Problema para eliminar archivos

Tema en 'Logs HijackThis' comenzado por sagitarius, 4/7/09.

Estado del tema:
No está abierto para más respuestas.
  1. sagitarius

    sagitarius Nuevo Miembro Miembro

    Pues hace unos dias estube batallando con algunos virus y ahora parece que ya todo esta estable, solo tengo problemas para eliminar algunos archivos que me muestra como infectados con el Virus.Win32.Virut.ce, la ubicacion de casi todos estos estan en la ruta C:\Windows\System32\DriverStore\FileRepository y ya de ahi varia en algunas carpetas pero todos los archivos infectados son .exe, el problema es que el antivirus (Kaspersky) no me da la opcion de desinfectar, solo permite ignorar la amenaza y si me voy a la ruta para eliminarlos de forma manual Windows (vista) me dice que necesito permisos para poder realizar esa accion y solo me da opcion de reintentar o cancelar pero de ahi ya no puedo hacer nada, quisiera saber si me pueden ayudar con ese problema...



    aqui les dejo el log del hijackthis por si les sirve de algo, espero me puedan ayudar, desde ya gracias!!!



    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 03:15:32 p.m., on 04/07/2009

    Platform: Windows Vista SP1 (WinNT 6.00.1905)

    MSIE: Internet Explorer v7.00 (7.00.6001.18248)

    Boot mode: Safe mode



    Running processes:

    C:\Windows\Explorer.EXE

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

    O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')

    O4 - HKUS\S-1-5-19\..\RunOnce: [] (User '?')

    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')

    O4 - HKUS\S-1-5-20\..\RunOnce: [] (User '?')

    O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')

    O4 - HKUS\S-1-5-18\..\RunOnce: [] (User '?')

    O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

    O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

    O13 - Gopher Prefix:

    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab

    O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel.com/mmawap/jsp/compos...r/mmsPlayer.cab

    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

    O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe



    --

    End of file - 6301 bytes
  2. Caito

    Caito Nuevo Miembro Miembro

    Realiza los siguientes pasos y nos pasas los resultados:

    Actualiza tu sistema Aqui (Si no te deja actualizar pasa al siguiente paso)

    Borra todas las cookies y el registro con CCleaner

    Vete a Inicio- Panel de Control--> Java (si usas Java) y elimina todos los archivos temporales.

    Borrar archivos temporales--> Desde Inicio, Ejecutar, escribe %TEMP%, pulsa Enter y elimina todo el contenido.

    Pásale el Malwarebytes AntiMalware. (Actualizalo, y al acabar el Scaneo elije la opcion eliminar, despues guarda el report y lo pegas) [Si tienes alguna duda aquí tienes un Manual de Malwarebytes AntiMalware]

    Ademas, haz un Scan on line:Los mejores antivirus online | Seguridad Windows

    Debes usar el Internet Explorer y aceptar los active x

    Le pones que elimine lo que te detecte.

    Nos copias ese reporte, el del Malwarebytes Antimalware y un nuevo log del hijackthis.

    Saludos

    Caito
  3. sagitarius

    sagitarius Nuevo Miembro Miembro

    Aqui te dejo los logs de Hijackthis y antimalaware, el scan online no lo pude hacer creo que algo quedo dañado por la infeccion, y si estaba ejecutando el IE como administrador asi que ese no es el problema...



    bien, este es el hijack



    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 06:53:33 p.m., on 04/07/2009

    Platform: Windows Vista SP1 (WinNT 6.00.1905)

    MSIE: Internet Explorer v7.00 (7.00.6001.18248)

    Boot mode: Normal



    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskeng.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    C:\Program Files\HP\QuickPlay\QPService.exe

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

    O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')

    O4 - HKUS\S-1-5-19\..\RunOnce: [] (User '?')

    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')

    O4 - HKUS\S-1-5-20\..\RunOnce: [] (User '?')

    O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')

    O4 - HKUS\S-1-5-18\..\RunOnce: [] (User '?')

    O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

    O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

    O13 - Gopher Prefix:

    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab

    O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel.com/mmawap/jsp/compos...r/mmsPlayer.cab

    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

    O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe



    --

    End of file - 7008 bytes









    y este el de antimalaware



    Malwarebytes' Anti-Malware 1.38

    Versión de la Base de Datos: 2374

    Windows 6.0.6001 Service Pack 1



    04/07/2009 06:17:20 p.m.

    mbam-log-2009-07-04 (18-17-20).txt



    Tipo de examen : Examen Completo (C:\|D:\|)

    Objetos examinados: 275493

    Tiempo transcurrido: 59 minute(s), 29 second(s)



    Procesos en Memoria Infectados: 0

    Módulos en Memoria Infectados: 0

    Claves del Registro Infectadas: 7

    Valores del Registro Infectados: 0

    Elementos de Datos del Registro Infectados: 0

    Carpetas Infectadas: 0

    Ficheros Infectados: 0



    Procesos en Memoria Infectados:

    (No se han detectado elementos maliciosos)



    Módulos en Memoria Infectados:

    (No se han detectado elementos maliciosos)



    Claves del Registro Infectadas:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.



    Valores del Registro Infectados:

    (No se han detectado elementos maliciosos)



    Elementos de Datos del Registro Infectados:

    (No se han detectado elementos maliciosos)



    Carpetas Infectadas:

    (No se han detectado elementos maliciosos)



    Ficheros Infectados:

    (No se han detectado elementos maliciosos)





    espero su ayuda, Gracias!!!
  4. Caito

    Caito Nuevo Miembro Miembro

    Baja este programa:

    Dr.Web CureIt

    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe



    Manual:

    http://www.trucoswindows.net/forowindows/manuales-seguridad/70815-dr-web-cureit.html



    Doble click en drweb-cureit.exe

    Clic en Star para que comience el scaneo

    Al principio verifica la memoria y tienes que cliquear Yes cuando te pregunte si quieres que tal archivo sea curado (cure it ),esto es un scan rápido

    Tambien te puede aparecer un pop up ofreciendo la posibilidad de comprar el programa ,solo elimina ese pop up y sigue…

    Cuando ese scan termine haz clic en Options > Change settings

    Elige la solapa Scan y destildas "Heuristic analysis".

    Ahora vuelve a la ventana principal y eliges los discos a scanear:

    elige “All Drives”,un punto rojo te indica cuales elegiste

    Haz clic en la flecha verde ubicada a la derecha y comenzará el scaneo

    Click 'Yes to all' si te pregunta si quieres “Cure” o “Move “ los archivos

    Cuando el scaneo termine te fijas en los archivos encontrados y junto a ellos se halla un ícono trata de cliquear en ese y si puedes cliquea en otro ícono a la derecha y elige Move incurable

    Esto pondrá esos archivos en “%userprofile%\DoctorWeb\quarantaine-folder”si no han podido “curarse”.

    Ahora en el Menu principal clic en File y elige save report list

    Guarda ese reporte en tu escritorio (el nombre será DrWeb.csv)

    Cierra el programa.

    Pon ese reporte y un nuevo log

    saludos

    caito
  5. sagitarius

    sagitarius Nuevo Miembro Miembro

    Hasta ahora puedo postear respuesta, fijate que corri el Dr. Web y me sigue detectando los mismos archivos infectados, cuando trata de curarlos no lo puede hacer y cuando los quiere mover tampoco lo hace, marca error de escritura no te pongo ese reporte porque no me lo genero, de hecho corri el programa dos veces para obtenmerlo y nada, ademas de que se tarda bastante, no estoy seguro cuanto pero me imagino que fueron como 10 horas, es normal eso?



    Te digo que paso cuando quise guradar el reporte, la primera vez me fui a archivo >guardar reporte y simplemente se cerro el programa, volvi a correrlo y cuando termino hice lo mismo pero esta vez como que flasheo un pantallazo azul y despues me reseteo la maquina y por el tiempo que tarda en escanear decidi ya no pasarlo y ponerte aqui lo que me paso, algun consejo?



    aqui te vuelvo a dejar un nuevo reporte de hijack como lo pediste:



    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 11:21:19 a.m., on 07/07/2009

    Platform: Windows Vista SP1 (WinNT 6.00.1905)

    MSIE: Internet Explorer v7.00 (7.00.6001.18248)

    Boot mode: Normal



    Running processes:

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\Explorer.EXE

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    C:\Program Files\HP\QuickPlay\QPService.exe

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

    O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')

    O4 - HKUS\S-1-5-19\..\RunOnce: [] (User '?')

    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')

    O4 - HKUS\S-1-5-20\..\RunOnce: [] (User '?')

    O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')

    O4 - HKUS\S-1-5-18\..\RunOnce: [] (User '?')

    O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

    O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

    O13 - Gopher Prefix:

    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab

    O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel.com/mmawap/jsp/compos...r/mmsPlayer.cab

    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

    O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe



    --

    End of file - 7214 bytes
  6. Caito

    Caito Nuevo Miembro Miembro

    Abre el AdAware SE

    Ve a AdWatch interfaz del usuario

    Ve a herramientas y preferencias

    En el boton de la pantalla verás dos opciones :

    Activo y Automático

    Activo:esto tornará Ad-Watch On//off sin necesidad de cerrarlo

    Automático : toda actividad sospechosa será bloquada en forma automática

    saca el tilde de ambas opciones. Luego de limpiar podrás activarlas otra vez



    Luego:



    Descarga la utilidad ComboFix.exe (Windows 98/ME/2000/XP)

    Descargar Herramienta Combofix.exe | Seguridad - Herramienta seguridad



    Descargar Herramienta Combofix.exe | Seguridad - Herramienta seguridad

    Descargar Herramienta Combofix.exe | Seguridad - Herramienta seguridad

    Descargar Herramienta Combofix.exe | Seguridad - Herramienta seguridad



    Desactiva temporalmente el Antivirus y/o Antispyware.

    Cierra todas las ventanas abiertas.



    *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.

    *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.



    -Ejecuta ComboFix.exe para iniciar el programa.



