocultos ...

 

escaneando entradas ocultas de autostart ...

 

escaneando archivos ocultos ...

 

el escaneo se completo con exito

archivos ocultos: 0

 

**************************************************************************

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C:\\Archivos de programa\\NetMeter\\NetMeter.exe"="C:\\Archivos de programa\\NetMeter\\NetMeter.exe"

"drvsyskit"="C:\\WINDOWS\\system32\\drivers\\hldrrr.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srosa]

"ImagePath"="\??\C:\WINDOWS\system32\drivers\srosa.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

------------------------ Other Running Processes ------------------------

.

C:\ARCHIVOS DE PROGRAMA\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE

C:\ARCHIVOS DE PROGRAMA\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE

C:\ARCHIVOS DE PROGRAMA\DISKEEPER CORPORATION\DISKEEPER\DKSERVICE.EXE

C:\ARCHIVOS DE PROGRAMA\VCOM\FIX-IT\MXTASK.EXE

C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\ULEAD SYSTEMS\DVD\ULCDRSVR.EXE

C:\ARCHIVOS DE PROGRAMA\VCOM\FIX-IT\MXTASK.EXE

C:\Archivos de programa\Media Key\MagicKey.exe

C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Archivos de programa\Media Key\OSD.EXE

C:\Archivos de programa\Olympus\DeviceDetector\DevDtct2.exe

C:\ARCHIVOS DE PROGRAMA\MICROSOFT OFFICE\OFFICE\3082\MSOFFICE.EXE

C:\Archivos de programa\Codebox\BitMeter\BitMeter2.exe

C:\Archivos de programa\Referencia Microsoft\BookshelfE\QS96E.EXE

C:\Archivos de programa\SpywareGuard\sgmain.exe

C:\Archivos de programa\ProcessTamer\ProcessTamerTray.exe

C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\SGBHP.EXE

.

**************************************************************************

.

Tiempo completado: 2008-05-03 17:34:37 - machine was rebooted

ComboFix2.txt 2007-12-03 03:24:42

ComboFix-quarantined-files.txt 2008-05-03 20:34:34

 

24 dirs 454,008,832 bytes libres

27 dirs 480,157,696 bytes libres

 

268 --- E O F --- 2008-04-26 20:11:53

 

 

++++++++++++

regards

Quique

Share this post


Link to post
Share on other sites

Hi

 

 

Disable Spybot's TeaTimer

  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode

  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
    and OK any prompts.
  • Restart your computer

Open notepad and copy/paste the text in the quotebox below into it:

 

KILLALL::

Driver::
srosa

Files::
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"=-

 

 

Save this as

CFScript

 

 

CFScript.gif

 

Refering to the picture above, drag CFScript into Combo-Fix.exe

Then post the resultant log.

 

 

Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

If that happened we want to know, and also what process you had to end.

 

 

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

 

Double-click ATF Cleaner.exe to open it

 

Under Main choose:

Windows Temp

Current User Temp

All Users Temp

Cookies

Temporary Internet Files

Prefetch

Java Cache

*The other boxes are optional*

Then click the Empty Selected button.

 

If you use Firefox:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

 

If you use Opera:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

 

Click Exit on the Main menu to close the program.

 

 

Please run an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, click Yes.

  • The program will launch and start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings and select the following:

Scan using the following Anti-Virus database
:

  • Extended (If available, otherwise Standard)

Scan Options
:

  • Scan Archives
  • Scan Mail Bases

  • Click OK.
  • Under
    select a target to scan
    , select My Computer.
  • The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

Once the scan is complete:

  • Click on the Save as Text button.
  • Save the file to your desktop.
  • Copy and paste that information into your next post if the AV content will fit into one post only. Don't forget to post above meantioned ComboFix resultant log.

Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

 

If having a problme doing the above

 

Make sure that your Internet security settings are set to default values.

 

To set default security settings for Internet Explorer:

 

* Open Internet Explorer.

* Go to the Tools menu, then choose Internet Options.

* Click on the Security tab.

* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.

Share this post


Link to post
Share on other sites

Hi Blade81:

refered to your last post:

 

1) `Spybot S&D doesn´t open.

 

2) I run de Conbo-Fix with the CFScript and this the report

 

ComboFix 08-05-01.3 - Q 2008-05-04 17:22:16.3 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.728 [GMT -3:00]

Se ejecuta desde: C:\Documents and Settings\Q\Escritorio\Combo-Fix.exe

Command switches used :: C:\Documents and Settings\Q\Escritorio\CFScript.txt

* Creado un nuevo punto de restauración

 

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!

.

 

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\drivers\downld\

C:\WINDOWS\system32\drivers\hldrrr.exe . . . . Fallo al eliminar

C:\WINDOWS\system32\drivers\mdelk.exe . . . . Fallo al eliminar

C:\WINDOWS\system32\drivers\srosa.sys . . . . Fallo al eliminar

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SROSA

 

 

(((((((((((((((((( Archivos creados desde 2008-04-04 - 2008-05-04 )))))))))))))))))))))))))))))))))

.

 

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\Willy\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\Q\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\Pepe\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\LocalService\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\Administrador\Configuración local

2008-05-03 14:48 . 2008-05-03 14:48 <DIR> d-------- C:\Archivos de programa\Trend Micro

2008-05-03 14:17 . 2008-05-03 14:16 140,288 --a------ C:\vcleaner.exe

2008-05-01 14:55 . 2008-05-01 14:56 <DIR> d-------- C:\Archivos de programa\EsetOnlineScanner

2008-05-01 14:16 . 2008-05-01 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab

2008-04-30 23:04 . 2008-04-30 23:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-04-29 16:34 . 2008-04-29 16:34 <DIR> d-------- C:\Archivos de programa\Panda Security

2008-04-29 14:25 . 2008-04-29 14:25 <DIR> d-------- C:\Archivos de programa\--Caoscope 2

2008-04-29 01:04 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll

2008-04-27 19:27 . 2007-05-30 09:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-04-27 18:46 . 2008-04-27 18:46 <DIR> d-------- C:\Archivos de programa\ChangeIP

2008-04-15 12:59 . 2008-04-15 12:59 <DIR> d-------- C:\Documents and Settings\Q\Datos de programa\Bitmeter2

2008-04-15 12:59 . 2008-04-15 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Bitmeter2

2008-04-15 12:59 . 2008-04-15 12:59 <DIR> d-------- C:\Archivos de programa\Codebox

 

.

(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-03 22:01 70,144 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe

2008-05-03 22:00 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe

2008-03-31 22:18 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-31-2008_19-15-29_4676389.dnp

2008-03-31 22:16 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-31-2008_19-15-29_53989.dnp

2008-03-29 04:53 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-29-2008_1-51-25_2712237.dnp

2008-03-29 04:52 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-29-2008_1-51-25_5693632.dnp

2008-03-28 21:10 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-28-2008_18-7-40_5417407.dnp

2008-03-28 21:08 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-28-2008_18-7-40_4402434.dnp

2008-03-28 20:46 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-28-2008_17-43-30_2752436.dnp

2008-03-28 19:44 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-28-2008_17-43-30_1259127.dnp

2008-03-26 18:09 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item12-3-26-2008_15-7-22_2950104.dnp

2008-03-26 18:00 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item11-3-26-2008_14-58-37_2257289.dnp

2008-03-26 17:59 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item11-3-26-2008_14-58-37_6486630.dnp

2008-03-24 21:10 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item9-3-24-2008_18-9-44_6116300.dnp

2008-03-23 02:24 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item9-3-22-2008_23-21-14_7730764.dnp

2008-03-23 02:22 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item9-3-22-2008_23-21-14_431949.dnp

2008-03-21 05:13 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-21-2008_2-10-53_9211629.dnp

2008-03-21 05:11 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-21-2008_2-10-53_8112910.dnp

2008-03-16 02:52 --------- d-----w C:\Archivos de programa\SpywareBlaster

2008-03-14 22:11 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-14-2008_19-9-5_647362.dnp

2008-03-14 22:10 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-14-2008_19-9-5_6056638.dnp

2008-03-14 21:59 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-14-2008_18-56-45_698454.dnp

2008-03-14 21:57 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-14-2008_18-56-45_2441946.dnp

2008-03-11 02:07 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item7-3-10-2008_23-1-13_7018958.dnp

2008-03-11 02:05 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item7-3-10-2008_23-1-13_7559849.dnp

2008-03-10 19:49 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_16-46-58_7857146.dnp

2008-03-10 19:48 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_16-46-58_7198295.dnp

2008-03-10 06:34 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_3-31-53_8666034.dnp

2008-03-10 06:33 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_3-31-53_9126851.dnp

2008-03-10 05:47 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_2-41-51_4599296.dnp

2008-03-10 05:44 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_2-41-51_1839719.dnp

2008-03-10 05:08 --------- d-----w C:\Archivos de programa\Participatory Culture Foundation

2008-03-10 03:00 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-9-2008_23-58-34_688270.dnp

2008-03-10 02:59 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-9-2008_23-58-34_8297232.dnp

2008-03-10 01:48 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-9-2008_22-46-9_4234764.dnp

2008-03-10 01:46 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-9-2008_22-46-9_3135233.dnp

2008-03-09 21:40 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-9-2008_18-37-13_6181020.dnp

2008-03-09 21:38 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-9-2008_18-37-13_7171592.dnp

2008-03-06 04:33 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-6-2008_1-29-34_5780191.dnp

2008-03-06 04:30 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-6-2008_1-29-34_5276300.dnp

2008-03-04 01:32 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-3-2008_22-30-21_5540560.dnp

2008-03-04 01:31 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-3-2008_22-30-21_9398000.dnp

2008-03-04 01:25 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-3-2008_22-23-53_9451861.dnp

2008-03-04 01:24 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-3-2008_22-23-53_3087734.dnp

2008-03-02 05:05 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-2-2008_2-2-43_4086869.dnp

2008-03-02 05:03 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-2-2008_2-2-43_6233788.dnp

2008-02-28 21:06 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_18-6-2_8225210.dnp

2008-02-28 16:44 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_13-42-36_8262898.dnp

2008-02-28 16:43 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_13-42-36_7319144.dnp

2008-02-28 13:17 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_10-14-26_2684948.dnp

2008-02-28 13:15 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_10-14-26_5320856.dnp

2008-02-25 16:18 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-25-2008_13-15-50_9956587.dnp

