Malwarebytes' Anti-Malware 1.24
Versión de la Base de Datos: 1026
Windows 5.1.2600 Service Pack 2

22:13:00 04/08/2008
mbam-log-8-4-2008 (22-13-00).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 105892
Tiempo transcurrido: 20 minute(s), 55 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 2
Claves del Registro Infectadas: 26
Valores del Registro Infectados: 8
Elementos de Datos del Registro Infectados: 2
Carpetas Infectadas: 1
Ficheros Infectados: 48

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
C:\WINDOWS\system32\awtQkHxy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tmjmza.dll (Trojan.Vundo) -> Delete on reboot.

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{73fd4c08-d874-441a-bc4c-ac93ed18e6d7} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{73fd4c08-d874-441a-bc4c-ac93ed18e6d7} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{c4967297-7736-4759-8523-0e4b87230f36} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c4967297-7736-4759-8523-0e4b87230f36} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvid er (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\24929bca (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\bm27a1a856 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{007c0568-5eeb-45a1-be86-10aa7beab6bb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\awtqkhxy -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awtqkhxy -> Delete on reboot.

Carpetas Infectadas:
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.

Ficheros Infectados:
C:\WINDOWS\system32\awtQkHxy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yxHkQtwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yxHkQtwa.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tmjmza.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kaobgiav.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vaigboak.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xtxgugth.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\htgugxtx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ywbkatdp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pdtakbwy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fylcxttm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP481\A0084386.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP487\A0084604.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP488\A0084653.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP488\A0084656.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP488\A0085244.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP488\A0085245.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP488\A0085246.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP490\A0087517.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP491\A0087572.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP492\A0088116.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP493\A0088160.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP498\A0098460.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP498\A0098462.exe (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP498\A0098463.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP498\A0098551.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP499\A0098826.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP499\A0098830.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP499\A0098834.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP499\A0098837.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP499\A0098897.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP500\A0098943.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP504\A0103300.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP504\A0103302.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP504\A0103303.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP504\A0103304.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP504\A0103306.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP504\A0103307.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP504\A0103308.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP504\A0103310.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\setup.dll (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oydnmxym.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tjbxqdjm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ndkoeauo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM27a1a856.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM27a1a856.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
----------------------------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER INFORME
martes, 05 de agosto de 2008 0:49:19
Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner versión: 5.0.84.1
Ultima actualización: 4/08/2008
Registros en la base antivirus: 935803

Configuración del análisis:
Analizar usando las siguientes bases: standard
Analizar archivos: verdadero
Analizar bases de correo: verdadero

Objetivo a analizar - Mi PC:
A:\
C:\
D:\
E:\
F:\

Estadísticas:
Número de objeros analizados: 91791
Virus encontrados: 13
Objetos infectados: 29 / 0
Objetos sospechosos: 2
Duración del análisis: 01:25:56