    -Se abrirá la ventana del programa en modo MS-DOS. Pulsa inmediatamente la tecla "Y" (Yes) y después sobre ENTER para iniciar el proceso de detección y limpieza.



    -Los iconos del Escritorio desaparecerán (esto es normal) y aparecerá el mensaje "Performing a scan of your machine".



    - A continuación, aparecerá el mensaje "Preparing a log report" "This takes a while. So, please be patient".



    -Seguidamente, aparecerán los mensajes "Almost done..." "A report of Combofix's actions would be produced at C:\Combofix.txt".



    -Se paciente y espera a que la ventana del programa se cierre sola y se muestre el archivo C:\Combofix.txt. Los iconos del Escritorio volverán a su sitio sin necesidad de tener que reiniciar el PC.



    -Por último, el informe combofix.txt mostrará los archivos detectados y eliminados, ese tal reporte lo pegas acá



    - Además pon un nuevo log del hijack

    Saludos

    Caito
  7. sagitarius

    sagitarius Nuevo Miembro Miembro

    Aqui te dejo los reportes Caito



    este es el de combofix



    ComboFix 09-07-07.A2 - Mara 07/07/2009 19:40.1 - NTFSx86

    Running from: c:\users\Mara\Desktop\ComboFix.exe

    * Created a new restore point

    .



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .



    c:\$recycle.bin\S-1-5-21-1977552084-830720039-2976544655-500

    c:\$recycle.bin\S-1-5-21-2826126612-341877328-3438544454-500

    c:\recycler\S-1-5-21-0230149787-2146084638-694461594-1322

    c:\users\Mara\AppData\Roaming\inst.exe

    c:\windows\Installer\1d01a9.msi

    c:\windows\Installer\7487d.msi

    c:\windows\Installer\WMEncoder.msi

    c:\windows\system32\KBL.LOG



    .

    ((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))

    .



    2009-07-05 20:58 . 2009-07-05 20:58 -------- d-----w- c:\users\Mara\DoctorWeb

    2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\users\Mara\AppData\Roaming\Malwarebytes

    2009-07-04 22:15 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\programdata\Malwarebytes

    2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2009-07-04 22:15 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

    2009-07-02 04:48 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys

    2009-07-02 04:48 . 2009-07-02 04:48 -------- d-----w- c:\program files\Panda Security

    2009-07-02 00:05 . 2009-07-02 00:05 -------- d-----w- c:\program files\Java

    2009-07-01 18:57 . 2009-07-04 23:49 -------- d-----w- c:\windows\BDOSCAN8

    2009-07-01 05:51 . 2009-07-01 05:51 112144 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys

    2009-07-01 05:51 . 2009-07-01 05:51 25104 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll

    2009-07-01 05:51 . 2009-07-01 05:51 772624 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll

    2009-07-01 05:51 . 2009-07-01 05:51 150032 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll

    2009-07-01 05:51 . 2009-07-01 05:51 354832 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll

    2009-07-01 05:18 . 2008-07-09 17:41 -------- d--h--w- C:\klab

    2009-07-01 05:12 . 2009-07-01 05:51 94643 ----a-w- c:\windows\system32\drivers\klick.dat

    2009-07-01 05:12 . 2009-07-01 05:51 105395 ----a-w- c:\windows\system32\drivers\klin.dat

    2009-07-01 05:12 . 2009-07-08 00:25 -------- d-----w- c:\programdata\Kaspersky Lab

    2009-07-01 05:12 . 2009-07-01 05:12 -------- d-----w- c:\program files\Kaspersky Lab

    2009-07-01 02:43 . 2009-07-01 02:43 -------- d-----w- c:\program files\Trend Micro

    2009-06-30 05:15 . 2009-07-07 16:32 66019104 --sha-w- c:\windows\system32\drivers\fidbox.dat

    2009-06-30 04:52 . 2009-07-01 05:01 -------- d-----w- c:\program files\Common Files\ParetoLogic

    2009-06-30 04:22 . 2009-06-30 04:22 -------- d-----w- c:\program files\ESET

    2009-06-30 01:32 . 2009-06-30 00:07 15688 ----a-w- c:\windows\system32\lsdelete.exe

    2009-06-30 00:07 . 2009-06-30 00:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

    2009-06-30 00:07 . 2009-06-30 00:07 314712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe

    2009-06-30 00:07 . 2009-07-07 00:08 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll

    2009-06-30 00:07 . 2009-06-30 00:07 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe

    2009-06-30 00:07 . 2009-06-30 00:07 169312 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll

    2009-06-30 00:07 . 2009-06-30 00:07 348496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll

    2009-06-30 00:07 . 2009-06-30 00:07 298336 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll

    2009-06-30 00:07 . 2009-06-30 00:07 84832 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll

    2009-06-30 00:06 . 2009-07-07 00:08 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll

    2009-06-30 00:06 . 2009-06-30 00:06 246128 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll

    2009-06-30 00:06 . 2009-06-30 00:06 40288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

    2009-06-30 00:06 . 2009-06-30 00:06 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys

    2009-06-30 00:06 . 2009-06-30 00:06 85352 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe

    2009-06-30 00:06 . 2009-06-30 00:06 664424 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll

    2009-06-30 00:06 . 2009-06-30 00:06 563064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

    2009-06-30 00:06 . 2009-06-30 00:06 566632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

    2009-06-30 00:06 . 2009-07-07 00:07 2353480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

    2009-06-30 00:05 . 2009-06-30 00:05 629072 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe

    2009-06-30 00:05 . 2009-06-30 00:05 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe

    2009-06-30 00:05 . 2009-06-30 00:05 1029456 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe

    2009-06-29 23:59 . 2009-06-30 00:07 -------- dc----w- c:\windows\system32\DRVSTORE

    2009-06-29 23:59 . 2009-06-29 23:59 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

    2009-06-29 23:59 . 2009-03-12 08:17 2902048 -c--a-w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe

    2009-06-29 23:58 . 2009-06-29 23:59 -------- d-----w- c:\programdata\Lavasoft

    2009-06-29 23:58 . 2009-06-29 23:58 -------- d-----w- c:\program files\Lavasoft

    2009-06-29 23:29 . 2009-06-29 23:29 -------- d-----w- c:\program files\CCleaner

    2009-06-28 05:24 . 2009-06-29 23:59 -------- d-----w- c:\users\Mara\AppData\Roaming\DivX

    2009-06-28 05:23 . 2009-07-02 15:27 -------- d-----w- c:\program files\Common Files\PX Storage Engine

    2009-06-23 14:55 . 2009-06-23 15:13 -------- d-----w- c:\users\Mara\AppData\Roaming\Reg Tool

    2009-06-12 01:11 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys

    2009-06-12 00:47 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll

    2009-06-12 00:46 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll



    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-07-07 16:32 . 2009-06-30 05:15 830288 --sha-w- c:\windows\system32\drivers\fidbox.idx

    2009-07-06 10:42 . 2008-01-21 02:33 841216 ----a-w- c:\windows\system32\WerFaultSecure.exe

    2009-07-06 10:39 . 2008-01-21 02:33 658432 ----a-w- c:\windows\system32\mstsc.exe

    2009-07-06 10:38 . 2006-11-02 08:39 691200 ----a-w- c:\windows\system32\Magnify.exe

    2009-07-02 00:05 . 2009-05-05 15:43 410984 ----a-w- c:\windows\system32\deploytk.dll

    2009-07-01 18:29 . 2009-04-14 22:03 247808 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe

    2009-07-01 18:29 . 2008-01-21 02:34 626176 ----a-w- c:\windows\system32\wbem\WMIC.exe

    2009-07-01 18:29 . 2008-01-21 02:34 78336 ----a-w- c:\windows\system32\wbem\WinMgmt.exe

    2009-07-01 18:29 . 2008-01-21 02:34 174080 ----a-w- c:\windows\system32\wbem\wbemtest.exe

    2009-07-01 18:29 . 2008-01-21 02:33 38912 ----a-w- c:\windows\system32\wbem\unsecapp.exe

    2009-07-01 18:29 . 2008-01-21 02:33 41472 ----a-w- c:\windows\system32\wbem\scrcons.exe

    2009-07-01 18:29 . 2008-01-21 02:33 20480 ----a-w- c:\windows\system32\wbem\mofcomp.exe

    2009-07-01 18:27 . 2008-01-21 02:33 3216896 ----a-w- c:\windows\system32\WinSAT.exe

    2009-07-01 18:27 . 2008-01-21 02:33 294912 ----a-w- c:\windows\system32\ssText3d.scr

    2009-07-01 18:27 . 2008-01-21 02:32 8139264 ----a-w- c:\windows\system32\ssBranded.scr

    2009-07-01 18:27 . 2006-11-02 08:48 10752 ----a-w- c:\windows\system32\scrnsave.scr

    2009-07-01 18:27 . 2008-01-21 02:35 705536 ----a-w- c:\windows\system32\PhotoScreensaver.scr

    2009-07-01 18:27 . 2008-01-21 02:32 221184 ----a-w- c:\windows\system32\Ribbons.scr

    2009-07-01 18:27 . 2008-01-21 02:33 799232 ----a-w- c:\windows\system32\certutil.exe

    2009-07-01 18:27 . 2008-01-21 02:33 221696 ----a-w- c:\windows\system32\Mystify.scr

    2009-07-01 18:27 . 2008-01-21 02:33 880128 ----a-w- c:\windows\system32\Bubbles.scr

    2009-07-01 18:27 . 2008-01-21 02:33 1371136 ----a-w- c:\windows\system32\Aurora.scr

    2009-07-01 18:26 . 2006-10-17 17:05 28672 ----a-w- c:\windows\Help\OEM\scripts\launchAP.exe

    2009-07-01 18:26 . 2007-10-02 10:06 24576 ----a-w- c:\windows\Help\OEM\scripts\HPHS_Launcher.exe

    2009-07-01 06:29 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar

    2009-07-01 06:27 . 2008-01-21 02:34 5714432 ----a-w- c:\windows\system32\logon.scr