2008-02-25 16:16 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-25-2008_13-15-50_4428828.dnp

2008-02-19 20:34 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-32-15_8195739.dnp

2008-02-19 20:33 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-32-15_7320670.dnp

2008-02-19 20:27 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-25-13_70114.dnp

2008-02-19 20:26 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-25-13_9882524.dnp

2008-02-19 20:23 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-21-16_8930756.dnp

2008-02-19 20:22 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-21-16_8725175.dnp

2008-02-16 01:50 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-15-2008_22-47-20_1535232.dnp

2008-02-16 01:48 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-15-2008_22-47-20_2248354.dnp

2008-02-11 02:41 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-40-34_7116094.dnp

2008-02-11 02:36 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-33-2_128948.dnp

2008-02-11 02:34 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-33-2_3376306.dnp

2008-02-11 02:31 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-28-12_7051397.dnp

2008-02-11 02:29 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-28-12_7718358.dnp

2008-02-10 13:17 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_10-15-39_2333520.dnp

2008-02-10 13:16 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_10-15-39_8466495.dnp

2008-02-10 06:28 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_3-26-0_1001124.dnp

2008-02-10 06:26 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_3-26-0_7435765.dnp

2008-02-10 01:59 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-9-2008_22-56-55_4445964.dnp

2008-02-10 01:57 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-9-2008_22-56-55_3653725.dnp

2008-02-07 21:38 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-36-33_8029135.dnp

2008-02-07 21:37 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-36-33_1823435.dnp

2008-02-07 21:24 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-23-5_8626408.dnp

2008-02-07 21:23 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-23-5_946295.dnp

2008-02-07 21:19 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-17-7_9472121.dnp

2008-02-07 21:17 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-17-7_1202510.dnp

2008-02-07 20:30 112,296 ----a-w C:\MEMTEST.EXE

2008-02-02 22:18 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-2-2008_19-16-22_7062018.dnp

2008-02-02 22:17 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-2-2008_19-16-22_7767796.dnp

2008-02-01 18:25 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-1-2008_15-23-42_9733073.dnp

2008-02-01 18:24 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-1-2008_15-23-42_3237008.dnp

2008-01-31 03:48 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-31-2008_0-45-45_7627982.dnp

2008-01-31 03:46 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-31-2008_0-45-45_8376163.dnp

2008-01-31 03:40 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-31-2008_0-37-12_9902438.dnp

2008-01-31 03:38 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-31-2008_0-37-12_6306310.dnp

2008-01-29 20:41 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_17-39-47_712095.dnp

2008-01-29 20:40 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_17-39-47_5588690.dnp

2008-01-29 20:35 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_17-32-42_6648826.dnp

2008-01-29 20:34 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_17-32-42_489666.dnp

2008-01-29 19:49 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_16-46-56_1090252.dnp

2008-01-29 19:47 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_16-46-56_6940008.dnp

2008-01-27 01:57 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-26-2008_22-54-43_3278774.dnp

2008-01-27 01:55 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-26-2008_22-54-43_2401285.dnp

2008-01-27 01:49 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-26-2008_22-46-15_1533977.dnp

2008-01-27 01:47 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-26-2008_22-46-15_9533694.dnp

2008-01-25 20:13 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-25-2008_17-10-24_1667600.dnp

2008-01-25 20:11 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-25-2008_17-10-24_9999239.dnp

2008-01-25 20:03 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-25-2008_17-0-57_9419820.dnp

2005-07-14 18:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll

.

 

((((((((((((((((((((((((((((( [email protected]_17.32.49.42 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-03 20:30:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-04 20:25:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-05-03 17:51:30 1,744 ----a-w C:\WINDOWS\system32\d3d9caps.dat

+ 2008-05-03 20:37:20 1,744 ----a-w C:\WINDOWS\system32\d3d9caps.dat

+ 2008-05-04 20:25:44 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_344.dat

.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:42 15360]

"SpybotSD TeaTimer"="C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"C:\Archivos de programa\NetMeter\NetMeter.exe"="C:\Archivos de programa\NetMeter\NetMeter.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CpuIdle"="C:\Archivos de programa\CpuIdlePro\cpuidle.exe" [2007-02-14 16:15 1018368]

"MBM 5"="C:\Archivos de programa\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 09:40 594944]

"TkBellExe"="C:\Archivos de programa\Archivos comunes\Real\Update_OB\evntsvc.exe" [2007-03-27 22:49 146432]

"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2007-02-16 00:11 77824]

"RCScheduleCheck"="C:\Program Files\VCOM\Recovery Commander\RCSCHED.exe" [2003-10-21 14:20 151552]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 18:42 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:19 44544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoAutoUpdate"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\ARCHIV~1\DVDREG~1.16\DVDShell.dll [2004-06-08 15:18 49152]

"{a5780613-492e-4a2a-a7fd-549610edf6cc}"= C:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL [2003-07-08 11:53 102400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=apitrap.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

"VIDC.WMV3"= C:\ARCHIV~1\COMBIN~1\Filters\wmv9vcm.dll

"msacm.mpegacm"= mpegacm.acm

"msacm.ulmp3acm"= ulmp3acm.acm

"msacm.dvacm"= C:\ARCHIV~1\ARCHIV~1\ULEADS~1\vio\dvacm.acm

"msacm.avis"= ff_acm.acm

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"OutpostFirewall"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Archivos de programa\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Archivos de programa\\Lavasoft\\Ad-Aware 2007\\LSUpdateManager.exe"=

"C:\\Archivos de programa\\BitComet\\BitComet.exe"=

"C:\\Archivos de programa\\Google\\Google Earth\\googleearth.exe"=

"C:\\Archivos de programa\\eMule\\LinkCreator.exe"=

"C:\\Archivos de programa\\Opera\\Opera.exe"=

"C:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=

"C:\\Archivos de programa\\Outlook Express\\msimn.exe"=

"C:\\Archivos de programa\\FlashGet\\flashget.exe"=

"C:\\Archivos de programa\\Mozilla Thunderbird\\thunderbird.exe"=

"C:\\Archivos de programa\\Spybot - Search & Destroy\\SpybotSD.exe"=

"C:\\Archivos de programa\\SpywareGuard\\sgliveupdate.exe"=

"C:\\Archivos de programa\\WinHTTrack\\WinHTTrack.exe"=

"C:\\Archivos de programa\\101 MP3 Splitter and Joiner\\101 MP3 Splitter and Joiner.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7152:TCP"= 7152:TCP:BitComet 7152 TCP

"7152:UDP"= 7152:UDP:BitComet 7152 UDP

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

 

R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-02-14 16:15]

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12:00]

R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2003-12-29 18:27]

R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"C:\Archivos de programa\Smith Micro\StuffIt11\ArcNameService.exe" [2007-05-01 10:15]

S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 03:46]

S3 I97DRIVER;I97DRIVER;C:\Archivos de programa\VCOM\Fix-It\dgs.sys [2005-05-10 19:45]

S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 14:31]

S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]

S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 10:27]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 18:10]

S3 PCIUtil;PCI Utility;C:\DOCUME~1\Q\CONFIG~1\Temp\PCIUtil.sys []

S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 17:06]

S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-01-08 09:53]

 

*Newly Created Service* - SROSA

.

Contenido de carpeta 'Tareas Programadas'

"2008-04-29 03:51:02 C:\WINDOWS\Tasks\Scheduled Checkpoint.job"

- C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE

"2007-04-07 03:36:28 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~Q-917BDECBD7A94 Q.job"

- C:\Archivos de programa\Copernic Agent\CopernicAgent.exe

"2007-04-07 03:36:28 C:\WINDOWS\Tasks\2 Copernic Daily ~Q-917BDECBD7A94 Q.job"

- C:\Archivos de programa\Copernic Agent\CopernicAgent.exe

"2007-04-07 03:36:28 C:\WINDOWS\Tasks\3 Copernic Weekly ~Q-917BDECBD7A94 Q.job"

- C:\Archivos de programa\Copernic Agent\CopernicAgent.exe

"2007-04-07 03:36:28 C:\WINDOWS\Tasks\4 Copernic Monthly ~Q-917BDECBD7A94 Q.job"

- C:\Archivos de programa\Copernic Agent\CopernicAgent.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-04 17:26:05

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

escaneando procesos ocultos ...

 

escaneando entradas ocultas de autostart ...

 

escaneando archivos ocultos ...

 

el escaneo se completo con exito

archivos ocultos: 0

 

**************************************************************************

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C:\\Archivos de programa\\NetMeter\\NetMeter.exe"="C:\\Archivos de programa\\NetMeter\\NetMeter.exe"

"drvsyskit"="C:\\WINDOWS\\system32\\drivers\\hldrrr.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srosa]

"ImagePath"="\??\C:\WINDOWS\system32\drivers\srosa.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

------------------------ Other Running Processes ------------------------

.

C:\ARCHIVOS DE PROGRAMA\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE

C:\ARCHIVOS DE PROGRAMA\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE

C:\ARCHIVOS DE PROGRAMA\DISKEEPER CORPORATION\DISKEEPER\DKSERVICE.EXE

C:\ARCHIVOS DE PROGRAMA\VCOM\FIX-IT\MXTASK.EXE

C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\ULEAD SYSTEMS\DVD\ULCDRSVR.EXE

C:\Archivos de programa\Media Key\MagicKey.exe

C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Archivos de programa\Media Key\OSD.EXE

C:\Archivos de programa\Olympus\DeviceDetector\DevDtct2.exe

C:\ARCHIVOS DE PROGRAMA\MICROSOFT OFFICE\OFFICE\3082\MSOFFICE.EXE

C:\Archivos de programa\Codebox\BitMeter\BitMeter2.exe

C:\ARCHIVOS DE PROGRAMA\VCOM\FIX-IT\MXTASK.EXE

C:\Archivos de programa\Referencia Microsoft\BookshelfE\QS96E.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Archivos de programa\SpywareGuard\sgmain.exe

C:\Archivos de programa\ProcessTamer\ProcessTamerTray.exe

C:\ARCHIVOS DE PROGRAMA\SPYWAREGUARD\SGBHP.EXE

.

**************************************************************************

.