Bombre del objeto infectado / Nombre del virus / Última acción
C:\Archivos de programa\ESET\cache\CACHE.NDB Object is locked saltado
C:\Archivos de programa\ESET\infected\DNSVVPCA.NQF Infectados: Trojan-Dropper.Win32.Delf.bvf saltado
C:\Archivos de programa\ESET\infected\KECMGXDA.NQF Infectados: Trojan.Win32.Pakes.jwb saltado
C:\Archivos de programa\ESET\infected\T5IU0FDA.NQF Infectados: Trojan.Win32.Buzus.lhu saltado
C:\Archivos de programa\ESET\infected\YGSCH5AA.NQF Infectados: Trojan-Downloader.Win32.Agent.xxa saltado
C:\Archivos de programa\ESET\infected\ZKSOEMBA.NQF Infectados: Trojan.Win32.Pakes.jwa saltado
C:\Archivos de programa\ESET\logs\virlog.dat Object is locked saltado
C:\Archivos de programa\ESET\logs\warnlog.dat Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\WinAgentbm.zip/rar.exe Sospechosos: Password-protected-EXE saltado
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\WinAgentbm.zip ZIP: sospechoso - 1 saltado
C:\Documents and Settings\JUGAR Y ESTUDIAR\Configuración local\Archivos temporales de Internet\Content.IE5\MOWOMY5K\kb671231[1] Infectados: Trojan.Win32.Monder.cbv saltado
C:\Documents and Settings\JUGAR Y ESTUDIAR\Configuración local\Archivos temporales de Internet\Content.IE5\XOWC5K67\kb671231[1] Infectados: Trojan.Win32.Monder.cbv saltado
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\ApplicationHistory\hpqimzone.exe.12eac55c .ini.inuse Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\albumTable.cdx Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\albumTable.dbf Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\EXIFTable.cdx Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\EXIFTable.dbf Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\imageTable.cdx Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\imageTable.dbf Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\imageTable.fpt Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\keywordTable.cdx Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\keywordTable.dbf Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\pathnameTable.cdx Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\pathnameTable.dbf Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\propertiesTable.cdx Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\propertiesTable.dbf Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\ROFTable.cdx Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\HP\Digital Imaging\db\ROFTable.dbf Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\Microsoft\Messenger\MsnMsgr.txt Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Historial\History.IE5\MSHist0120080804200808 05\index.dat Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Temp\bisCCF0.exe Infectados: Trojan.Win32.Obfuscated.gen saltado
C:\Documents and Settings\Luzi Family\Configuración local\Temp\hpodvd09.log Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Temp\Perflib_Perfdata_c18.dat Object is locked saltado
C:\Documents and Settings\Luzi Family\Configuración local\Temp\~DF9974.tmp Object is locked saltado
C:\Documents and Settings\Luzi Family\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\Luzi Family\ntuser.dat Object is locked saltado
C:\Documents and Settings\Luzi Family\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP488\A0084654.dll Infectados: Trojan.Win32.Monder.awg saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP488\A0084655.dll Infectados: Trojan.Win32.Monder.awg saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP491\A0087575.dll Infectados: Trojan.Win32.Monder.bbv saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP498\A0098451.dll Infectados: Trojan.Win32.Monder.cbv saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP498\A0098472.dll Infectados: Trojan.Win32.Monder.cbv saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP498\A0098478.dll Infectados: Trojan.Win32.Monder.cbv saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP498\A0098499.dll Infectados: Trojan.Win32.Monder.bit saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP498\A0098503.dll Infectados: Trojan.Win32.Monder.bit saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP498\A0098576.exe Infectados: Trojan.Win32.Obfuscated.gen saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP499\A0098583.exe Infectados: Trojan.Win32.Obfuscated.gen saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP499\A0098613.dll Infectados: Trojan.Win32.Monder.cbv saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP499\A0098615.exe Infectados: Trojan.Win32.Obfuscated.gen saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP499\A0098616.exe Infectados: Trojan.Win32.Obfuscated.gen saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP499\A0098617.exe Infectados: Trojan.Win32.Obfuscated.gen saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP499\A0098618.exe Infectados: Trojan.Win32.Obfuscated.gen saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP499\A0098619.exe Infectados: Trojan.Win32.Obfuscated.gen saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP499\A0098674.dll Infectados: Trojan.Win32.Monder.cbv saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP499\A0098750.dll Infectados: Trojan.Win32.Monder.bcb saltado
C:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP505\change.log Object is locked saltado
C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
C:\WINDOWS\SchedLgU.Txt Object is locked saltado
C:\WINDOWS\Sti_Trace.log Object is locked saltado
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked saltado
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked saltado
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked saltado
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked saltado
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\default Object is locked saltado
C:\WINDOWS\system32\config\default.LOG Object is locked saltado
C:\WINDOWS\system32\config\Internet.evt Object is locked saltado
C:\WINDOWS\system32\config\SAM Object is locked saltado
C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\SECURITY Object is locked saltado
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
C:\WINDOWS\system32\config\software Object is locked saltado
C:\WINDOWS\system32\config\software.LOG Object is locked saltado
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\system Object is locked saltado
C:\WINDOWS\system32\config\system.LOG Object is locked saltado
C:\WINDOWS\system32\ebjqbt.dll Infectados: Trojan.Win32.Monder.awg saltado
C:\WINDOWS\system32\h323log.txt Object is locked saltado
C:\WINDOWS\system32\jmyltqai.dll Infectados: Trojan.Win32.Monder.awg saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado
C:\WINDOWS\Temp\Perflib_Perfdata_4cc.dat Object is locked saltado
C:\WINDOWS\wiadebug.log Object is locked saltado
C:\WINDOWS\wiaservc.log Object is locked saltado
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
D:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP592\change.log Object is locked saltado
E:\72b96c009007207dc1db06\$shtdwn$.req Object is locked saltado
E:\instala\resto\ELISTARA.AE%D8FB%D8%D8H.EXE Infectados: Trojan-Downloader.Win32.IstBar.um saltado
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
E:\System Volume Information\_restore{DA4F0F0E-2E23-42BF-97B1-DE501D70EA6A}\RP608\change.log Object is locked saltado

Análisis completado.