    2009-07-01 06:27 . 2008-01-21 02:33 2092544 ----a-w- c:\windows\system32\dfsr.exe

    2009-07-01 06:20 . 2008-07-08 08:16 -------- d-----w- c:\program files\Apoint2K

    2009-07-01 05:51 . 2007-10-31 18:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys

    2009-07-01 05:11 . 2009-03-14 16:07 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files

    2009-07-01 01:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

    2009-06-30 19:11 . 2008-01-21 02:34 186368 ----a-w- c:\windows\system32\SLLUA.exe

    2009-06-30 19:10 . 2009-04-14 22:03 667136 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

    2009-06-30 19:09 . 2008-01-21 02:32 74752 ----a-w- c:\windows\system32\wlanext.exe

    2009-06-30 19:08 . 2008-01-21 02:33 192000 ----a-w- c:\windows\system32\bitsadmin.exe

    2009-06-30 19:07 . 2006-11-02 09:16 13312 ----a-w- c:\windows\system32\tcmsetup.exe

    2009-06-30 19:06 . 2006-11-02 08:47 16896 ----a-w- c:\windows\system32\grpconv.exe

    2009-06-30 19:05 . 2008-08-01 03:30 155648 ----a-w- c:\windows\system32\wscript.exe

    2009-06-30 19:04 . 2008-01-21 02:34 1793024 ----a-w- c:\windows\system32\mmc.exe

    2009-06-30 19:03 . 2006-11-02 08:58 13312 ----a-w- c:\windows\system32\snmptrap.exe

    2009-06-30 19:03 . 2006-11-02 08:50 7680 ----a-w- c:\windows\system32\Locator.exe

    2009-06-30 19:03 . 2008-01-21 02:33 60416 ----a-w- c:\windows\system32\alg.exe

    2009-06-30 18:44 . 2008-01-21 02:35 311296 ----a-w- c:\windows\system32\unregmp2.exe

    2009-06-30 18:41 . 2008-01-21 02:33 118272 ----a-w- c:\windows\system32\wbem\WMIADAP.exe

    2009-06-30 18:40 . 2008-01-21 02:34 143360 ----a-w- c:\windows\system32\WUDFHost.exe

    2009-06-30 18:40 . 2008-01-21 02:34 26112 ----a-w- c:\windows\system32\userinit.exe

    2009-06-30 15:21 . 2008-01-21 02:34 20992 ----a-w- c:\windows\system32\RacAgent.exe

    2009-06-30 15:20 . 2008-01-21 02:33 56320 ----a-w- c:\windows\system32\wermgr.exe

    2009-06-30 15:19 . 2008-01-21 02:33 1055232 ----a-w- c:\windows\system32\VSSVC.exe

    2009-06-30 15:19 . 2006-11-02 08:47 81920 ----a-w- c:\windows\system32\SystemPropertiesProtection.exe

    2009-06-30 15:18 . 2006-11-02 08:48 9728 ----a-w- c:\windows\system32\verclsid.exe

    2009-06-30 15:17 . 2008-01-21 02:34 151552 ----a-w- c:\windows\system32\schtasks.exe

    2009-06-30 15:16 . 2008-01-21 02:33 192512 ----a-w- c:\windows\system32\wsqmcons.exe

    2009-06-30 15:14 . 2008-01-21 02:33 81920 ----a-w- c:\windows\system32\consent.exe

    2009-06-30 06:30 . 2008-01-21 02:33 318976 ----a-w- c:\windows\system32\cmd.exe

    2009-06-30 06:30 . 2006-11-02 08:47 212992 ----a-w- c:\windows\system32\control.exe

    2009-06-30 06:30 . 2008-01-21 02:34 9216 ----a-w- c:\windows\system32\LogonUI.exe

    2009-06-30 06:30 . 2008-01-21 02:34 151552 ----a-w- c:\windows\system32\notepad.exe

    2009-06-30 05:15 . 2006-11-02 08:48 44544 ----a-w- c:\windows\system32\rundll32.exe

    2009-06-30 05:15 . 2006-11-02 09:11 9216 ----a-w- c:\windows\winhlp32.exe

    2009-06-30 01:32 . 2008-03-10 04:46 -------- d-----w- c:\program files\MSN Messenger

    2009-06-29 03:22 . 2009-05-27 02:55 -------- d-----w- c:\users\Mara\AppData\Roaming\Desktopicon

    2009-06-26 05:43 . 2008-07-24 05:06 -------- d-----w- c:\program files\Common Files\LightScribe

    2009-06-25 03:24 . 2008-07-24 05:21 108248 ----a-w- c:\users\Mara\AppData\Local\GDIPFONTCACHEV1.DAT

    2009-06-22 19:37 . 2008-09-20 19:40 -------- d-----w- c:\users\Mara\AppData\Roaming\LimeWire

    2009-06-15 08:01 . 2008-03-10 04:26 -------- d-----w- c:\programdata\Microsoft Help

    2009-06-12 18:07 . 2008-03-10 04:04 -------- d-----w- c:\program files\Microsoft Works

    2009-05-31 04:08 . 2009-05-31 04:08 -------- d-----w- c:\programdata\ABBYY

    2009-05-31 03:53 . 2009-05-31 03:53 -------- d-----w- c:\users\Mara\AppData\Roaming\ABBYY

    2009-05-31 03:52 . 2009-05-31 03:52 -------- d-----w- c:\program files\ABBYY

    2009-05-31 03:48 . 2008-03-10 03:32 -------- d--h--w- c:\program files\InstallShield Installation Information

    2009-05-31 03:47 . 2009-05-31 03:47 -------- d-----w- c:\program files\ScanDrv6

    2009-05-28 14:06 . 2009-05-27 03:14 -------- d-----w- c:\program files\vso

    2009-05-28 14:06 . 2009-05-27 03:14 -------- d-----w- c:\users\Mara\AppData\Roaming\Vso

    2009-05-28 14:06 . 2009-05-27 03:14 47360 ----a-w- c:\users\Mara\AppData\Roaming\pcouffin.sys

    2009-05-28 14:06 . 2009-05-27 03:14 47360 ----a-w- c:\users\Mara\AppData\Roaming\pcouffin.sys

    2009-05-27 03:37 . 2009-05-27 03:37 -------- d-----w- c:\program files\iSofter

    2009-05-27 03:14 . 2009-05-27 03:14 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

    2009-05-27 02:54 . 2009-05-27 02:54 -------- d-----w- c:\program files\DsNET Corp

    2009-05-22 03:02 . 2009-05-22 03:04 53248 ----a-w- c:\windows\STIASPI.DLL

    2009-05-22 03:02 . 2009-05-22 03:04 77824 ------w- c:\windows\scanusd.dll

    2009-05-22 02:14 . 2008-12-21 22:30 680 ----a-w- c:\users\Mara\AppData\Local\d3d9caps.dat

    2009-05-16 23:57 . 2008-09-26 03:05 552 ----a-w- c:\users\Mara\AppData\Roaming\wklnhst.dat

    2009-05-16 23:08 . 2008-07-08 08:36 -------- d-----w- c:\programdata\WildTangent

    2009-05-13 22:08 . 2009-05-12 03:33 -------- d-----w- c:\program files\Atlas

    2009-05-12 04:05 . 2009-05-12 03:59 -------- d-----w- c:\users\Mara\AppData\Roaming\GetRightToGo

    2009-04-24 16:05 . 2009-06-12 01:50 827904 ----a-w- c:\windows\system32\wininet.dll

    2009-04-24 16:02 . 2009-06-12 01:50 78336 ----a-w- c:\windows\system32\ieencode.dll

    .



    ------- Sigcheck -------





    [-] 2009-06-30 19:10 9216 7ED786A481924418A3E7747E5AD35B07 c:\windows\System32\ctfmon.exe

    [-] 2009-06-30 19:10 9216 7ED786A481924418A3E7747E5AD35B07 c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe



    [-] 2009-06-30 18:40 26112 34FE97C2704B0F57F686334BE8040B13 c:\windows\System32\userinit.exe

    [-] 2009-06-30 18:40 26112 34FE97C2704B0F57F686334BE8040B13 c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe





    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4



    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]



    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]

    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]

    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]

    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]

    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]

    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

    "Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2009-06-30 258048]

    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-30 520024]

    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888]



    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableUIADesktopToggle"= 0 (0x0)



    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll



    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "aux3"=wdmaud.drv



    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    @="Service"



    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    @="Service"



    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "UacDisableNotify"=dword:00000001

    "InternetSettingsDisableNotify"=dword:00000001

    "AutoUpdateDisableNotify"=dword:00000001



    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001



    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

    "DisableMonitoring"=dword:00000001



    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001



    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001



    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

    "AntiVirusOverride"=dword:00000001

    "AntiSpywareOverride"=dword:00000001



    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

    "{CC7729F2-6607-4451-A04F-B52A8B5CCA32}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

    "{5D544672-B369-467D-8744-AC8879263DA1}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

    "{B67CFC00-98E3-4F92-AED9-7186AD056C6E}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

    "{46DB359F-B5E9-41CF-AE14-EA19AFD0D6F9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

    "{0D849478-FAC9-48EA-BA9D-66E71F074B6E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

    "{31FF75D9-C664-459B-92F9-4833CE9BC216}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

    "{DACD0295-24DE-4205-A331-6D6D623BA34D}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

    "{73A50504-5DDB-4664-9DF9-96C0461936B5}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

    "TCP Query User{17B9C9BB-3D9B-4FF2-8239-A659677C562C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

    "UDP Query User{B0DD177B-9B6D-4720-A60E-4F7C8BB07487}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

    "TCP Query User{98AAD321-0030-42A9-B922-D4D3E439C04F}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows

    "UDP Query User{C341584E-504D-47E4-80FA-31FFB390F872}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows

    "TCP Query User{1BDE3C10-1F89-47E0-8C12-B07DE3A23DFC}c:\\program files\\ares\\chatserver.exe"= UDP:c:\program files\ares\chatserver.exe:Ares Chat Server

    "UDP Query User{AAE366A4-28F8-49EE-A6C9-E6AC405BD2D3}c:\\program files\\ares\\chatserver.exe"= TCP:c:\program files\ares\chatserver.exe:Ares Chat Server

    "TCP Query User{9CAAC2C3-AF04-4469-9CC8-88EEC29637A9}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\spanish\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\spanish\setup.exe:Kaspersky Anti-Virus 7.0 Instalación

    "UDP Query User{7EEC05CA-4A7C-4668-B536-55F9F6F76AC8}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\spanish\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\spanish\setup.exe:Kaspersky Anti-Virus 7.0 Instalación



    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

    "c:\\Windows\\system32\\wininit.exe"= c:\windows\system32\wininit.exe:*:enabled:mad:shell32.dll,-1



    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-30 1029456]

    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-06-30 64160]

    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]

    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-10-16 20496]





    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc



    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"

    .