Tiempo completado: 2008-05-04 17:28:54 - machine was rebooted

ComboFix3.txt 2007-12-03 03:24:42

ComboFix-quarantined-files.txt 2008-05-04 20:28:50

ComboFix2.txt 2008-05-03 20:34:40

 

24 dirs 402,661,376 bytes libres

27 dirs 386,842,624 bytes libres

 

286 --- E O F --- 2008-04-26 20:11:53

 

 

+++++++++

 

3) Run ATF cleaner, Ok.

 

4) Run Kaspersky On line and it freezed after a few hours.

 

5) Run Kaspersky On line again, but seaching on critical areas and this was the report

 

KASPERSKY ONLINE SCANNER REPORT

Monday, May 05, 2008 2:37:05 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 4/05/2008

Kaspersky Anti-Virus database records: 739760

 

 

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

 

Scan Target Critical Areas

C:\WINDOWS

C:\DOCUME~1\Q\CONFIG~1\Temp\

 

Scan Statistics

Total number of scanned objects 14567

Number of viruses found 1

Number of infected objects 1

Number of suspicious objects 0

Duration of the scan process 02:02:44

 

Infected Object Name Virus Name Last Action

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

 

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

 

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

 

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

 

C:\WINDOWS\system32\config\SAM Object is locked skipped

 

C:\WINDOWS\system32\drivers\etc\hosts.msn Infected: Trojan.Win32.Qhost.hi skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

 

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

 

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

 

C:\WINDOWS\system32\h323log.txt Object is locked skipped

 

C:\WINDOWS\TEMP\Perflib_Perfdata_344.dat Object is locked skipped

 

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

 

C:\WINDOWS\Sti_Trace.log Object is locked skipped

 

C:\WINDOWS\wiaservc.log Object is locked skipped

 

C:\WINDOWS\wiadebug.log Object is locked skipped

 

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

 

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

 

C:\DOCUME~1\Q\CONFIG~1\Temp\Acr167.tmp Object is locked skipped

 

C:\DOCUME~1\Q\CONFIG~1\Temp\lilo2 Object is locked skipped

 

C:\DOCUME~1\Q\CONFIG~1\Temp\lilo3 Object is locked skipped

 

C:\DOCUME~1\Q\CONFIG~1\Temp\Adobelm_Cleanup.0001.dir.0000\~efe2.tmp Object is locked skipped

 

C:\DOCUME~1\Q\CONFIG~1\Temp\Adobelm_Cleanup.0001.dir.0001\~efe2.tmp Object is locked skipped

 

C:\DOCUME~1\Q\CONFIG~1\Temp\~DFE939.tmp Object is locked skipped

 

C:\DOCUME~1\Q\CONFIG~1\Temp\~DFF932.tmp Object is locked skipped

 

C:\DOCUME~1\Q\CONFIG~1\Temp\Perflib_Perfdata_2a8.dat Object is locked skipped

 

Scan process completed.

 

++++++++++++++++++++++++

 

6) I´m running again Kaspersky On line, My Computer full scan, and after 22 hours it scanned a 18 %, found 16 virus, 107 infected objects, and (I think) it´s VERY slow. What can I do?

 

Regards

Quique

Share this post


Link to post
Share on other sites

Hi

 

I assume you ran ATF Cleaner as instructed. Have you defragged hard drive lately? Doing so may increase scanning speed.

 

Something is preventing ComboFix from removing Bagle files. Let's see if we can found the culprit.

 

Download GMER and save it your desktop:

  • Extract it to your desktop and double-click GMER.exe
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.

Share this post


Link to post
Share on other sites

HI

 

Problem!

 

When I double click over gmer.exe appear the message:

 

CreateFile¨C:\WINDOWS\gamer.dll¨ The system can´t find the specified file (El sistema no puede hallar el archivo especificado).

 

What it means?

 

Quique

Share this post


Link to post
Share on other sites

Does GMER stop scanning to that message or is it still running?

Share this post


Link to post
Share on other sites

When I double click on gmer.exe, appears that message and nothing more. I mean it don´t run.

 

browsing to gmer.net > FAQ , I rename gmer.exe to test.exe, and appeared the same message.

 

Looking in WINDOWS dir, it don´nt show gmer.dll nor gmer.sys. B)

 

I´m beginning to worry!!!

 

regards

Quique

Share this post


Link to post
Share on other sites

Infection may prevent GMER from running. Let's see if this runs.

 

Download RootkitRevealer.zip

  • Create a new folder RKR to your drive C, C:\
  • Extract RootkitRevealer.zip into C:\RKR folder.
  • Open C:\RKR folder and double-click on RootkitRevealer.exe file
  • Click Scan and wait until scanning is finished.
  • ATTENTION! Don't use your computer while scanning is in progress.
  • When scanning has completed, click File (upper side of window)
  • Then click Save
  • Save RootkitRevealer log to your desktop

Send RootkitRevealer's log in your reply.

Share this post


Link to post
Share on other sites

Hi Blade81:

 

I follow your instructions to run RevealRookit and the result of a partial scan that I send as attachment, because I can´t paste it. :(

 

Afterwards I run it again and end the scanning an d found 5082 discrepancies, BUT I can´t save it because it refuses to do so.

 

What comes next?

 

Regards Quique

Share this post


Link to post
Share on other sites

Hi

 

Let's run ComboFix again with following script

 

Open notepad and copy/paste the text in the quotebox below into it:

 

KILLALL::

Driver::
srosa

File::
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe

Rootkit::
C:\WINDOWS\system32\drivers\srosa.sys

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"=-

 

 

Save this as

CFScript

 

 

CFScript.gif

 

Refering to the picture above, drag CFScript into Combo-Fix.exe

Then post the resultant log.

 

 

Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

If that happened we want to know, and also what process you had to end.

Share this post


Link to post
Share on other sites

HI Blade:

 

Running ComboFix it doen´nt appear any of the four prcesses you mentioned, and it run in less than 10 minutes.

 

Here goes the report:

 

ComboFix 08-05-01.3 - Q 2008-05-08 12:29:40.4 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.697 [GMT -3:00]

Se ejecuta desde: C:\Documents and Settings\Q\Escritorio\Combo-Fix.exe

Command switches used :: C:\Documents and Settings\Q\Escritorio\CFScript.txt

* Creado un nuevo punto de restauración

 

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!

 

FILE ::

C:\WINDOWS\system32\drivers\hldrrr.exe

C:\WINDOWS\system32\drivers\mdelk.exe

.

 

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\drivers\downld\

C:\WINDOWS\system32\drivers\hldrrr.exe . . . . Fallo al eliminar

C:\WINDOWS\system32\drivers\mdelk.exe . . . . Fallo al eliminar

C:\WINDOWS\system32\drivers\srosa.sys . . . . Fallo al eliminar

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SROSA

 

 

(((((((((((((((((( Archivos creados desde 2008-04-08 - 2008-05-08 )))))))))))))))))))))))))))))))))

.

 

2008-05-06 16:54 . 2008-05-06 16:54 <DIR> d-------- C:\RKR

2008-05-06 15:32 . 2008-05-06 15:32 244 --ah----- C:\sqmnoopt11.sqm

2008-05-06 15:32 . 2008-05-06 15:32 232 --ah----- C:\sqmdata11.sqm

2008-05-06 15:31 . 2008-05-06 15:31 244 --ah----- C:\sqmnoopt10.sqm

2008-05-06 15:31 . 2008-05-06 15:31 232 --ah----- C:\sqmdata10.sqm

2008-05-05 19:41 . 2008-05-05 19:41 244 --ah----- C:\sqmnoopt09.sqm

2008-05-05 19:41 . 2008-05-05 19:41 232 --ah----- C:\sqmdata09.sqm

2008-05-05 19:39 . 2008-05-05 19:39 244 --ah----- C:\sqmnoopt08.sqm

2008-05-05 19:39 . 2008-05-05 19:39 232 --ah----- C:\sqmdata08.sqm

2008-05-05 19:29 . 2008-05-05 19:29 244 --ah----- C:\sqmnoopt07.sqm

2008-05-05 19:29 . 2008-05-05 19:29 232 --ah----- C:\sqmdata07.sqm

2008-05-05 15:08 . 2008-05-05 15:08 244 --ah----- C:\sqmnoopt06.sqm

2008-05-05 15:08 . 2008-05-05 15:08 232 --ah----- C:\sqmdata06.sqm

2008-05-05 13:41 . 2008-05-05 13:41 244 --ah----- C:\sqmnoopt05.sqm

2008-05-05 13:41 . 2008-05-05 13:41 232 --ah----- C:\sqmdata05.sqm

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\Willy\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\Q\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\Pepe\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\LocalService\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\Administrador\Configuración local

2008-05-03 14:48 . 2008-05-03 14:48 <DIR> d-------- C:\Archivos de programa\Trend Micro

2008-05-03 14:17 . 2008-05-03 14:16 140,288 --a------ C:\vcleaner.exe

2008-05-01 14:55 . 2008-05-01 14:56 <DIR> d-------- C:\Archivos de programa\EsetOnlineScanner

2008-05-01 14:16 . 2008-05-01 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab

2008-04-30 23:04 . 2008-04-30 23:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-04-29 16:34 . 2008-04-29 16:34 <DIR> d-------- C:\Archivos de programa\Panda Security

2008-04-29 14:25 . 2008-04-29 14:25 <DIR> d-------- C:\Archivos de programa\--Caoscope 2

2008-04-29 01:04 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll

2008-04-27 19:27 . 2007-05-30 09:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-04-27 18:46 . 2008-04-27 18:46 <DIR> d-------- C:\Archivos de programa\ChangeIP

2008-04-15 12:59 . 2008-04-15 12:59 <DIR> d-------- C:\Documents and Settings\Q\Datos de programa\Bitmeter2

2008-04-15 12:59 . 2008-04-15 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Bitmeter2

2008-04-15 12:59 . 2008-04-15 12:59 <DIR> d-------- C:\Archivos de programa\Codebox

 

.