    Contents of the 'Scheduled Tasks' folder



    2009-07-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job

    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:06]

    .

    - - - - ORPHANS REMOVED - - - -



    SafeBoot-Wdf01000.sys





    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

    DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmbox.itelcel.com/mmawap/jsp/composer/player/mmsPlayer.cab

    .

    .

    ------- File Associations -------

    .

    inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

    .



    **************************************************************************



    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-07-07 19:47

    Windows 6.0.6001 Service Pack 1 NTFS



    scanning hidden processes ...



    scanning hidden autostart entries ...



    scanning hidden files ...





    c:\users\Mara\AppData\Local\Temp\catchme.dll 53248 bytes executable



    scan completed successfully

    hidden files: 1



    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------



    - - - - - - - > 'winlogon.exe'(652)

    c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll



    - - - - - - - > 'lsass.exe'(620)

    c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll

    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll

    .

    Completion time: 2009-07-08 19:49

    ComboFix-quarantined-files.txt 2009-07-08 00:49



    Pre-Run: 74,007,113,728 bytes libres

    Post-Run: 74,009,825,280 bytes libres



    296 --- E O F --- 2009-07-06 21:42





    y este el nuevo hijackthis



    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 08:02:32 p.m., on 07/07/2009

    Platform: Windows Vista SP1 (WinNT 6.00.1905)

    MSIE: Internet Explorer v7.00 (7.00.6001.18248)

    Boot mode: Normal



    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    C:\Program Files\HP\QuickPlay\QPService.exe

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Windows\Explorer.exe

    C:\Program Files\Internet Explorer\ieuser.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

    O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')

    O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')

    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

    O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

    O13 - Gopher Prefix:

    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab

    O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel.com/mmawap/jsp/compos...r/mmsPlayer.cab

    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

    O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe



    --

    End of file - 6740 bytes





    gracias por la ayuda!!
  8. Caito

    Caito Nuevo Miembro Miembro

    Sigues teniendo problemas o funciona bien ?

    saludos

    Caito
  9. sagitarius

    sagitarius Nuevo Miembro Miembro

    Sigo igual, me siguen detectando los mismos archivos infectados y sigo sin poder eliminarlos
  10. Caito

    Caito Nuevo Miembro Miembro

    Hiciste esto ?



    "Abre el AdAware SE

    Ve a AdWatch interfaz del usuario

    Ve a herramientas y preferencias

    En el boton de la pantalla verás dos opciones :

    Activo y Automático

    Activo:esto tornará Ad-Watch On//off sin necesidad de cerrarlo

    Automático : toda actividad sospechosa será bloquada en forma automática

    saca el tilde de ambas opciones. Luego de limpiar podrás activarlas otra vez"



    Hazlo y repite lo del combo Fix

    Saludos

    Caito
  11. sagitarius

    sagitarius Nuevo Miembro Miembro

    Pues si ya habia hecho ese paso que me mencionaste, lo que hice esta vez fue desinstalar el adaware para evitar algun bloqueo y volvi a pasar el combofix, hice mal al desinstalar?...



    bueno aqui te dejo los reportes...



    Combofix



    ComboFix 09-07-09.06 - Mara 09/07/2009 18:54.3.1 - NTFSx86

    Running from: c:\users\Mara\Desktop\ComboFix.exe

    * Created a new restore point

    .



    ((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))

    .



    2009-07-05 20:58 . 2009-07-05 20:58 -------- d-----w- c:\users\Mara\DoctorWeb

    2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\users\Mara\AppData\Roaming\Malwarebytes

    2009-07-04 22:15 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\programdata\Malwarebytes

    2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2009-07-04 22:15 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

    2009-07-02 04:48 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys

    2009-07-02 04:48 . 2009-07-02 04:48 -------- d-----w- c:\program files\Panda Security

    2009-07-02 00:05 . 2009-07-02 00:05 -------- d-----w- c:\program files\Java

    2009-07-01 18:57 . 2009-07-04 23:49 -------- d-----w- c:\windows\BDOSCAN8

    2009-07-01 05:51 . 2009-07-01 05:51 112144 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys

    2009-07-01 05:51 . 2009-07-01 05:51 25104 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll

    2009-07-01 05:51 . 2009-07-01 05:51 772624 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll

    2009-07-01 05:51 . 2009-07-01 05:51 150032 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll

    2009-07-01 05:51 . 2009-07-01 05:51 354832 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll

    2009-07-01 05:18 . 2008-07-09 17:41 -------- d--h--w- C:\klab

    2009-07-01 05:12 . 2009-07-01 05:51 94643 ----a-w- c:\windows\system32\drivers\klick.dat

    2009-07-01 05:12 . 2009-07-01 05:51 105395 ----a-w- c:\windows\system32\drivers\klin.dat

    2009-07-01 05:12 . 2009-07-09 23:35 -------- d-----w- c:\programdata\Kaspersky Lab

    2009-07-01 05:12 . 2009-07-01 05:12 -------- d-----w- c:\program files\Kaspersky Lab

    2009-07-01 02:43 . 2009-07-01 02:43 -------- d-----w- c:\program files\Trend Micro

    2009-06-30 05:15 . 2009-07-09 23:59 66717984 --sha-w- c:\windows\system32\drivers\fidbox.dat

    2009-06-30 04:52 . 2009-07-01 05:01 -------- d-----w- c:\program files\Common Files\ParetoLogic

    2009-06-30 04:22 . 2009-06-30 04:22 -------- d-----w- c:\program files\ESET

    2009-06-29 23:59 . 2009-07-09 23:32 -------- dc----w- c:\windows\system32\DRVSTORE

    2009-06-29 23:58 . 2009-07-09 23:33 -------- d-----w- c:\programdata\Lavasoft

    2009-06-29 23:58 . 2009-07-09 23:33 -------- d-----w- c:\program files\Lavasoft

    2009-06-29 23:29 . 2009-06-29 23:29 -------- d-----w- c:\program files\CCleaner

    2009-06-28 05:24 . 2009-06-29 23:59 -------- d-----w- c:\users\Mara\AppData\Roaming\DivX

    2009-06-28 05:23 . 2009-07-02 15:27 -------- d-----w- c:\program files\Common Files\PX Storage Engine

    2009-06-23 14:55 . 2009-06-23 15:13 -------- d-----w- c:\users\Mara\AppData\Roaming\Reg Tool

    2009-06-12 01:11 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys

    2009-06-12 00:47 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll

    2009-06-12 00:46 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll



    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-07-09 23:48 . 2009-06-30 05:15 876896 --sha-w- c:\windows\system32\drivers\fidbox.idx

    2009-07-06 10:42 . 2008-01-21 02:33 841216 ----a-w- c:\windows\system32\WerFaultSecure.exe

    2009-07-06 10:39 . 2008-01-21 02:33 658432 ----a-w- c:\windows\system32\mstsc.exe

    2009-07-06 10:38 . 2006-11-02 08:39 691200 ----a-w- c:\windows\system32\Magnify.exe

    2009-07-02 00:05 . 2009-05-05 15:43 410984 ----a-w- c:\windows\system32\deploytk.dll

    2009-07-01 18:29 . 2009-04-14 22:03 247808 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe

    2009-07-01 18:29 . 2008-01-21 02:34 626176 ----a-w- c:\windows\system32\wbem\WMIC.exe

    2009-07-01 18:29 . 2008-01-21 02:34 78336 ----a-w- c:\windows\system32\wbem\WinMgmt.exe

    2009-07-01 18:29 . 2008-01-21 02:34 174080 ----a-w- c:\windows\system32\wbem\wbemtest.exe

    2009-07-01 18:29 . 2008-01-21 02:33 38912 ----a-w- c:\windows\system32\wbem\unsecapp.exe

    2009-07-01 18:29 . 2008-01-21 02:33 41472 ----a-w- c:\windows\system32\wbem\scrcons.exe

    2009-07-01 18:29 . 2008-01-21 02:33 20480 ----a-w- c:\windows\system32\wbem\mofcomp.exe

    2009-07-01 18:27 . 2008-01-21 02:33 3216896 ----a-w- c:\windows\system32\WinSAT.exe

    2009-07-01 18:27 . 2008-01-21 02:33 294912 ----a-w- c:\windows\system32\ssText3d.scr

    2009-07-01 18:27 . 2008-01-21 02:32 8139264 ----a-w- c:\windows\system32\ssBranded.scr

    2009-07-01 18:27 . 2006-11-02 08:48 10752 ----a-w- c:\windows\system32\scrnsave.scr

    2009-07-01 18:27 . 2008-01-21 02:35 705536 ----a-w- c:\windows\system32\PhotoScreensaver.scr

    2009-07-01 18:27 . 2008-01-21 02:32 221184 ----a-w- c:\windows\system32\Ribbons.scr

    2009-07-01 18:27 . 2008-01-21 02:33 799232 ----a-w- c:\windows\system32\certutil.exe

    2009-07-01 18:27 . 2008-01-21 02:33 221696 ----a-w- c:\windows\system32\Mystify.scr

    2009-07-01 18:27 . 2008-01-21 02:33 880128 ----a-w- c:\windows\system32\Bubbles.scr

    2009-07-01 18:27 . 2008-01-21 02:33 1371136 ----a-w- c:\windows\system32\Aurora.scr

    2009-07-01 18:26 . 2006-10-17 17:05 28672 ----a-w- c:\windows\Help\OEM\scripts\launchAP.exe

    2009-07-01 18:26 . 2007-10-02 10:06 24576 ----a-w- c:\windows\Help\OEM\scripts\HPHS_Launcher.exe

    2009-07-01 06:29 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar

    2009-07-01 06:27 . 2008-01-21 02:34 5714432 ----a-w- c:\windows\system32\logon.scr

    2009-07-01 06:27 . 2008-01-21 02:33 2092544 ----a-w- c:\windows\system32\dfsr.exe

    2009-07-01 06:20 . 2008-07-08 08:16 -------- d-----w- c:\program files\Apoint2K

    2009-07-01 05:51 . 2007-10-31 18:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys

    2009-07-01 05:11 . 2009-03-14 16:07 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files

    2009-07-01 01:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

    2009-06-30 19:11 . 2008-01-21 02:34 186368 ----a-w- c:\windows\system32\SLLUA.exe

    2009-06-30 19:10 . 2009-04-14 22:03 667136 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

    2009-06-30 19:09 . 2008-01-21 02:32 74752 ----a-w- c:\windows\system32\wlanext.exe

    2009-06-30 19:08 . 2008-01-21 02:33 192000 ----a-w- c:\windows\system32\bitsadmin.exe

    2009-06-30 19:07 . 2006-11-02 09:16 13312 ----a-w- c:\windows\system32\tcmsetup.exe

    2009-06-30 19:06 . 2006-11-02 08:47 16896 ----a-w- c:\windows\system32\grpconv.exe

    2009-06-30 19:05 . 2008-08-01 03:30 155648 ----a-w- c:\windows\system32\wscript.exe

    2009-06-30 19:04 . 2008-01-21 02:34 1793024 ----a-w- c:\windows\system32\mmc.exe

    2009-06-30 19:03 . 2006-11-02 08:58 13312 ----a-w- c:\windows\system32\snmptrap.exe

    2009-06-30 19:03 . 2006-11-02 08:50 7680 ----a-w- c:\windows\system32\Locator.exe

    2009-06-30 19:03 . 2008-01-21 02:33 60416 ----a-w- c:\windows\system32\alg.exe

    2009-06-30 18:44 . 2008-01-21 02:35 311296 ----a-w- c:\windows\system32\unregmp2.exe

    2009-06-30 18:41 . 2008-01-21 02:33 118272 ----a-w- c:\windows\system32\wbem\WMIADAP.exe

    2009-06-30 18:40 . 2008-01-21 02:34 143360 ----a-w- c:\windows\system32\WUDFHost.exe

    2009-06-30 18:40 . 2008-01-21 02:34 26112 ----a-w- c:\windows\system32\userinit.exe

    2009-06-30 15:21 . 2008-01-21 02:34 20992 ----a-w- c:\windows\system32\RacAgent.exe

    2009-06-30 15:20 . 2008-01-21 02:33 56320 ----a-w- c:\windows\system32\wermgr.exe

    2009-06-30 15:19 . 2008-01-21 02:33 1055232 ----a-w- c:\windows\system32\VSSVC.exe

    2009-06-30 15:19 . 2006-11-02 08:47 81920 ----a-w- c:\windows\system32\SystemPropertiesProtection.exe

    2009-06-30 15:18 . 2006-11-02 08:48 9728 ----a-w- c:\windows\system32\verclsid.exe

    2009-06-30 15:17 . 2008-01-21 02:34 151552 ----a-w- c:\windows\system32\schtasks.exe

    2009-06-30 15:16 . 2008-01-21 02:33 192512 ----a-w- c:\windows\system32\wsqmcons.exe

    2009-06-30 15:14 . 2008-01-21 02:33 81920 ----a-w- c:\windows\system32\consent.exe

    2009-06-30 06:30 . 2008-01-21 02:33 318976 ----a-w- c:\windows\system32\cmd.exe

    2009-06-30 06:30 . 2006-11-02 08:47 212992 ----a-w- c:\windows\system32\control.exe

    2009-06-30 06:30 . 2008-01-21 02:34 9216 ----a-w- c:\windows\system32\LogonUI.exe

    2009-06-30 06:30 . 2008-01-21 02:34 151552 ----a-w- c:\windows\system32\notepad.exe

    2009-06-30 05:15 . 2006-11-02 08:48 44544 ----a-w- c:\windows\system32\rundll32.exe

    2009-06-30 05:15 . 2006-11-02 09:11 9216 ----a-w- c:\windows\winhlp32.exe

    2009-06-30 01:32 . 2008-03-10 04:46 -------- d-----w- c:\program files\MSN Messenger

    2009-06-29 03:22 . 2009-05-27 02:55 -------- d-----w- c:\users\Mara\AppData\Roaming\Desktopicon

    2009-06-26 05:43 . 2008-07-24 05:06 -------- d-----w- c:\program files\Common Files\LightScribe

    2009-06-25 03:24 . 2008-07-24 05:21 108248 ----a-w- c:\users\Mara\AppData\Local\GDIPFONTCACHEV1.DAT

    2009-06-22 19:37 . 2008-09-20 19:40 -------- d-----w- c:\users\Mara\AppData\Roaming\LimeWire

    2009-06-15 08:01 . 2008-03-10 04:26 -------- d-----w- c:\programdata\Microsoft Help

    2009-06-12 18:07 . 2008-03-10 04:04 -------- d-----w- c:\program files\Microsoft Works

    2009-05-31 04:08 . 2009-05-31 04:08 -------- d-----w- c:\programdata\ABBYY

    2009-05-31 03:53 . 2009-05-31 03:53 -------- d-----w- c:\users\Mara\AppData\Roaming\ABBYY

    2009-05-31 03:52 . 2009-05-31 03:52 -------- d-----w- c:\program files\ABBYY

    2009-05-31 03:48 . 2008-03-10 03:32 -------- d--h--w- c:\program files\InstallShield Installation Information

    2009-05-31 03:47 . 2009-05-31 03:47 -------- d-----w- c:\program files\ScanDrv6

    2009-05-28 14:06 . 2009-05-27 03:14 -------- d-----w- c:\program files\vso

    2009-05-28 14:06 . 2009-05-27 03:14 -------- d-----w- c:\users\Mara\AppData\Roaming\Vso

    2009-05-28 14:06 . 2009-05-27 03:14 47360 ----a-w- c:\users\Mara\AppData\Roaming\pcouffin.sys

    2009-05-28 14:06 . 2009-05-27 03:14 47360 ----a-w- c:\users\Mara\AppData\Roaming\pcouffin.sys

    2009-05-27 03:37 . 2009-05-27 03:37 -------- d-----w- c:\program files\iSofter

    2009-05-27 03:14 . 2009-05-27 03:14 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

    2009-05-27 02:54 . 2009-05-27 02:54 -------- d-----w- c:\program files\DsNET Corp

    2009-05-22 03:02 . 2009-05-22 03:04 53248 ----a-w- c:\windows\STIASPI.DLL

    2009-05-22 03:02 . 2009-05-22 03:04 77824 ------w- c:\windows\scanusd.dll

    2009-05-22 02:14 . 2008-12-21 22:30 680 ----a-w- c:\users\Mara\AppData\Local\d3d9caps.dat

    2009-05-16 23:57 . 2008-09-26 03:05 552 ----a-w- c:\users\Mara\AppData\Roaming\wklnhst.dat

    2009-05-16 23:08 . 2008-07-08 08:36 -------- d-----w- c:\programdata\WildTangent

    2009-05-13 22:08 . 2009-05-12 03:33 -------- d-----w- c:\program files\Atlas

    2009-05-12 04:05 . 2009-05-12 03:59 -------- d-----w- c:\users\Mara\AppData\Roaming\GetRightToGo

    2009-04-24 16:05 . 2009-06-12 01:50 827904 ----a-w- c:\windows\system32\wininet.dll

    2009-04-24 16:02 . 2009-06-12 01:50 78336 ----a-w- c:\windows\system32\ieencode.dll

    .



    ------- Sigcheck -------





    [-] 2009-06-30 19:10 9216 7ED786A481924418A3E7747E5AD35B07 c:\windows\System32\ctfmon.exe

    [-] 2009-06-30 19:10 9216 7ED786A481924418A3E7747E5AD35B07 c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe



    [-] 2009-06-30 18:40 26112 34FE97C2704B0F57F686334BE8040B13 c:\windows\System32\userinit.exe

    [-] 2009-06-30 18:40 26112 34FE97C2704B0F57F686334BE8040B13 c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe





    .