(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-07 02:45 70,144 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe

2008-05-07 02:45 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe

2008-03-31 22:18 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-31-2008_19-15-29_4676389.dnp

2008-03-31 22:16 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-31-2008_19-15-29_53989.dnp

2008-03-29 04:53 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-29-2008_1-51-25_2712237.dnp

2008-03-29 04:52 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-29-2008_1-51-25_5693632.dnp

2008-03-28 21:10 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-28-2008_18-7-40_5417407.dnp

2008-03-28 21:08 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-28-2008_18-7-40_4402434.dnp

2008-03-28 20:46 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-28-2008_17-43-30_2752436.dnp

2008-03-28 19:44 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-28-2008_17-43-30_1259127.dnp

2008-03-26 18:09 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item12-3-26-2008_15-7-22_2950104.dnp

2008-03-26 18:00 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item11-3-26-2008_14-58-37_2257289.dnp

2008-03-26 17:59 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item11-3-26-2008_14-58-37_6486630.dnp

2008-03-24 21:10 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item9-3-24-2008_18-9-44_6116300.dnp

2008-03-23 02:24 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item9-3-22-2008_23-21-14_7730764.dnp

2008-03-23 02:22 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item9-3-22-2008_23-21-14_431949.dnp

2008-03-21 05:13 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-21-2008_2-10-53_9211629.dnp

2008-03-21 05:11 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-21-2008_2-10-53_8112910.dnp

2008-03-16 02:52 --------- d-----w C:\Archivos de programa\SpywareBlaster

2008-03-14 22:11 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-14-2008_19-9-5_647362.dnp

2008-03-14 22:10 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-14-2008_19-9-5_6056638.dnp

2008-03-14 21:59 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-14-2008_18-56-45_698454.dnp

2008-03-14 21:57 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-14-2008_18-56-45_2441946.dnp

2008-03-11 02:07 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item7-3-10-2008_23-1-13_7018958.dnp

2008-03-11 02:05 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item7-3-10-2008_23-1-13_7559849.dnp

2008-03-10 19:49 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_16-46-58_7857146.dnp

2008-03-10 19:48 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_16-46-58_7198295.dnp

2008-03-10 06:34 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_3-31-53_8666034.dnp

2008-03-10 06:33 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_3-31-53_9126851.dnp

2008-03-10 05:47 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_2-41-51_4599296.dnp

2008-03-10 05:44 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_2-41-51_1839719.dnp

2008-03-10 05:08 --------- d-----w C:\Archivos de programa\Participatory Culture Foundation

2008-03-10 03:00 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-9-2008_23-58-34_688270.dnp

2008-03-10 02:59 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-9-2008_23-58-34_8297232.dnp

2008-03-10 01:48 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-9-2008_22-46-9_4234764.dnp

2008-03-10 01:46 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-9-2008_22-46-9_3135233.dnp

2008-03-09 21:40 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-9-2008_18-37-13_6181020.dnp

2008-03-09 21:38 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-9-2008_18-37-13_7171592.dnp

2008-03-06 04:33 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-6-2008_1-29-34_5780191.dnp

2008-03-06 04:30 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-6-2008_1-29-34_5276300.dnp

2008-03-04 01:32 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-3-2008_22-30-21_5540560.dnp

2008-03-04 01:31 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-3-2008_22-30-21_9398000.dnp

2008-03-04 01:25 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-3-2008_22-23-53_9451861.dnp

2008-03-04 01:24 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-3-2008_22-23-53_3087734.dnp

2008-03-02 05:05 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-2-2008_2-2-43_4086869.dnp

2008-03-02 05:03 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-2-2008_2-2-43_6233788.dnp

2008-02-28 21:06 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_18-6-2_8225210.dnp

2008-02-28 16:44 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_13-42-36_8262898.dnp

2008-02-28 16:43 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_13-42-36_7319144.dnp

2008-02-28 13:17 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_10-14-26_2684948.dnp

2008-02-28 13:15 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_10-14-26_5320856.dnp

2008-02-25 16:18 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-25-2008_13-15-50_9956587.dnp

2008-02-25 16:16 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-25-2008_13-15-50_4428828.dnp

2008-02-19 20:34 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-32-15_8195739.dnp

2008-02-19 20:33 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-32-15_7320670.dnp

2008-02-19 20:27 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-25-13_70114.dnp

2008-02-19 20:26 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-25-13_9882524.dnp

2008-02-19 20:23 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-21-16_8930756.dnp

2008-02-19 20:22 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-21-16_8725175.dnp

2008-02-16 01:50 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-15-2008_22-47-20_1535232.dnp

2008-02-16 01:48 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-15-2008_22-47-20_2248354.dnp

2008-02-11 02:41 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-40-34_7116094.dnp

2008-02-11 02:36 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-33-2_128948.dnp

2008-02-11 02:34 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-33-2_3376306.dnp

2008-02-11 02:31 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-28-12_7051397.dnp

2008-02-11 02:29 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-28-12_7718358.dnp

2008-02-10 13:17 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_10-15-39_2333520.dnp

2008-02-10 13:16 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_10-15-39_8466495.dnp

2008-02-10 06:28 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_3-26-0_1001124.dnp

2008-02-10 06:26 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_3-26-0_7435765.dnp

2008-02-10 01:59 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-9-2008_22-56-55_4445964.dnp

2008-02-10 01:57 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-9-2008_22-56-55_3653725.dnp

2008-02-07 21:38 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-36-33_8029135.dnp

2008-02-07 21:37 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-36-33_1823435.dnp

2008-02-07 21:24 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-23-5_8626408.dnp

2008-02-07 21:23 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-23-5_946295.dnp

2008-02-07 21:19 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-17-7_9472121.dnp

2008-02-07 21:17 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-17-7_1202510.dnp

2008-02-02 22:18 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-2-2008_19-16-22_7062018.dnp

2008-02-02 22:17 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-2-2008_19-16-22_7767796.dnp

2008-02-01 18:25 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-1-2008_15-23-42_9733073.dnp

2008-02-01 18:24 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-1-2008_15-23-42_3237008.dnp

2008-01-31 03:48 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-31-2008_0-45-45_7627982.dnp

2008-01-31 03:46 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-31-2008_0-45-45_8376163.dnp

2008-01-31 03:40 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-31-2008_0-37-12_9902438.dnp

2008-01-31 03:38 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-31-2008_0-37-12_6306310.dnp

2008-01-29 20:41 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_17-39-47_712095.dnp

2008-01-29 20:40 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_17-39-47_5588690.dnp

2008-01-29 20:35 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_17-32-42_6648826.dnp

2008-01-29 20:34 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_17-32-42_489666.dnp

2008-01-29 19:49 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_16-46-56_1090252.dnp

2008-01-29 19:47 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_16-46-56_6940008.dnp

2008-01-27 01:57 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-26-2008_22-54-43_3278774.dnp

2008-01-27 01:55 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-26-2008_22-54-43_2401285.dnp

2008-01-27 01:49 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-26-2008_22-46-15_1533977.dnp

2008-01-27 01:47 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-26-2008_22-46-15_9533694.dnp

2008-01-25 20:13 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-25-2008_17-10-24_1667600.dnp

2008-01-25 20:11 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-25-2008_17-10-24_9999239.dnp

2008-01-25 20:03 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-25-2008_17-0-57_9419820.dnp

2008-01-25 20:02 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-25-2008_17-0-57_9830477.dnp

2005-07-14 18:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll

.

 

((((((((((((((((((((((((((((( [email protected]_17.32.49.42 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-03 22:10:04 663,040 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe

+ 2008-05-07 02:45:44 663,040 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe

- 2008-05-03 22:10:18 663,040 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe

+ 2008-05-07 02:45:44 663,040 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe

- 2008-05-03 22:10:18 663,040 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe

+ 2008-05-07 02:45:44 663,040 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe

- 2008-05-03 22:10:26 663,040 ----a-w C:\WINDOWS\$hf_mig$\KB886185\update\update.exe

+ 2008-05-07 02:45:44 663,040 ----a-w C:\WINDOWS\$hf_mig$\KB886185\update\update.exe

- 2008-05-03 22:10:02 663,040 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe

+ 2008-05-07 02:45:44 663,040 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe

- 2008-05-03 22:09:44 663,040 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe

+ 2008-05-07 02:45:44 663,040 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe

- 2008-05-03 22:09:28 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe

+ 2008-05-07 02:45:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe

- 2008-05-03 22:10:00 663,040 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe

+ 2008-05-07 02:45:44 663,040 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe

- 2008-05-03 22:10:10 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe

+ 2008-05-07 02:45:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe

- 2008-05-03 22:09:34 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe

+ 2008-05-07 02:45:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe

- 2008-05-03 22:10:02 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe

+ 2008-05-07 02:45:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe

- 2008-05-03 22:09:28 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe

+ 2008-05-07 02:45:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe

- 2008-05-03 22:10:10 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB896424\update\update.exe

+ 2008-05-07 02:45:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB896424\update\update.exe

- 2008-05-03 22:09:36 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe

+ 2008-05-07 02:45:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe

- 2008-05-03 22:09:24 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\update.exe

+ 2008-05-07 02:45:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\update.exe

- 2008-05-03 22:10:24 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe

+ 2008-05-07 02:45:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe

- 2008-05-03 22:10:12 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe

+ 2008-05-07 02:45:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe

- 2008-05-03 22:10:06 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe

- 2008-05-03 22:09:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe

+ 2008-05-07 02:45:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe

- 2008-05-03 22:10:14 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe

+ 2008-05-07 02:45:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe

- 2008-05-03 22:09:48 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe

+ 2008-05-07 02:45:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe

- 2008-05-03 22:09:56 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe

+ 2008-05-07 02:45:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe

- 2008-05-03 22:10:24 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB904706\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB904706\update\update.exe

- 2008-05-03 22:09:50 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\update.exe

+ 2008-05-07 02:45:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\update.exe

- 2008-05-03 22:09:38 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe

+ 2008-05-07 02:45:44 726,752 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe

- 2008-05-03 22:09:34 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\update.exe

- 2008-05-03 22:09:38 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe

- 2008-05-03 22:10:28 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB910437\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB910437\update\update.exe

- 2008-05-03 22:10:08 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe

- 2008-05-03 22:10:08 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe

- 2008-05-03 22:10:14 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe

- 2008-05-03 22:09:42 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB912919\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB912919\update\update.exe

- 2008-05-03 22:09:36 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe

- 2008-05-03 22:09:50 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe

- 2008-05-03 22:09:32 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\update.exe

- 2008-05-03 22:09:40 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe

- 2008-05-03 22:09:50 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\update.exe

- 2008-05-03 22:09:46 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB917422\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB917422\update\update.exe

- 2008-05-03 22:09:48 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\update.exe

- 2008-05-03 22:09:46 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe

- 2008-05-03 22:09:58 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe

- 2008-05-03 22:09:52 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe

- 2008-05-03 22:09:42 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\update.exe