    ((((((((((((((((((((((((((((( SnapShot@2009-07-08_00.47.40 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2008-01-21 01:58 . 2009-07-09 23:36 55784 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

    + 2006-11-02 13:02 . 2009-07-09 23:51 76082 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

    + 2008-07-24 05:03 . 2009-07-09 23:36 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2008-07-24 05:03 . 2009-07-08 00:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2008-07-24 05:03 . 2009-07-08 00:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2008-07-24 05:03 . 2009-07-09 23:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2008-07-24 05:03 . 2009-07-08 00:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2008-07-24 05:03 . 2009-07-09 23:36 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2009-07-07 23:06 . 2009-07-08 00:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    + 2009-07-09 23:34 . 2009-07-09 23:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    - 2009-07-07 23:06 . 2009-07-08 00:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2009-07-09 23:34 . 2009-07-09 23:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2008-07-25 04:41 . 2009-07-09 23:31 222226 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin

    + 2008-07-24 07:08 . 2009-07-08 19:07 245404 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

    - 2008-07-24 07:08 . 2009-07-08 00:31 245404 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4



    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]



    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]

    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]

    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]

    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]

    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]

    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

    "Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2009-06-30 258048]

    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888]



    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableUIADesktopToggle"= 0 (0x0)



    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll



    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "aux3"=wdmaud.drv



    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    @="Service"



    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "UacDisableNotify"=dword:00000001

    "InternetSettingsDisableNotify"=dword:00000001

    "AutoUpdateDisableNotify"=dword:00000001



    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001



    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

    "DisableMonitoring"=dword:00000001



    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001



    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001



    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

    "AntiVirusOverride"=dword:00000001

    "AntiSpywareOverride"=dword:00000001



    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

    "{CC7729F2-6607-4451-A04F-B52A8B5CCA32}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

    "{5D544672-B369-467D-8744-AC8879263DA1}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

    "{B67CFC00-98E3-4F92-AED9-7186AD056C6E}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

    "{46DB359F-B5E9-41CF-AE14-EA19AFD0D6F9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

    "{0D849478-FAC9-48EA-BA9D-66E71F074B6E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

    "{31FF75D9-C664-459B-92F9-4833CE9BC216}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

    "{DACD0295-24DE-4205-A331-6D6D623BA34D}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

    "{73A50504-5DDB-4664-9DF9-96C0461936B5}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

    "TCP Query User{17B9C9BB-3D9B-4FF2-8239-A659677C562C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

    "UDP Query User{B0DD177B-9B6D-4720-A60E-4F7C8BB07487}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

    "TCP Query User{98AAD321-0030-42A9-B922-D4D3E439C04F}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows

    "UDP Query User{C341584E-504D-47E4-80FA-31FFB390F872}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows

    "TCP Query User{1BDE3C10-1F89-47E0-8C12-B07DE3A23DFC}c:\\program files\\ares\\chatserver.exe"= UDP:c:\program files\ares\chatserver.exe:Ares Chat Server

    "UDP Query User{AAE366A4-28F8-49EE-A6C9-E6AC405BD2D3}c:\\program files\\ares\\chatserver.exe"= TCP:c:\program files\ares\chatserver.exe:Ares Chat Server

    "TCP Query User{9CAAC2C3-AF04-4469-9CC8-88EEC29637A9}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\spanish\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\spanish\setup.exe:Kaspersky Anti-Virus 7.0 Instalación

    "UDP Query User{7EEC05CA-4A7C-4668-B536-55F9F6F76AC8}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\spanish\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\spanish\setup.exe:Kaspersky Anti-Virus 7.0 Instalación



    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

    "c:\\Windows\\system32\\wininit.exe"= c:\windows\system32\wininit.exe:*:enabled:mad:shell32.dll,-1



    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]

    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-10-16 20496]





    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc



    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"

    .

    Contents of the 'Scheduled Tasks' folder

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

    DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmbox.itelcel.com/mmawap/jsp/composer/player/mmsPlayer.cab

    .

    .

    ------- File Associations -------

    .

    inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

    .



    **************************************************************************



    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-07-09 19:02

    Windows 6.0.6001 Service Pack 1 NTFS



    scanning hidden processes ...



    scanning hidden autostart entries ...



    scanning hidden files ...



    scan completed successfully

    hidden files: 0



    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    Completion time: 2009-07-10 19:06

    ComboFix-quarantined-files.txt 2009-07-10 00:05

    ComboFix2.txt 2009-07-08 00:49



    Pre-Run: 74,246,656,000 bytes libres

    Post-Run: 74,223,157,248 bytes libres



    265 --- E O F --- 2009-07-06 21:42





    y el hijackthis



    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 07:09:37 p.m., on 09/07/2009

    Platform: Windows Vista SP1 (WinNT 6.00.1905)

    MSIE: Internet Explorer v7.00 (7.00.6001.18248)

    Boot mode: Normal



    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    C:\Program Files\HP\QuickPlay\QPService.exe

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Windows\Explorer.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

    O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')

    O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')

    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

    O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

    O13 - Gopher Prefix:

    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab

    O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel.com/mmawap/jsp/compos...r/mmsPlayer.cab

    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

    O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe



    --

    End of file - 6511 bytes





    parece que esta vez el combofix limpio o elimino algunos de los archivos que creo yo se liberaron al quitar el adaware pero el problema original se mantiene, son 31 archivos que el kaspersky me detecta y no me da opcion de eliminar, solo me permite ignorar...
  12. Caito

    Caito Nuevo Miembro Miembro

    Toma nota de esos archivos y los eliminas en forma manual :rolleyes:

    Saludos

    Caito
  13. sagitarius

    sagitarius Nuevo Miembro Miembro

    Ese es el problema, que no me deja eliminarlos manualmente, ya tengo a todos bien ubicados, esta es la ruta donde se encuentran C:\Windows\System32\DriverStore\FileRepository .. pero si me voy a ahi y los intento borrar windows me dice que no tengo permisos suficientes para hacerlo, tampoco los puedo quitar desde la sesion a prueba de fallos
  14. Caito

    Caito Nuevo Miembro Miembro

  15. sagitarius

    sagitarius Nuevo Miembro Miembro

    no me deja hacer ese scan, hay veces que se traba al acabar de actualizar las definiciones de virus, se queda en la ventana de 100% pero nunca comienza el scan y en otras ocasiones que si brinca eso pero tampoco hace el scan y solo marca que no se pudo realizar la busqueda de virus en mi computadora, no se porque pase eso porque si estoy corriendo el IE como administrador...



    como ya te comente los archivos infectados ya los tengo ubicados solo es cuestion de borrarlos pero windows no me deja
  16. Caito

    Caito Nuevo Miembro Miembro

  17. sagitarius

    sagitarius Nuevo Miembro Miembro

    por fin pude hacer los scan online, no se que estaria fallando pero despues de quitar unas infecciones de archivos html me dejo hacerlas, aqui te dejo los repotes, como podras ver hay amenazas que no se pudieron eliminar y si me voy a la ruta tampoco las puedo eliminar manualmente, alguna recomendacion?





    Este es del Nod32 online



    ::::::::::::::::::::::::::::::::::::::::::::.



    C:\HP\BIN\EndProcess.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\HP\HPQWare\BTBHost\BuildWC.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\HP\HPQWare\EasySetup\HPCRCGen.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\HP\HPQWare\EasySetup\OOBEVCWMerge.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\ABBYY\FineReader 5.0 Sprint\Sprint.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\ABBYY\FineReader 5.0 Sprint\Scan\ScanMan5.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\ABBYY\FineReader 6.0\FineOCR.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\ABBYY\FineReader 6.0\DicPatch\apatch.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\ABBYY\FineReader 6.0\Scan\TWAIN\TWUNK_32.EXE Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\Atlas\jre\bin\tnameserv.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriver.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\Hewlett-Packard\HP Customer Feedback\HPCF.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\Hewlett-Packard\SDP\HPSUSettings.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\HP Games\Crystal Maze\Maze.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\HP Games\Gem Shop\gemshop.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\HP Games\Insaniquarium Deluxe\WinFish_scr.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\HP Games\Magic Academy\academy.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\HP Games\Mah Jong Quest\mahjong.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\HP Games\Polar Golfer\golf.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\HP Games\Super Granny\granny.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\InstallShield Installation Information\{250E9609-E830-43EB-B379-DAB7546A2422}\muveesetup.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\IObit\Advanced WindowsCare V2\AwcTool.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\IObit\Advanced WindowsCare V2\Wizard.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\Movie Maker\CaptureWizard.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\muvee Technologies\muvee autoProducer 6.1 - SE\LaunchFlash.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\muvee Technologies\muvee autoProducer 6.1 - SE\Flash\fscommand\applauncher.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\Windows Mail\wab.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\Windows Media Components\Encoder\settmp.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\Windows Media Components\Encoder\WMEncAgt.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\Windows Media Player\wmpnscfg.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\SwSetup\Drivers\Modem\Venice\V32\xaudio.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\SwSetup\Drivers\Modem\Venice\V64\XAudio64.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\SwSetup\Drivers\Touchpad\Vi32\Apoint.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\SwSetup\Drivers\Touchpad\Vi32\Ezcapt.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\SwSetup\Drivers\Touchpad\Vi64\Apoint.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\SwSetup\Drivers\WLAN\setup.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\SwSetup\HPGames\other\shimshortcuts\ShimShortcuts.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\SwSetup\hpImgEnh\DeLink.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\SwSetup\MVEDV\setup.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Users\Mara\Desktop\subtitle\SubtitleWorkshop4.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Users\Mara\histologia cd\DotNetInstaller.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\hh.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\regedit.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\twunk_32.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\_MSRSTRT.EXE Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\Help\OEM\scripts\launchAP.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\Installer\{CC4A73BF-938E-4C19-A553-853C035C9BA1}\NewShortcut1_FE82206EF6124B479F4EDD27A1E056A4.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\servicing\TrustedInstaller.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\SMINST\Restore7.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\SMINST\RMC_AR32.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\SMINST\SetWinReLanguage.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\AdapterTroubleshooter.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\alg.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\ARP.EXE Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\at.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\auditpol.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\cacls.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\choice.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\cmdkey.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\cmdl32.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\cmstp.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\control.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\convert.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\dcomcnfg.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\DeviceEject.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\DFDWiz.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\dfrgfat.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\DfrgNtfs.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\dfrgui.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\dfsr.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\diskpart.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\dispdiag.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\DpiScaling.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\driverquery.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\EPSDIW64.EXE Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\eventcreate.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\expand.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\find.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\finger.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\HOSTNAME.EXE Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\icacls.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\ie4uinit.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\iscsicli.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\lodctr.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\lpksetup.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\mfpmp.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\mpnotify.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\msdtc.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\msfeedssync.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\mspaint.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\msra.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\net.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\net1.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\netcfg.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\Netplwiz.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\pcaelv.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\perfmon.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\PhotoScreensaver.scr Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\PnPutil.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\printui.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\proquota.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\regedt32.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\RMActivate_ssp.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\RpcPing.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\runonce.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\scrnsave.scr Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\SearchFilterHost.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\setupSNK.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\SoundRecorder.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\subst.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\taskmgr.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\timeout.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\tracerpt.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\tscupgrd.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\TVWizudlg.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\typeperf.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\UI0Detect.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\unattendedjoin.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\userinit.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\vssadmin.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\wercon.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\where.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\wiaacmgr.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\WindowsAnytimeUpgrade.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\WinFXDocObj.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\winrshost.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\winver.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\wlrmdr.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\wsqmcons.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\WUDFHost.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\DriverStore\FileRepository\apfiltr.inf_27f5e44e\Apoint.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\apfiltr.inf_27f5e44e\Ezcapt.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\apfiltr.inf_27f5e44e\Uninstap.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_5140410b\BrmfRsmg.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_05a8fbed\BrmfRsmg.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\bth.inf_03301a54\fsquirt.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\bth.inf_c206c850\fsquirt.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\bth.inf_cf39a24e\fsquirt.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\bth.inf_f5996c35\fsquirt.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\divacx86.inf_df803c5b\ditrace.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\divacx86.inf_df803c5b\xlog.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\xlog.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_b139684b\ditrace.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_b139684b\xlog.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\EPIBSR30.EXE Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\EPUTIX25.EXE Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_DPPE03.EXE Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S00RP1.EXE Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S10MT1.EXE Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S10RN1.EXE Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S1T0A1.EXE Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S4I4T1.EXE Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_SIINS1.EXE Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\SAGENT4.EXE Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\hpqherzm.inf_ce1c87c7\UIU32m.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\hpqherzm.inf_ce1c87c7\XAudio.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\leoherza.inf_9ee2ef9e\UIU32a.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\sprthdza.inf_41302994\UIU32a.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\winmobil.inf_1c3787bf\wmdSync.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\wqcvenz.inf_f89b5c7e\UIU32m.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\DriverStore\FileRepository\wqcvenz.inf_f89b5c7e\XAudio.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\System32\IME\IMEJP10\IMJPMGR.EXE Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\oobe\oobeldr.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\oobe\windeploy.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\wbem\mofcomp.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\wbem\scrcons.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\wbem\unsecapp.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\System32\wbem\WMIADAP.exe Win32/Virut.NBP virus cleaned - quarantined