- 2008-05-03 22:10:00 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe

- 2008-05-03 22:09:32 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\update.exe

- 2008-05-03 22:10:12 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe

- 2008-05-03 22:09:52 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe

- 2008-05-03 22:10:32 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\update.exe

- 2008-05-03 22:10:28 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB922582\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB922582\update\update.exe

- 2008-05-03 22:10:20 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\update.exe

- 2008-05-03 22:10:18 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\update.exe

- 2008-05-03 22:09:40 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB923694\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB923694\update\update.exe

- 2008-05-03 22:10:10 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe

- 2008-05-03 22:10:20 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB924191\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB924191\update\update.exe

- 2008-05-03 22:10:06 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\update.exe

- 2008-05-03 22:10:04 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\update.exe

- 2008-05-03 22:10:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\update.exe

- 2008-05-03 22:10:26 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\update.exe

- 2008-05-03 22:09:54 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\update.exe

- 2008-05-03 22:10:22 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\update.exe

- 2008-05-03 22:10:22 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\update.exe

- 2008-05-03 22:10:30 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB927891\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB927891\update\update.exe

- 2008-05-03 22:09:30 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB928090\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB928090\update\update.exe

- 2008-05-03 22:10:16 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\update.exe

- 2008-05-03 22:09:26 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\update.exe

- 2008-05-03 22:10:42 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe

- 2008-05-03 22:10:16 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB929969\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB929969\update\update.exe

- 2008-05-03 22:10:42 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\update.exe

- 2008-05-03 22:10:38 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\update.exe

- 2008-05-03 22:10:46 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\update.exe

- 2008-05-03 22:10:36 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\update.exe

- 2008-05-03 22:10:04 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB931836\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB931836\update\update.exe

- 2008-05-03 22:10:40 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\update.exe

- 2008-05-03 22:10:38 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\update.exe

- 2008-05-03 22:10:50 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe

- 2008-05-03 22:10:36 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe

- 2008-05-03 22:10:38 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe

- 2008-05-03 22:10:32 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe

- 2008-05-03 22:10:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\update.exe

- 2008-05-03 22:10:58 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\update.exe

- 2008-05-03 22:10:40 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe

- 2008-05-03 22:10:50 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe

- 2008-05-03 22:10:34 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\update.exe

- 2008-05-03 22:10:46 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe

- 2008-05-03 22:10:34 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe

- 2008-05-03 22:10:56 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe

- 2008-05-03 22:11:00 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe

- 2008-05-03 22:10:52 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\update.exe

- 2008-05-03 22:10:56 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe

- 2008-05-03 22:10:58 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe

- 2008-05-03 22:11:02 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe

- 2008-05-03 22:10:30 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\update.exe

- 2008-05-03 22:11:00 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe

- 2008-05-03 22:11:02 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe

- 2008-05-03 22:10:52 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe

- 2008-05-03 22:11:06 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe

- 2008-05-03 22:11:00 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\update.exe

+ 2008-05-07 02:45:44 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\update.exe

- 2008-05-03 20:30:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-08 15:32:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-03-03 23:29:06 761,856 ----a-w C:\WINDOWS\gmer.exe

- 2008-05-03 22:12:22 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\003ca2986a4f88f2c56fde6fb7e8aace\update\update.exe

- 2008-05-03 22:11:56 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\01121ec6682b24fe2e67a517163dc3a6\update\update.exe

- 2008-05-03 22:12:40 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0349134632fc96141771fb3aef4c4798\update\update.exe

- 2008-05-03 22:12:10 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\048887495f0a12c8f35aab2bac33be15\update\update.exe

- 2008-05-03 22:12:04 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\07c0269ae58bcf772c3c353eb8e769f2\update\update.exe

- 2008-05-03 22:12:44 663,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\087e1ccffeb6745e3f234abc077ab79f\update\update.exe

- 2008-05-03 22:12:20 726,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0cde5f03e997b95759bb7d228685e55c\update\update.exe

- 2008-05-03 22:12:18 726,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\19ee83128cfc11e6c8d5cd389362ced7\update\update.exe

- 2008-05-03 22:12:06 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b2016eca660c2ff34b423aa25fe0b0e\update\update.exe

- 2008-05-03 22:12:10 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\242c7c5d66f8a7ac55bf5b4627e5c54b\update\update.exe

- 2008-05-03 22:12:46 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\276482a0ec197a5737e6af399169bca5\update\update.exe

- 2008-05-03 22:12:42 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\284f71d150d9ba948fe1779a09c3b30a\update\update.exe

- 2008-05-03 22:12:00 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\2d1d88a56bfe730d3431ade94c201490\update\update.exe

- 2008-05-03 22:12:36 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\3da355aa3e67a9a2111fa9ccd3db4d6d\update\update.exe

- 2008-05-03 22:12:34 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\3f29a0bcd5e49dee556753f283f23ff7\update\update.exe

- 2008-05-03 22:12:46 726,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\45a80f03cdbb32c3ac59269bc10c27b3\update\update.exe

- 2008-05-03 22:12:02 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4c35a38f6f834cbfe3643f4d7796152c\update\update.exe

- 2008-05-03 22:12:26 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4d05dae6dec5326ef4e90ec7dc5ad3af\update\update.exe

- 2008-05-03 22:12:30 726,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\50c0c486dde544b563f1a08f73020649\update\update.exe

- 2008-05-03 22:12:00 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\50e742aa779c2e4c9f73efbf831c9980\update\update.exe

- 2008-05-03 22:12:24 726,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5648814a7abb02fb0e510a3cf862edd2\update\update.exe

- 2008-05-03 22:12:50 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\599245114fb2292e91bc0e58b9ca9524\update\update.exe

- 2008-05-03 22:12:22 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5bd5fc4236bd704ff2ac17058bd06d04\update\update.exe

- 2008-05-03 22:12:32 663,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\621eafd1e81bc9d5fcb2796011386188\update\update.exe

- 2008-05-03 22:12:06 726,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\66ba8f85794102c5bf00d05ad3a84c78\update\update.exe

- 2008-05-03 22:12:28 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\69b8b4fbf065352cfdf9ea16197ab5fc\update\update.exe

- 2008-05-03 22:12:14 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\766dc3aa762f0c2e0d68453beb0e7211\update\update.exe

- 2008-05-03 22:12:38 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\7ef987175376724a84fcb3466124cdd2\update\update.exe

- 2008-05-03 22:12:16 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\812c50be3025b4ecd553a82fa65e4444\update\update.exe

- 2008-05-03 22:12:44 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8437d26cc33cfed3b8dfbe70840aaa8b\update\update.exe

- 2008-05-03 22:12:54 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8960b8c53a71c72b9462421dbbf08d13\update\update.exe

- 2008-05-03 22:12:38 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\9a59d3d336c417b017d7e4262aefc9d9\update\update.exe

- 2008-05-03 22:12:32 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\9fb688a136c3d683a3c6ffed9692e44d\update\update.exe

- 2008-05-03 22:12:48 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\a09487ffa7ab10bad3583de7dcc6616c\update\update.exe

- 2008-05-03 22:12:34 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\a3f52d398dc434152d45110686d25825\update\update.exe

- 2008-05-03 22:11:58 726,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\update\update.exe

- 2008-05-03 22:12:26 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\afd764e93d530395a73dca557aa17078\update\update.exe

- 2008-05-03 22:12:50 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\b52f92c1cfec972650c73e8d51aeccb8\update\update.exe

- 2008-05-03 22:12:12 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\db6cb5a5b7c7745f3a9b7f1fd863b1c6\update\update.exe

- 2008-05-03 22:12:52 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\e41197b3fcb0c86533225dc88544de7a\update\update.exe

- 2008-05-03 22:12:14 726,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\ec6b931f5e172ec9afd7f0445e049248\update\update.exe

- 2008-05-03 22:12:20 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f9f41460db0dbe92d27bad30e876163d\update\update.exe

- 2008-05-03 17:51:30 1,744 ----a-w C:\WINDOWS\system32\d3d9caps.dat

+ 2008-05-07 17:52:28 1,744 ----a-w C:\WINDOWS\system32\d3d9caps.dat

+ 2008-05-08 15:33:26 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_244.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:42 15360]

"SpybotSD TeaTimer"="C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"C:\Archivos de programa\NetMeter\NetMeter.exe"="C:\Archivos de programa\NetMeter\NetMeter.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CpuIdle"="C:\Archivos de programa\CpuIdlePro\cpuidle.exe" [2007-02-14 16:15 1018368]

"MBM 5"="C:\Archivos de programa\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 09:40 594944]

"TkBellExe"="C:\Archivos de programa\Archivos comunes\Real\Update_OB\evntsvc.exe" [2007-03-27 22:49 146432]

"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2007-02-16 00:11 77824]

"RCScheduleCheck"="C:\Program Files\VCOM\Recovery Commander\RCSCHED.exe" [2003-10-21 14:20 151552]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 18:42 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:19 44544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoAutoUpdate"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\ARCHIV~1\DVDREG~1.16\DVDShell.dll [2004-06-08 15:18 49152]

"{a5780613-492e-4a2a-a7fd-549610edf6cc}"= C:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL [2003-07-08 11:53 102400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=apitrap.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

"VIDC.WMV3"= C:\ARCHIV~1\COMBIN~1\Filters\wmv9vcm.dll

"msacm.mpegacm"= mpegacm.acm

"msacm.ulmp3acm"= ulmp3acm.acm

"msacm.dvacm"= C:\ARCHIV~1\ARCHIV~1\ULEADS~1\vio\dvacm.acm

"msacm.avis"= ff_acm.acm

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"OutpostFirewall"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Archivos de programa\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Archivos de programa\\Lavasoft\\Ad-Aware 2007\\LSUpdateManager.exe"=

"C:\\Archivos de programa\\BitComet\\BitComet.exe"=

"C:\\Archivos de programa\\Google\\Google Earth\\googleearth.exe"=

"C:\\Archivos de programa\\eMule\\LinkCreator.exe"=

"C:\\Archivos de programa\\Opera\\Opera.exe"=

"C:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=

"C:\\Archivos de programa\\Outlook Express\\msimn.exe"=

"C:\\Archivos de programa\\FlashGet\\flashget.exe"=

"C:\\Archivos de programa\\Mozilla Thunderbird\\thunderbird.exe"=

"C:\\Archivos de programa\\Spybot - Search & Destroy\\SpybotSD.exe"=

"C:\\Archivos de programa\\SpywareGuard\\sgliveupdate.exe"=

"C:\\Archivos de programa\\WinHTTrack\\WinHTTrack.exe"=

"C:\\Archivos de programa\\101 MP3 Splitter and Joiner\\101 MP3 Splitter and Joiner.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7152:TCP"= 7152:TCP:BitComet 7152 TCP

"7152:UDP"= 7152:UDP:BitComet 7152 UDP

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

 

R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-02-14 16:15]

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12:00]

R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2003-12-29 18:27]

R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"C:\Archivos de programa\Smith Micro\StuffIt11\ArcNameService.exe" [2007-05-01 10:15]

S3 ADFRMKO;ADFRMKO;C:\DOCUME~1\Q\CONFIG~1\Temp\ADFRMKO.exe []

S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 03:46]

S3 FTJI;FTJI;C:\DOCUME~1\Q\CONFIG~1\Temp\FTJI.exe []

S3 I97DRIVER;I97DRIVER;C:\Archivos de programa\VCOM\Fix-It\dgs.sys [2005-05-10 19:45]

S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 14:31]

S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]

S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 10:27]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 18:10]

S3 PCIUtil;PCI Utility;C:\DOCUME~1\Q\CONFIG~1\Temp\PCIUtil.sys []

S3 V;V;C:\DOCUME~1\Q\CONFIG~1\Temp\V.exe []

S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 17:06]

S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-01-08 09:53]

S3 ZMZI;ZMZI;C:\DOCUME~1\Q\CONFIG~1\Temp\ZMZI.exe []

 

*Newly Created Service* - SROSA

.

Contenido de carpeta 'Tareas Programadas'

"2008-05-06 21:07:18 C:\WINDOWS\Tasks\Scheduled Checkpoint.job"

- C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE

"2007-04-07 03:36:28 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~Q-917BDECBD7A94 Q.job"

- C:\Archivos de programa\Copernic Agent\CopernicAgent.exe

"2007-04-07 03:36:28 C:\WINDOWS\Tasks\2 Copernic Daily ~Q-917BDECBD7A94 Q.job"

- C:\Archivos de programa\Copernic Agent\CopernicAgent.exe

"2007-04-07 03:36:28 C:\WINDOWS\Tasks\3 Copernic Weekly ~Q-917BDECBD7A94 Q.job"

- C:\Archivos de programa\Copernic Agent\CopernicAgent.exe

"2007-04-07 03:36:28 C:\WINDOWS\Tasks\4 Copernic Monthly ~Q-917BDECBD7A94 Q.job"

- C:\Archivos de programa\Copernic Agent\CopernicAgent.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-08 12:33:38

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

escaneando procesos ocultos ...

 

escaneando entradas ocultas de autostart ...

 

escaneando archivos ocultos ...

 

el escaneo se completo con exito

archivos ocultos: 0

 

**************************************************************************

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C:\\Archivos de programa\\NetMeter\\NetMeter.exe"="C:\\Archivos de programa\\NetMeter\\NetMeter.exe"

"drvsyskit"="C:\\WINDOWS\\system32\\drivers\\hldrrr.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srosa]

"ImagePath"="\??\C:\WINDOWS\system32\drivers\srosa.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- DLLs cargados bajo los procesos en ejecuci¢n ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\mag.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Archivos de programa\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe

C:\ARCHIV~1\VCOM\Fix-It\mxtask.exe

C:\Archivos de programa\Archivos comunes\Ulead Systems\DVD\ULCDRSvr.exe

C:\ARCHIV~1\VCOM\Fix-It\mxtask.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Archivos de programa\Media Key\MagicKey.exe

C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Archivos de programa\Media Key\OSD.EXE

C:\Archivos de programa\Olympus\DeviceDetector\DevDtct2.exe

C:\Archivos de programa\Microsoft Office\Office\3082\msoffice.exe

C:\Archivos de programa\Codebox\BitMeter\BitMeter2.exe

C:\Archivos de programa\Referencia Microsoft\BookshelfE\QS96E.EXE

C:\Archivos de programa\SpywareGuard\sgmain.exe

C:\Archivos de programa\ProcessTamer\ProcessTamerTray.exe

C:\Archivos de programa\SpywareGuard\sgbhp.exe

.

**************************************************************************

.

Tiempo completado: 2008-05-08 12:36:32 - machine was rebooted

ComboFix4.txt 2007-12-03 03:24:42

ComboFix-quarantined-files.txt 2008-05-08 15:36:26

ComboFix3.txt 2008-05-03 20:34:40

ComboFix2.txt 2008-05-04 20:28:56

 

25 dirs 734,994,432 bytes libres

28 dirs 719,937,536 bytes libres

 

552 --- E O F --- 2008-04-26 20:11:53

 

-------------------------------

 

Well, I´m going to mu work now, (here in Argentina are 12:40 hs - 0:40 PM) so your I´ll see your next post at night.

 

Regards Quique

Share this post


Link to post
Share on other sites

Hi

 

Upload following files to http://virusscan.jotti.org and post back the results:

C:\WINDOWS\system32\dllcache\sysinfo.exe

C:\WINDOWS\system32\dllcache\register.exe

 

 

I want to be sure that Spybot's TeaTimer won't interfere with the fix. Please uninstall Spybot thru add/remove programs. If uninstalling fails then delete C:\Archivos de programa\Spybot - Search & Destroy folder.

 

 

Open notepad and copy/paste the text in the quotebox below into it:

 

KILLALL::

Driver::
srosa
ADFRMKO
FTJI
V
ZMZI

File::
C:\DOCUME~1\Q\CONFIG~1\Temp\ADFRMKO.exe
C:\DOCUME~1\Q\CONFIG~1\Temp\FTJI.exe
C:\DOCUME~1\Q\CONFIG~1\Temp\V.exe
C:\DOCUME~1\Q\CONFIG~1\Temp\ZMZI.exe

Rootkit::
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\Archivos de programa\NetMeter\NetMeter.exe"=-
"drvsyskit"=-

 

 

Save this as

CFScript

 

 

CFScript.gif

 

Refering to the picture above, drag CFScript into Combo-Fix.exe

Then post the resultant log.

 

 

Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

If that happened we want to know, and also what process you had to end.

Share this post


Link to post
Share on other sites

Hi

 

I proceed per instructions and this ar the results:

 

1) For both files register and sysinfo found nothing:

 

Service load: 0% 100%

 

File: sysinfo.exe

Status: OK

MD5: e43614310672610d76018d82b1494fc9

Packers detected: -

Bit9 reports:

 

Scanner results

Scan taken on 09 May 2008 02:34:22 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Rising Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

 

AND

 

Service load: 0% 100%

 

File: register.exe

Status: OK

MD5: 18048eb39cd09cd3ee264b0474e6accf

Packers detected: -

Bit9 reports:

 

Scanner results

Scan taken on 09 May 2008 02:30:09 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Rising Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

 

 

2) Uninstall Spyboot, reboot and deleted the remaining folder.

 

3) Run ComboFix (appeared a window telling that: runonce.exe ha detectado un problema y debe cerrarse [runonce.exe has tetected a problem and must shut down]) but it continued running and this is the report:

 

ComboFix 08-05-01.3 - Q 2008-05-08 23:53:52.5 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.714 [GMT -3:00]

Se ejecuta desde: C:\Documents and Settings\Q\Escritorio\Combo-Fix.exe

Command switches used :: C:\Documents and Settings\Q\Escritorio\CFScript.txt

* Creado un nuevo punto de restauración

 

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!

 

FILE ::

C:\DOCUME~1\Q\CONFIG~1\Temp\ADFRMKO.exe

C:\DOCUME~1\Q\CONFIG~1\Temp\FTJI.exe

C:\DOCUME~1\Q\CONFIG~1\Temp\V.exe

C:\DOCUME~1\Q\CONFIG~1\Temp\ZMZI.exe

.

 

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\drivers\downld\

C:\WINDOWS\system32\drivers\hldrrr.exe . . . . Fallo al eliminar

C:\WINDOWS\system32\drivers\mdelk.exe . . . . Fallo al eliminar

C:\WINDOWS\system32\drivers\srosa.sys . . . . Fallo al eliminar

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ADFRMKO

-------\Legacy_FTJI

-------\Legacy_SROSA

-------\Legacy_V

-------\Legacy_ZMZI

-------\Service_ADFRMKO

-------\Service_FTJI

-------\Service_V

-------\Service_ZMZI

 

 

(((((((((((((((((( Archivos creados desde 2008-04-09 - 2008-05-09 )))))))))))))))))))))))))))))))))

.

 

2008-05-06 16:54 . 2008-05-06 16:54 <DIR> d-------- C:\RKR

2008-05-06 15:32 . 2008-05-06 15:32 244 --ah----- C:\sqmnoopt11.sqm

2008-05-06 15:32 . 2008-05-06 15:32 232 --ah----- C:\sqmdata11.sqm

2008-05-06 15:31 . 2008-05-06 15:31 244 --ah----- C:\sqmnoopt10.sqm

2008-05-06 15:31 . 2008-05-06 15:31 232 --ah----- C:\sqmdata10.sqm

2008-05-05 19:41 . 2008-05-05 19:41 244 --ah----- C:\sqmnoopt09.sqm

2008-05-05 19:41 . 2008-05-05 19:41 232 --ah----- C:\sqmdata09.sqm

2008-05-05 19:39 . 2008-05-05 19:39 244 --ah----- C:\sqmnoopt08.sqm

2008-05-05 19:39 . 2008-05-05 19:39 232 --ah----- C:\sqmdata08.sqm

2008-05-05 19:29 . 2008-05-05 19:29 244 --ah----- C:\sqmnoopt07.sqm

2008-05-05 19:29 . 2008-05-05 19:29 232 --ah----- C:\sqmdata07.sqm

2008-05-05 15:08 . 2008-05-05 15:08 244 --ah----- C:\sqmnoopt06.sqm

2008-05-05 15:08 . 2008-05-05 15:08 232 --ah----- C:\sqmdata06.sqm

2008-05-05 13:41 . 2008-05-05 13:41 244 --ah----- C:\sqmnoopt05.sqm

2008-05-05 13:41 . 2008-05-05 13:41 232 --ah----- C:\sqmdata05.sqm

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\Willy\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\Q\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\Pepe\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\LocalService\Configuración local

2008-05-03 17:34 . 2008-05-03 17:34 <DIR> d-------- C:\Documents and Settings\Administrador\Configuración local

2008-05-03 14:48 . 2008-05-03 14:48 <DIR> d-------- C:\Archivos de programa\Trend Micro

2008-05-03 14:17 . 2008-05-03 14:16 140,288 --a------ C:\vcleaner.exe

2008-05-01 14:55 . 2008-05-01 14:56 <DIR> d-------- C:\Archivos de programa\EsetOnlineScanner

2008-05-01 14:16 . 2008-05-01 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab

2008-04-30 23:04 . 2008-04-30 23:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-04-29 16:34 . 2008-04-29 16:34 <DIR> d-------- C:\Archivos de programa\Panda Security

2008-04-29 14:25 . 2008-04-29 14:25 <DIR> d-------- C:\Archivos de programa\--Caoscope 2

2008-04-29 01:04 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll

2008-04-27 19:27 . 2007-05-30 09:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-04-27 18:46 . 2008-04-27 18:46 <DIR> d-------- C:\Archivos de programa\ChangeIP

2008-04-15 12:59 . 2008-04-15 12:59 <DIR> d-------- C:\Documents and Settings\Q\Datos de programa\Bitmeter2

2008-04-15 12:59 . 2008-04-15 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Bitmeter2

2008-04-15 12:59 . 2008-04-15 12:59 <DIR> d-------- C:\Archivos de programa\Codebox

 

.