    C:\Windows\winsxs\msil_dfsvc_b03f5f7f11d50a3a_6.0.6000.16720_none_65f34b6e88aba3e7\dfsvc.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\msil_ieexec_b03f5f7f11d50a3a_6.0.6000.20883_none_683e5bd020fc9f2f\IEExec.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\msil_ieexec_b03f5f7f11d50a3a_6.0.6001.18000_none_7ee0408407ad3394\IEExec.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\msil_wsatconfig_b03f5f7f11d50a3a_6.0.6000.16386_none_090928b1b729a4c2\WsatConfig.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_aspnet_compiler_b03f5f7f11d50a3a_6.0.6000.16386_none_18f29bee58392ddb\aspnet_compiler.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_aspnet_compiler_b03f5f7f11d50a3a_6.0.6000.16720_none_18ed2252583dfd4f\aspnet_compiler.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_aspnet_compiler_b03f5f7f11d50a3a_6.0.6000.20883_none_022538f671e04242\aspnet_compiler.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_aspnet_compiler_b03f5f7f11d50a3a_6.0.6001.18111_none_18c80708589009f0\aspnet_compiler.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_6.0.6000.16386_none_099383f718bb04a1\aspnet_regbrowsers.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_6.0.6000.20883_none_f2c620ff32621908\aspnet_regbrowsers.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_aspnet_regsql_b03f5f7f11d50a3a_6.0.6000.20883_none_39383285d583d219\aspnet_regsql.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_aspnet_regsql_b03f5f7f11d50a3a_6.0.6001.18111_none_4fdb0097bc3399c7\aspnet_regsql.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_aspnet_regsql_b03f5f7f11d50a3a_6.0.6001.22230_none_390f7133d5d912da\aspnet_regsql.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\fsquirt.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\fsquirt.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6000.16386_none_6c022a44ef879fba\CasPol.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_divasx86.inf_31bf3856ad364e35_6.0.6001.18000_none_60480b0f3e8d2080\xlog.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_installutil_b03f5f7f11d50a3a_6.0.6001.22230_none_64acf3553ac5a0c9\InstallUtil.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\pcaelv.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_6.0.6001.18000_none_584f24a8053bcd4b\cacls.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-adaptertroubleshooter_31bf3856ad364e35_6.0.6000.16386_none_cfca85b8865bd22a\AdapterTroubleshooter.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-alg_31bf3856ad364e35_6.0.6001.18000_none_a8e952205b1e893c\alg.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-at_31bf3856ad364e35_6.0.6001.18000_none_4d01a46983e485b5\at.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6001.18000_none_175cb770bf6b8f77\expand.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-capturewizard_31bf3856ad364e35_6.0.6001.18000_none_6caf21de31abd9cf\CaptureWizard.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-choice_31bf3856ad364e35_6.0.6000.16386_none_c13029108ed7db57\choice.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.0.6001.18000_none_b0a7c3b54838915e\dcomcnfg.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.0.6001.18000_none_195302e56002fb82\msdtc.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-control_31bf3856ad364e35_6.0.6000.16386_none_97353741ad92c399\control.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.0.6001.18000_none_9cd54abba85233ff\convert.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.20734_none_75889abf48f7c10d\drvinst.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.0.6001.18000_none_9d11908bf54395f2\WUDFHost.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.0.6001.18000_none_c535051605aefc07\DFDWiz.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-d..s-ime-japanese-core_31bf3856ad364e35_6.0.6001.18000_none_6f6b5d738da7e00f\IMJPMGR.EXE Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.0.6001.18000_none_99160ebe9044f369\dfrgui.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-defrag-fat_31bf3856ad364e35_6.0.6001.18000_none_23bd98030c29fb9d\dfrgfat.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-defrag-ntfs_31bf3856ad364e35_6.0.6001.18000_none_1e22f0b7b462590d\DfrgNtfs.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6001.18000_none_b6798caa9a04157b\dfsr.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-diskpart_31bf3856ad364e35_6.0.6001.18000_none_68d8655a95ece6c4\diskpart.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-dispdiag_31bf3856ad364e35_6.0.6001.18000_none_44e4695530172d0f\dispdiag.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-dpiscaling_31bf3856ad364e35_6.0.6001.18000_none_7a47d3365af01664\DpiScaling.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-driverquery_31bf3856ad364e35_6.0.6001.18000_none_9622cb7595099fdc\driverquery.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-errorreportingconsole_31bf3856ad364e35_6.0.6001.18000_none_560d317722e5879b\wercon.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-eventcreate_31bf3856ad364e35_6.0.6000.16386_none_d32c0ea842a8cb28\eventcreate.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6001.18000_none_c855f6b284bc7b14\hh.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045\iscsicli.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20941_none_13c0790125a8a325\tzupd.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-icacls_31bf3856ad364e35_6.0.6001.18000_none_32b49f10a5fa315b\icacls.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_6.0.6001.18000_none_fc4def09dac203c5\msfeedssync.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\ieUnatt.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\ieUnatt.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\ieUnatt.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\ieUnatt.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\ieUnatt.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21023_none_c461503d7a7e09be\ie4uinit.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6001.18000_none_c5d0b5245e79496e\ie4uinit.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-ie-winfxdocobj_31bf3856ad364e35_6.0.6001.18000_none_f1b717a41a56df36\WinFXDocObj.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20823_none_e72c9a2fada6ed68\ieinstal.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21023_none_e72c7437ada71dd1\ieinstal.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16681_none_0b08507ed7368521\ieuser.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20823_none_0bd4cf4bf021ad1a\ieuser.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21023_none_0bd4a953f021dd83\ieuser.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18000_none_10e972c4b4d2574c\aspnetca.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18000_none_10e972c4b4d2574c\iisreset.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18000_none_10e972c4b4d2574c\iissetup.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-lpksetup_31bf3856ad364e35_6.0.6001.18000_none_215961096c78771c\lpksetup.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\find.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\subst.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18000_none_9c5f2f3c0cc1aa83\mfpmp.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\mfpmp.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6001.18000_none_c7427a4e786d74bc\auditpol.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.0.6001.18000_none_8644ff1aeae0de50\msinfo32.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-mspaint_31bf3856ad364e35_6.0.6001.18000_none_8e1d86a4ee91b91a\mspaint.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.0.6001.18000_none_5232518072770fdb\net.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_6.0.6001.18000_none_86dbf37154932a4e\net1.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-netcfg_31bf3856ad364e35_6.0.6001.18000_none_102edbb851798715\netcfg.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-netplwiz-exe_31bf3856ad364e35_6.0.6001.18000_none_ed56b4c61061e91c\Netplwiz.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-oobe-machine_31bf3856ad364e35_6.0.6001.22108_none_0e0fe9501c4813c3\msoobe.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.0.6001.18000_none_d6543f9ff5ec4aec\printui.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\tracerpt.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\typeperf.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18000_none_2bad9989db66dd67\printfilterpipelinesvc.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_6.0.6001.18000_none_b403a1813dce9905\lpq.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\lodctr.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.0.6001.18000_none_9c09be2ba0f3f010\perfmon.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-photolibrary_31bf3856ad364e35_6.0.6000.16386_none_5fc28c0e19044691\WindowsPhotoGallery.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6001.18000_none_6bce7ed85875ff89\PhotoScreensaver.scr Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-pnphotplugui_31bf3856ad364e35_6.0.6000.16386_none_e6aa6f8d4dd35dff\DeviceEject.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-pnputil_31bf3856ad364e35_6.0.6001.18000_none_fd63c291bc87866e\PnPutil.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\rsm.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_5f203f7160858cef\cmdl32.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_5f203f7160858cef\cmstp.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedt32.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.0.6001.18000_none_3758172c01e5ce47\msra.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-rpc-ping_31bf3856ad364e35_6.0.6001.18000_none_9dba0e1040b883d8\RpcPing.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-runonce_31bf3856ad364e35_6.0.6001.18000_none_15bad49cbf07f200\runonce.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-s..executionprevention_31bf3856ad364e35_6.0.6000.16386_none_c7aca7a727ae5f8e\SystemPropertiesDataExecutionPrevention.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-s..line-user-interface_31bf3856ad364e35_6.0.6000.16386_none_dab0b0c8dfecf279\cmdkey.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.18000_none_6fbebf8e6411cf8a\RMActivate_ssp.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18000_none_486853160059f17b\cscript.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-scrnsave_31bf3856ad364e35_6.0.6000.16386_none_df08df07dd79c713\scrnsave.scr Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-session0viewer_31bf3856ad364e35_6.0.6001.18000_none_e1e6e80246adfe72\UI0Detect.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6001.18000_none_322c7e4ead424897\oobeldr.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6001.18000_none_322c7e4ead424897\windeploy.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-soundrecorder_31bf3856ad364e35_6.0.6001.18000_none_9f0945a332e359bf\SoundRecorder.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-sqm-consolidator-base_31bf3856ad364e35_6.0.6001.18000_none_d43f6be9619719bf\wsqmcons.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\rstrui.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18000_none_46dfcfe7b33efe29\rstrui.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6001.18000_none_4ddc4d9521178ffe\tscupgrd.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.0.6001.18000_none_14622f2da933f0c7\taskmgr.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\ARP.EXE Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\finger.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\HOSTNAME.EXE Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-telnet-server-tlntsvr_31bf3856ad364e35_6.0.6001.18000_none_bec4a653f0d2a936\tlntsvr.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-timeout_31bf3856ad364e35_6.0.6000.16386_none_8a2daac4c959a079\timeout.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.0.6000.20734_none_8f94230d69327e03\TrustedInstaller.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.0.6001.18000_none_910d33844d26b5fb\TrustedInstaller.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-unattendedjoin_31bf3856ad364e35_6.0.6001.18000_none_b314e49f6cd49e2c\unattendedjoin.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-vssadmin_31bf3856ad364e35_6.0.6001.18000_none_c47d557031a3a859\vssadmin.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-w..etwork-setup-wizard_31bf3856ad364e35_6.0.6001.18000_none_94dd2b64446742ed\setupSNK.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-w..ion-twaincomponents_31bf3856ad364e35_6.0.6000.16386_none_86fb724c5f4594fa\twunk_32.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.0.6001.18000_none_306ed3baedf7acff\wuapp.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.0.6001.18000_none_cef47f55854b9614\wiaacmgr.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.18000_none_42a95d80d7929e62\wab.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-where_31bf3856ad364e35_6.0.6000.16386_none_5b9c7723e13f8233\where.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-windowsanytimeupgrade_31bf3856ad364e35_6.0.6001.18000_none_1cc9bf4b19ce0f40\WindowsAnytimeUpgrade.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-winlogon-tools_31bf3856ad364e35_6.0.6000.16386_none_923cb7d99010c685\mpnotify.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-winlogon-tools_31bf3856ad364e35_6.0.6000.16386_none_923cb7d99010c685\wlrmdr.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_6.0.6001.18000_none_1636766731a74faf\winrshost.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-winver_31bf3856ad364e35_6.0.6000.16386_none_b41abc409f8dc8bb\winver.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-wmi-consumers_31bf3856ad364e35_6.0.6001.18000_none_4ad2276858e160c5\scrcons.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.16830_none_0e5c13ed8e56c6f7\WmiPrvSE.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18000_none_1062be8b8b6509c7\WmiPrvSE.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\mofcomp.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\unsecapp.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\WMIADAP.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6001.18000_none_aabb7e89c6bfbe76\smi2smir.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-wmpnss-ux_31bf3856ad364e35_6.0.6001.18000_none_b7c4c310b976a07a\wmpnscfg.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_6.0.6000.16386_none_29080b40ee5b20f1\sfc.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_microsoft-windows-xcopy_31bf3856ad364e35_6.0.6000.16386_none_60bee8acf7612ea7\xcopy.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.0.6000.16386_none_81486aa9c284a376\aspnet_state.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\SearchProtocolHost.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchFilterHost.exe Win32/Virut.NBP virus error while cleaning

    C:\Windows\winsxs\x86_winmobil.inf_31bf3856ad364e35_6.0.6001.18000_none_9f841f055f7e71c2\wmdSync.exe Win32/Virut.NBP virus error while cleaning





    y este el de Bitdefender



    :::::::::::::::::::::::::::::::::::::::



    C:\Windows\System32\DriverStore\FileRepository\apfiltr.inf_27f5e44e\Apoint.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\apfiltr.inf_27f5e44e\Apoint.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\apfiltr.inf_27f5e44e\Apoint.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\apfiltr.inf_27f5e44e\Ezcapt.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\apfiltr.inf_27f5e44e\Ezcapt.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\apfiltr.inf_27f5e44e\Ezcapt.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\apfiltr.inf_27f5e44e\Uninstap.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\apfiltr.inf_27f5e44e\Uninstap.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\apfiltr.inf_27f5e44e\Uninstap.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_5140410b\BrmfRsmg.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_5140410b\BrmfRsmg.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_5140410b\BrmfRsmg.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_05a8fbed\BrmfRsmg.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_05a8fbed\BrmfRsmg.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_05a8fbed\BrmfRsmg.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\bth.inf_03301a54\fsquirt.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\bth.inf_03301a54\fsquirt.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\bth.inf_03301a54\fsquirt.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\bth.inf_c206c850\fsquirt.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\bth.inf_c206c850\fsquirt.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\bth.inf_c206c850\fsquirt.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\bth.inf_cf39a24e\fsquirt.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\bth.inf_cf39a24e\fsquirt.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\bth.inf_cf39a24e\fsquirt.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\bth.inf_f5996c35\fsquirt.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\bth.inf_f5996c35\fsquirt.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\bth.inf_f5996c35\fsquirt.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\divacx86.inf_df803c5b\ditrace.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\divacx86.inf_df803c5b\ditrace.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\divacx86.inf_df803c5b\ditrace.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\divacx86.inf_df803c5b\xlog.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\divacx86.inf_df803c5b\xlog.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\divacx86.inf_df803c5b\xlog.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\xlog.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\xlog.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_a8c72aef\xlog.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_b139684b\ditrace.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_b139684b\ditrace.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_b139684b\ditrace.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_b139684b\xlog.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_b139684b\xlog.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\divasx86.inf_b139684b\xlog.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\EPIBSR30.EXE

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\EPIBSR30.EXE

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\EPIBSR30.EXE

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\EPUTIX25.EXE

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\EPUTIX25.EXE

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\EPUTIX25.EXE

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_DPPE03.EXE

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_DPPE03.EXE

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_DPPE03.EXE

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S00RP1.EXE

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S00RP1.EXE

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S00RP1.EXE

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S10MT1.EXE

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S10MT1.EXE

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S10MT1.EXE

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S10RN1.EXE

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S10RN1.EXE

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S10RN1.EXE

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S1T0A1.EXE

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S1T0A1.EXE

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S1T0A1.EXE

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S4I4T1.EXE

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S4I4T1.EXE

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_S4I4T1.EXE

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_SIINS1.EXE

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_SIINS1.EXE

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\E_SIINS1.EXE

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\SAGENT4.EXE

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\SAGENT4.EXE

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\e_df18tl.inf_c376c9d3\SAGENT4.EXE

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\hpqherzm.inf_ce1c87c7\UIU32m.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\hpqherzm.inf_ce1c87c7\UIU32m.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\hpqherzm.inf_ce1c87c7\UIU32m.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\hpqherzm.inf_ce1c87c7\XAudio.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\hpqherzm.inf_ce1c87c7\XAudio.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\hpqherzm.inf_ce1c87c7\XAudio.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\leoherza.inf_9ee2ef9e\UIU32a.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\leoherza.inf_9ee2ef9e\UIU32a.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\leoherza.inf_9ee2ef9e\UIU32a.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\prnok001.inf_ac70e7c1\I386\PAGE1.ASP

    Infected with: Trojan.IFrame.HG



    C:\Windows\System32\DriverStore\FileRepository\prnok001.inf_ac70e7c1\I386\PAGE1.ASP

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\prnok001.inf_ac70e7c1\I386\PAGE1.ASP

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\sprthdza.inf_41302994\UIU32a.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\sprthdza.inf_41302994\UIU32a.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\sprthdza.inf_41302994\UIU32a.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\winmobil.inf_1c3787bf\wmdSync.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\winmobil.inf_1c3787bf\wmdSync.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\winmobil.inf_1c3787bf\wmdSync.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\wqcvenz.inf_f89b5c7e\UIU32m.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\wqcvenz.inf_f89b5c7e\UIU32m.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\wqcvenz.inf_f89b5c7e\UIU32m.exe

    Delete failed



    C:\Windows\System32\DriverStore\FileRepository\wqcvenz.inf_f89b5c7e\XAudio.exe

    Infected with: Win32.Virtob.Gen.12



    C:\Windows\System32\DriverStore\FileRepository\wqcvenz.inf_f89b5c7e\XAudio.exe

    Disinfection failed



    C:\Windows\System32\DriverStore\FileRepository\wqcvenz.inf_f89b5c7e\XAudio.exe

    Delete failed



    ::::::::::::::::::::::::::::::::::::::



    como vez son varios los archivos infectados, ojala y me puedas ayudar...
  18. Caito

    Caito Nuevo Miembro Miembro

    Corre otra vez el combo fix

    saludos

    caito
  19. sagitarius

    sagitarius Nuevo Miembro Miembro

    lo volvi a hacer despues de los scans online pero no te subi el log porque me sigue mostrando las mismas infecciones, oye me estaba fijando que la carpeta con mas infecciones es donde segun yo estan instalados los drivers de la maquina, no seria una buena opcion desinstalar todos los controladores para ver si de ese modo puedo eliminar las infecciones y despues reinstalar?
  20. Caito

    Caito Nuevo Miembro Miembro

    Mejor sería formatear y empezar de cero, yo no lo veo forma de limpiar :(

    Saludos

    Caito
Estado del tema:
No está abierto para más respuestas.

Comparte esta página