(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-09 02:38 70,144 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe

2008-05-09 02:27 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe

2008-03-31 22:18 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-31-2008_19-15-29_4676389.dnp

2008-03-31 22:16 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-31-2008_19-15-29_53989.dnp

2008-03-29 04:53 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-29-2008_1-51-25_2712237.dnp

2008-03-29 04:52 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-29-2008_1-51-25_5693632.dnp

2008-03-28 21:10 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-28-2008_18-7-40_5417407.dnp

2008-03-28 21:08 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-28-2008_18-7-40_4402434.dnp

2008-03-28 20:46 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-28-2008_17-43-30_2752436.dnp

2008-03-28 19:44 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item13-3-28-2008_17-43-30_1259127.dnp

2008-03-26 18:09 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item12-3-26-2008_15-7-22_2950104.dnp

2008-03-26 18:00 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item11-3-26-2008_14-58-37_2257289.dnp

2008-03-26 17:59 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item11-3-26-2008_14-58-37_6486630.dnp

2008-03-24 21:10 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item9-3-24-2008_18-9-44_6116300.dnp

2008-03-23 02:24 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item9-3-22-2008_23-21-14_7730764.dnp

2008-03-23 02:22 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item9-3-22-2008_23-21-14_431949.dnp

2008-03-21 05:13 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-21-2008_2-10-53_9211629.dnp

2008-03-21 05:11 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-21-2008_2-10-53_8112910.dnp

2008-03-16 02:52 --------- d-----w C:\Archivos de programa\SpywareBlaster

2008-03-14 22:11 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-14-2008_19-9-5_647362.dnp

2008-03-14 22:10 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-14-2008_19-9-5_6056638.dnp

2008-03-14 21:59 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-14-2008_18-56-45_698454.dnp

2008-03-14 21:57 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item8-3-14-2008_18-56-45_2441946.dnp

2008-03-11 02:07 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item7-3-10-2008_23-1-13_7018958.dnp

2008-03-11 02:05 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item7-3-10-2008_23-1-13_7559849.dnp

2008-03-10 19:49 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_16-46-58_7857146.dnp

2008-03-10 19:48 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_16-46-58_7198295.dnp

2008-03-10 06:34 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_3-31-53_8666034.dnp

2008-03-10 06:33 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_3-31-53_9126851.dnp

2008-03-10 05:47 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_2-41-51_4599296.dnp

2008-03-10 05:44 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-10-2008_2-41-51_1839719.dnp

2008-03-10 05:08 --------- d-----w C:\Archivos de programa\Participatory Culture Foundation

2008-03-10 03:00 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-9-2008_23-58-34_688270.dnp

2008-03-10 02:59 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-9-2008_23-58-34_8297232.dnp

2008-03-10 01:48 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-9-2008_22-46-9_4234764.dnp

2008-03-10 01:46 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item6-3-9-2008_22-46-9_3135233.dnp

2008-03-09 21:40 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-9-2008_18-37-13_6181020.dnp

2008-03-09 21:38 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-9-2008_18-37-13_7171592.dnp

2008-03-06 04:33 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-6-2008_1-29-34_5780191.dnp

2008-03-06 04:30 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-6-2008_1-29-34_5276300.dnp

2008-03-04 01:32 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-3-2008_22-30-21_5540560.dnp

2008-03-04 01:31 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-3-2008_22-30-21_9398000.dnp

2008-03-04 01:25 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-3-2008_22-23-53_9451861.dnp

2008-03-04 01:24 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-3-2008_22-23-53_3087734.dnp

2008-03-02 05:05 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-2-2008_2-2-43_4086869.dnp

2008-03-02 05:03 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item5-3-2-2008_2-2-43_6233788.dnp

2008-02-28 21:06 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_18-6-2_8225210.dnp

2008-02-28 16:44 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_13-42-36_8262898.dnp

2008-02-28 16:43 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_13-42-36_7319144.dnp

2008-02-28 13:17 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_10-14-26_2684948.dnp

2008-02-28 13:15 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-28-2008_10-14-26_5320856.dnp

2008-02-25 16:18 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-25-2008_13-15-50_9956587.dnp

2008-02-25 16:16 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-25-2008_13-15-50_4428828.dnp

2008-02-19 20:34 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-32-15_8195739.dnp

2008-02-19 20:33 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-32-15_7320670.dnp

2008-02-19 20:27 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-25-13_70114.dnp

2008-02-19 20:26 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-25-13_9882524.dnp

2008-02-19 20:23 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-21-16_8930756.dnp

2008-02-19 20:22 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item4-2-19-2008_17-21-16_8725175.dnp

2008-02-16 01:50 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-15-2008_22-47-20_1535232.dnp

2008-02-16 01:48 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-15-2008_22-47-20_2248354.dnp

2008-02-11 02:41 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-40-34_7116094.dnp

2008-02-11 02:36 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-33-2_128948.dnp

2008-02-11 02:34 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-33-2_3376306.dnp

2008-02-11 02:31 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-28-12_7051397.dnp

2008-02-11 02:29 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_23-28-12_7718358.dnp

2008-02-10 13:17 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_10-15-39_2333520.dnp

2008-02-10 13:16 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_10-15-39_8466495.dnp

2008-02-10 06:28 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_3-26-0_1001124.dnp

2008-02-10 06:26 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-10-2008_3-26-0_7435765.dnp

2008-02-10 01:59 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-9-2008_22-56-55_4445964.dnp

2008-02-10 01:57 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-9-2008_22-56-55_3653725.dnp

2008-02-07 21:38 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-36-33_8029135.dnp

2008-02-07 21:37 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-36-33_1823435.dnp

2008-02-07 21:24 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-23-5_8626408.dnp

2008-02-07 21:23 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-23-5_946295.dnp

2008-02-07 21:19 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-17-7_9472121.dnp

2008-02-07 21:17 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-7-2008_18-17-7_1202510.dnp

2008-02-02 22:18 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-2-2008_19-16-22_7062018.dnp

2008-02-02 22:17 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-2-2008_19-16-22_7767796.dnp

2008-02-01 18:25 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-1-2008_15-23-42_9733073.dnp

2008-02-01 18:24 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-2-1-2008_15-23-42_3237008.dnp

2008-01-31 03:48 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-31-2008_0-45-45_7627982.dnp

2008-01-31 03:46 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-31-2008_0-45-45_8376163.dnp

2008-01-31 03:40 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-31-2008_0-37-12_9902438.dnp

2008-01-31 03:38 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-31-2008_0-37-12_6306310.dnp

2008-01-29 20:41 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_17-39-47_712095.dnp

2008-01-29 20:40 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_17-39-47_5588690.dnp

2008-01-29 20:35 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_17-32-42_6648826.dnp

2008-01-29 20:34 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_17-32-42_489666.dnp

2008-01-29 19:49 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_16-46-56_1090252.dnp

2008-01-29 19:47 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-29-2008_16-46-56_6940008.dnp

2008-01-27 01:57 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-26-2008_22-54-43_3278774.dnp

2008-01-27 01:55 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-26-2008_22-54-43_2401285.dnp

2008-01-27 01:49 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-26-2008_22-46-15_1533977.dnp

2008-01-27 01:47 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-26-2008_22-46-15_9533694.dnp

2008-01-25 20:13 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-25-2008_17-10-24_1667600.dnp

2008-01-25 20:11 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-25-2008_17-10-24_9999239.dnp

2008-01-25 20:03 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-25-2008_17-0-57_9419820.dnp

2008-01-25 20:02 18 ----a-w C:\Archivos de programa\XP Repair Pro 2007ERR_Item3-1-25-2008_17-0-57_9830477.dnp

2005-07-14 18:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll

.

 

((((((((((((((((((((((((((((( snapshot_2008-05-08_12.35.43.75 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-08 15:32:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-09 02:57:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-05-07 17:52:28 1,744 ----a-w C:\WINDOWS\system32\d3d9caps.dat

+ 2008-05-08 15:51:46 1,744 ----a-w C:\WINDOWS\system32\d3d9caps.dat

+ 2008-05-09 02:57:32 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_184.dat

.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:42 15360]

"C:\Archivos de programa\NetMeter\NetMeter.exe"="C:\Archivos de programa\NetMeter\NetMeter.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CpuIdle"="C:\Archivos de programa\CpuIdlePro\cpuidle.exe" [2007-02-14 16:15 1018368]

"MBM 5"="C:\Archivos de programa\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 09:40 594944]

"TkBellExe"="C:\Archivos de programa\Archivos comunes\Real\Update_OB\evntsvc.exe" [2007-03-27 22:49 146432]

"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2007-02-16 00:11 77824]

"RCScheduleCheck"="C:\Program Files\VCOM\Recovery Commander\RCSCHED.exe" [2003-10-21 14:20 151552]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 18:42 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:19 44544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoAutoUpdate"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\ARCHIV~1\DVDREG~1.16\DVDShell.dll [2004-06-08 15:18 49152]

"{a5780613-492e-4a2a-a7fd-549610edf6cc}"= C:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL [2003-07-08 11:53 102400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=apitrap.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

"VIDC.WMV3"= C:\ARCHIV~1\COMBIN~1\Filters\wmv9vcm.dll

"msacm.mpegacm"= mpegacm.acm

"msacm.ulmp3acm"= ulmp3acm.acm

"msacm.dvacm"= C:\ARCHIV~1\ARCHIV~1\ULEADS~1\vio\dvacm.acm

"msacm.avis"= ff_acm.acm

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"OutpostFirewall"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Archivos de programa\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Archivos de programa\\Lavasoft\\Ad-Aware 2007\\LSUpdateManager.exe"=

"C:\\Archivos de programa\\BitComet\\BitComet.exe"=

"C:\\Archivos de programa\\Google\\Google Earth\\googleearth.exe"=

"C:\\Archivos de programa\\eMule\\LinkCreator.exe"=

"C:\\Archivos de programa\\Opera\\Opera.exe"=

"C:\\Archivos de programa\\Mozilla Firefox\\firefox.exe"=

"C:\\Archivos de programa\\Outlook Express\\msimn.exe"=

"C:\\Archivos de programa\\FlashGet\\flashget.exe"=

"C:\\Archivos de programa\\Mozilla Thunderbird\\thunderbird.exe"=

"C:\\Archivos de programa\\SpywareGuard\\sgliveupdate.exe"=

"C:\\Archivos de programa\\WinHTTrack\\WinHTTrack.exe"=

"C:\\Archivos de programa\\101 MP3 Splitter and Joiner\\101 MP3 Splitter and Joiner.exe"=

"C:\\Archivos de programa\\eMule\\emule.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7152:TCP"= 7152:TCP:BitComet 7152 TCP

"7152:UDP"= 7152:UDP:BitComet 7152 UDP

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

 

R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-02-14 16:15]

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12:00]

R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2003-12-29 18:27]

R2 Stuffit Archive Name Service;Stuffit Archive Name Service;"C:\Archivos de programa\Smith Micro\StuffIt11\ArcNameService.exe" [2007-05-01 10:15]

S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 03:46]

S3 I97DRIVER;I97DRIVER;C:\Archivos de programa\VCOM\Fix-It\dgs.sys [2005-05-10 19:45]

S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 14:31]

S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]

S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 10:27]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 18:10]

S3 PCIUtil;PCI Utility;C:\DOCUME~1\Q\CONFIG~1\Temp\PCIUtil.sys []

S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 17:06]

S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-01-08 09:53]

 

*Newly Created Service* - SROSA

.

Contenido de carpeta 'Tareas Programadas'

"2008-05-06 21:07:18 C:\WINDOWS\Tasks\Scheduled Checkpoint.job"

- C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE

"2007-04-07 03:36:28 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~Q-917BDECBD7A94 Q.job"

- C:\Archivos de programa\Copernic Agent\CopernicAgent.exe

"2007-04-07 03:36:28 C:\WINDOWS\Tasks\2 Copernic Daily ~Q-917BDECBD7A94 Q.job"

- C:\Archivos de programa\Copernic Agent\CopernicAgent.exe

"2007-04-07 03:36:28 C:\WINDOWS\Tasks\3 Copernic Weekly ~Q-917BDECBD7A94 Q.job"

- C:\Archivos de programa\Copernic Agent\CopernicAgent.exe

"2007-04-07 03:36:28 C:\WINDOWS\Tasks\4 Copernic Monthly ~Q-917BDECBD7A94 Q.job"

- C:\Archivos de programa\Copernic Agent\CopernicAgent.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-08 23:57:46

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

escaneando procesos ocultos ...

 

escaneando entradas ocultas de autostart ...

 

escaneando archivos ocultos ...

 

el escaneo se completo con exito

archivos ocultos: 0

 

**************************************************************************

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C:\\Archivos de programa\\NetMeter\\NetMeter.exe"="C:\\Archivos de programa\\NetMeter\\NetMeter.exe"

"drvsyskit"="C:\\WINDOWS\\system32\\drivers\\hldrrr.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srosa]

"ImagePath"="\??\C:\WINDOWS\system32\drivers\srosa.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- DLLs cargados bajo los procesos en ejecuci¢n ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\mag.dll

.

------------------------ Other Running Processes ------------------------

.

C:\ARCHIVOS DE PROGRAMA\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE

C:\ARCHIVOS DE PROGRAMA\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE

C:\ARCHIVOS DE PROGRAMA\DISKEEPER CORPORATION\DISKEEPER\DKSERVICE.EXE

C:\ARCHIVOS DE PROGRAMA\VCOM\FIX-IT\MXTASK.EXE

C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\ULEAD SYSTEMS\DVD\ULCDRSVR.EXE

C:\ARCHIVOS DE PROGRAMA\VCOM\FIX-IT\MXTASK.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Archivos de programa\Media Key\MagicKey.exe

C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Archivos de programa\Media Key\OSD.EXE

C:\Archivos de programa\Microsoft Office\Office\3082\msoffice.exe

C:\Archivos de programa\Olympus\DeviceDetector\DevDtct2.exe

C:\Archivos de programa\Codebox\BitMeter\BitMeter2.exe

C:\Archivos de programa\Referencia Microsoft\BookshelfE\QS96E.EXE

C:\Archivos de programa\SpywareGuard\sgmain.exe

C:\Archivos de programa\ProcessTamer\ProcessTamerTray.exe

C:\Archivos de programa\SpywareGuard\sgbhp.exe

.

**************************************************************************

.

Tiempo completado: 2008-05-09 0:00:38 - machine was rebooted

ComboFix5.txt 2007-12-03 03:24:42

ComboFix-quarantined-files.txt 2008-05-09 03:00:32

ComboFix4.txt 2008-05-03 20:34:40

ComboFix3.txt 2008-05-04 20:28:56

ComboFix2.txt 2008-05-08 15:36:34

 

25 dirs 756,219,904 bytes libres

28 dirs 743,555,072 bytes libres

 

319 --- E O F --- 2008-04-26 20:11:53

 

 

-----------------------------------------------

 

4) After the ComboFix reboot appeared a blob from the AntiVir alerting that was deactivated and asking to click on it to solution the problem.

This has not happened never before (after the attack). I did not do nothing until your advice. Could it be a good sign?

 

until tomorrow and regards from

Quique

Share this post


Link to post
Share on other sites

Hi

 

I recommend you print/save following instructions since you'll need safe mode there (in case it's working).

  • Download The Avenger by Swandog46 from here.
     
  • Unzip/extract it to a folder on your desktop. Don't run it yet!

Reboot into safe mode if possible.

  • Double click on avenger.exe to run The Avenger.
     
  • Click OK.
     
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
     
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Drivers to delete:
    srosa
    
    Files to delete:
    C:\WINDOWS\system32\drivers\hldrrr.exe
    C:\WINDOWS\system32\drivers\mdelk.exe
    C:\WINDOWS\system32\drivers\srosa.sys
    
    Folders to delete:
    C:\WINDOWS\system32\drivers\downld
    
    Registry values to delete:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | drvsyskit


     

  • In the avenger window, click the Paste Script from Clipboard, pastets4.png button. (Ensure that the lines appear like they do in the codebox above)
     
  • Click the Execute button.
     
  • You will be asked Are you sure you want to execute the current script?.
     
  • Click Yes.
     
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
     
  • Click Yes.
     
  • Your PC will now be rebooted.
     
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
     
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
     
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
     
  • Please post this log in your next reply. If you can make HijackThis work (rename HijackThis.exe file -> cheating.exe before trying) post its log too.

Share this post


Link to post
Share on other sites

Hi Blade

 

1) I enter in Safe Mode

 

2) When I double click on Avenger exe appeared the window saying: ...is not a valid w32 application.

 

Sorry :wub:

 

Regards Quique

Share this post


Link to post
Share on other sites

Hi

 

Please rename Avenger.exe -> renamed.exe and try running this renamed Avenger in safe mode.

Share this post


Link to post
Share on other sites

Hi Blade

 

I rename the file, enter in safe mode and again appeared the same little box: ...is not a valid w32 application.

 

In last weekend I installed the Avast antivirus without any problem. Do you think it´s a good idea to run it on C drive?

 

Regards

Quique

Share this post


Link to post
Share on other sites

Hi

 

I uploaded renamed Avenger here. Download it to your desktop but don't run it yet!

 

I recommend you print/save following instructions since you'll need safe mode there (in case it's working).

 

Reboot into safe mode if possible.

  • Double click on renamedTool.exe to run The Avenger.
     
  • Click OK.
     
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
     
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Drivers to delete:
    srosa
    
    Files to delete:
    C:\WINDOWS\system32\drivers\hldrrr.exe
    C:\WINDOWS\system32\drivers\mdelk.exe
    C:\WINDOWS\system32\drivers\srosa.sys
    
    Folders to delete:
    C:\WINDOWS\system32\drivers\downld


     

  • In the avenger window, click the Paste Script from Clipboard, pastets4.png button. (Ensure that the lines appear like they do in the codebox above)
     
  • Click the Execute button.
     
  • You will be asked Are you sure you want to execute the current script?.
     
  • Click Yes.
     
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
     
  • Click Yes.
     
  • Your PC will now be rebooted.
     
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
     
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
     
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
     
  • Please post this log in your next reply.

Share this post


Link to post
Share on other sites

Hi Blade

 

YESSSS ;)

 

It worked now!

 

In Safe Mode, executed RenamedTool, two reboots and the final log is:

 

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

Driver "srosa" deleted successfully.

 

Error: file "C:\WINDOWS\system32\drivers\hldrrr.exe" not found!

Deletion of file "C:\WINDOWS\system32\drivers\hldrrr.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!

Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "C:\WINDOWS\system32\drivers\srosa.sys" not found!

Deletion of file "C:\WINDOWS\system32\drivers\srosa.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: "C:\WINDOWS\system32\drivers\downld" is not a folder! It may instead be a file.

Deletion of folder "C:\WINDOWS\system32\drivers\downld" failed!

Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)

--> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

--------------------------------

 

Reading the log in the line that says:

C:\WINDOWS\system32\drivers\downld" is not a folder! It may instead be a file

 

...I went to the folder and manually deleted -downld- that appeared as a file without extension.

 

I thank you all your effort, and let´s go on.

 

Regards

Quique

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this